There’s a security flaw in one of the basic encryption tools used by a huge number of websites, and it probably affects you.
Just to be safe, you should probably change your passwords. All of them.
The flaw goes by the appropriately scary name “Heartbleed,” and it affects OpenSSL, a data encryption library used by — potentially — more than two-thirds of the Internet’s websites.
In short, the bug means that attackers can “listen in” on communications between those websites and the browsers visiting them.
“Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously,” the researchers wrote on Heartbleed.com.
If any malicious people knew about the bug before it was first widely publicized yesterday, they could have been using it to snoop on supposedly secure browser-server communications for as long as two years — since the first vulnerable version of OpenSSL appeared in December 2011. That means the bad guys may already have your passwords.
A list posted to Github early today lists a large number of sites whose servers were vulnerable to the Heartbleed exploit, including Yahoo.com, Stackoverflow.com, Outbrain.com, OKCupid.com, Steamcommunity.com, Slate.com, Entrepreneur.com, and many more. Many of those sites may have since been fixed.
Related stories From Daily Tech Whip