What do you all know about this that I've just read on the NY Times April 8th, 2014 @ 5:08PM in an article written by Nicole Perlroth in the Bits blog: http://bits.blogs.nytimes.com/2014/04/08/flaw-found-in-key-method-for-protecting-data-on-the-internet/?module=BlogPost-Title&version=Blog%20Main&contentCollection=Security&action=Click&pgtype=Blogs®ion=Body
The tiny padlock next to web addresses that promised to protect our most sensitive information — passwords, stored files, bank details, even Social Security numbers — is broken.
A flaw has been discovered in one of the Internet’s key encryption methods, potentially forcing a wide swath of websites to swap out the virtual keys that generate private connections between the sites and their customers.
On Tuesday afternoon, many organizations were heeding the warning. Companies like Lastpass, the password manager, and Tumblr, the social network owned by Yahoo, said they had issued fixes and warned users to immediately swap out their usernames and passwords.
The vulnerability involves a serious bug in OpenSSL, the technology that powers encryption for two-thirds of web servers. It was revealed Monday by a team of Finnish security researchers who work for Codenomicon, a security company in Saratoga, Calif., and two security engineers at Google.
Researchers are calling the bug “Heartbleed” because it affects the “heartbeat” portion of the OpenSSL protocol, which pings messages back and forth. It can and has been exploited by attackers.
The bug allows attackers to access the memory on any web server running OpenSSL and take all sorts of information...