http://www.news.com.au/technology/online/users-urged-to-change-passwords-after-m...A MAJOR flaw has been found in one of the internet’s key encryption methods, which means the sensitive information we thought was actually safe and protected isn’t.
Finnish security researchers who work for Codenomicon, a security company in California, and two security engineers at Google discovered the bug yesterday.
This means internet users must change their passwords immediately as the small padlock next to web addresses which is designed to protect sensitive information is effectively broken.
This could also force websites to swap out the virtual keys that generate private connections between the sites and their customers, the New York Times reported.
The vulnerability involves a bug in OpenSSL, the technology that powers encryption for two-thirds of web servers.
Dubbed Heartbleed, the bug is bad news for any sensitive site as it can enable hackers to access the memory on any server running OpenSSL.
This means it can take information and details including customer usernames and passwords, bank details, and other tools organisations use to communicate privately with their customers.
David Chartier, the chief executive at Codenomicon, said the scariest thing about this bug was that it didn’t leave any trace behind.
“Bad guys can access the memory on a machine and take encryption keys, usernames, passwords, valuable intellectual property, and there’s no trace they’ve been there,” he said.
Several companies, including Tumblr, have already issued fixes and warned people to swap out usernames and passwords.
Forum
Pages: 1 
