NSA Denies Report It Knew About And Exploited Heartbleed

The bug resides in the "Heartbeat" feature of the most secured open source encryption protocol, OpenSSL, which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data.

A team of researchers from Codenomicon and Google Security researcher revealed the vulnerability this week that is in the wild since the new version 1.0.1f was released in March 2012. And just after the revelation, OpenSSL released the security Fix for the bug in its version 1.0.1g, but until then the Heartbleed bug made websites, email, instant messaging (IM), including some virtual private networks, on about half a million of the world's widely trusted web servers, open to hackers.

[adsense size='1']

The birth of the most critical bug Heartbleed was due to a mistake done by a German programmer Robin Seggelmann over two years ago while working on a new Heartbeat feature in the OpenSSL.

He submitted the code of OpenSSL with the heartbeat feature in an update on New Year's Eve, 2011, and an “oversight” led to an error that unintentionally created the “Heartbleed” vulnerability.

Yesterday he said it could be entirely possible that the government intelligence agencies had been making use of this critical flaw over the past two years.

[adsense size='1']

The fix was released just after, but the users’ data are vulnerable until the vulnerable websites didn’t implement it. You can only change your password immediately for those websites that are not affected, assuming that it was vulnerable before, just to make sure that you are now safe.