The odds are good that no one will be surprised to learn that the National Security Agency knew about the Heartbleed OpenSSL vulnerability that affected 66% of the entire Internet at the time of its discovery. The allegation that the NSA used the security hole itself to spy on targets might not be terribly shocking either. What is pretty surprising — and appalling — however, is the fact that Bloomberg is reporting the NSA knew about the huge vulnerability for “at least two years” and did nothing, leaving us all at risk.

More details can be found in Bloomberg’s report, which is linked below in our source section.

Head here for more on Heartbleed and instructions on what to do if you might be affected. A plugin that can alert you when you visit sites that are still impacted by Heartbleed can be found here.