“Heartbleed” Bug Causes Mass Internet Security ConcernsApril 10, 2014 Leave your thoughts
A critical vulnerability in OpenSSL (OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, which effectively exposes primary key material, allowing hackers to read confidential encrypted data, and compromises the integrity of the secure channel.
Over the past day there has been some significant mass media coverage of the software flaw, alerting the public to the potential vulnerabilities of over half a million websites, including Yahoo and some major banks.
However, as echoed by this Guardian article, we would urge web-users not to rush into changing all of their passwords; doing so could increase the risks posed by the bug, which has been ominously dubbed “Heartbleed”.