https://www.yahoo.com/tech/heres-what-you-need-to-know-about-the-heartbleed-bug-82120054478.html
TL;DR: OpenSSL software has massive hole in it for 2 years, but has just been detected recently. [quote]Websites that are currently vulnerable to Heartbleed exploits include Yahoo, Comixology, Flickr, Imgur and OculusVR. Many other top sites — including Facebook, Google, Wikipedia, Amazon, Twitter, Apple and Microsoft — are not currently vulnerable, though some may have been in the past.[/quote]
what do you think of this? this affects most sites throughout the internet including banks, etc.
and to clarify Yahoo's main site is g2g, services like mail are not
http://www.forbes.com/sites/jameslyne/2014/04/08/heartbeat-heartbleed-bug-breaks-worldwide-internet-security-again-and-yahoo/
http://www.bostonglobe.com/business/2014/04/09/heartbleed-scare-bad-sounds/4KGq7KIffclo5Y4Eo80YTJ/story.html
update: forbes and boston globe link added
-
Edited by dazarobbo: 4/10/2014 6:17:16 AMI know it's going to seem counter-intuitive, but the one thing you probably [i]shouldn't[/i] do right now is change your passwords for any of the affected sites you use. You should wait until you have confirmation from the affected site(s) that they have been updated and are safe to use. [i]Then[/i], change your password. If you use any of the sites listed as vulnerable with SSL/TLS (https), but don't use anything particularly important (ie. anything that requires you to sign in or makes use of cookies for personalised interaction), feel free to keep using the sites. You won't be at any less risk than before. The same for any sites you use without SSL (ie. http only). Edit: also, bungie.net won't be affected since it uses IIS which, AFAIK, uses a proprietary implementation of SSL.