HeartbleedBug

When all the net security people are freaking out, it’s probably an okay time to worry

A serious bug in OpenSSL — a library that is used to secure a very, very large percentage of the Internet’s traffic — was yesterday discovered and publicly disclosed

The apps you use, the sites you visit; if they encrypt the data they send back and forth, there’s a good chance they use OpenSSL

This means an attacker could get a server to spit out its secret keys, allowing them to read any communication that they intercept, like it wasn’t encrypted it all …

including the keys it uses to encrypt and decrypt communication (e.g. usernames, passwords, credit cards, etc.)

2+ yearsAffects 2/3 of webMillions of servers

Discovered and reported to the OpenSSL team by Neel Mehta of Google’s security team

•Yahoo was affected•Say they patched most of their sites yesterday

•Apple, Google, Microsoft not affected•Most e-banking sites OK

•Flair for drama?•Tor says “You might want to stay away from the Internet entirely for the next few days while things settle.”

•Do you Yahoo?•Use the same password on multiple sites? Might want to change it.

•This is breaking news. We’ll await further advice which hopefully will be coming soon