The NSA has its own suggestions for dealing with Heartbleed

NSA Heartbleed Security Flaw

The National Security Agency has already denied reports that claimed it had been aware of the Heartbleed security threat and used it in its advantage, and now the agency has issued its own document, picked up by Engadget, advising users on how to deal with this major security risk that has been found to affect a large number of websites.

The NSA says that any users operating websites and online services that use OpenSSL versions 1.0.1 through 1.0.1f should immediately update it, to patch the “serious vulnerability.”

Furthermore, the NSA advises regular Internet users to contact directly the providers of online services or developers of operating systems that may be affected by Heartbleed in order to inform them about the security risk – although considering the amount of media coverage Heartbleed received, it’s likely that many Internet companies are well aware of the issue.

Finally, the agency advises users to change their passwords immediately once an online service affected by the OpenSSL bug has been patched in order to avoid any further issues.

All in all, this isn’t the first time these pointers on how to deal with Heartbleed have been given to users, but this time around it’s the NSA sending out instructions for mitigating the “Heartbeat Extension Vulnerability.”

Internet users can already check sites affected by Heartbleed using a Chrome plugin or use an Android app to check their phone’s integrity, while this handy infographic explains how to craft more secure passwords.

 

An image from the NSA document showing the suggestions above follows below.

nsa-heartbleed-fix

Via:
Engadget
Source:
NSA
blog comments powered by Disqus