Just a heads up. Anyone that uses the Internet really needs to be aware of this. You may have seen something pop in in the news about an 'SSL' bug and/or the name "Heartbleed".
This is a catastrophic security bug (on a scale of 1 to 10, it's a 12) that affects EVERYONE. The entire security infrastructure of the internet has been compromised.
You need to immediately change any and ALL passwords on anything that you want to keep secure (banks, etc.). Unfortunately, due to the nature of this bug, that does not necessarily mean you are protected. This bug has invalidated the entire chain of trust for all encrypted data on the internet. It will be months or years before that chain of trust can be properly rebuilt.
What has happened, in a nutshell, is that there is a bug in the software that most webservers use to encrypt traffic between you and the webserver. That bug has made it so that attackers can easily get the encryption keys used (both the temporary ones assigned to you, and the master keys for the web sever), and read your traffic effortlessly.
For more detail, see:
http://heartbleed.com/
This is a catastrophic security bug (on a scale of 1 to 10, it's a 12) that affects EVERYONE. The entire security infrastructure of the internet has been compromised.
You need to immediately change any and ALL passwords on anything that you want to keep secure (banks, etc.). Unfortunately, due to the nature of this bug, that does not necessarily mean you are protected. This bug has invalidated the entire chain of trust for all encrypted data on the internet. It will be months or years before that chain of trust can be properly rebuilt.
What has happened, in a nutshell, is that there is a bug in the software that most webservers use to encrypt traffic between you and the webserver. That bug has made it so that attackers can easily get the encryption keys used (both the temporary ones assigned to you, and the master keys for the web sever), and read your traffic effortlessly.
For more detail, see:
http://heartbleed.com/
Comment