Heartbleed

If you come here for good news, you’re not getting it today. There is another massive security breach on the Internet. This time it involves a flaw in SSL, which is the protocol for secure connections to web sites.

It seems this new problem, named Heartbleed, is able to steal your passwords from your RAM, or active memory. If you have visited a site, such as banking or shopping, where you have entered a password you are in danger of having that password stolen.

Protection:

To protect yourself I am suggesting that you re-boot your computer immediately after completing your business on the business or banking site. I know, it’s a pain in the butt. But it will protect you until such time as this flaw is fixed.

It is such a pervasive problem that I suspect the flaw will be fixed relatively quickly. Come back here for updates.

Researchers at Codenomicon and Google Security have uncovered a massive security flaw, which can be exploited to steal passwords, usernames, information, and secret keys. The flaw has been found in recent versions of the cryptographic software library, OpenSSL, which protects the privacy of information transmitted across the internet. It’s been named the “Heartbleed Bug.”

The flaw has been described by security experts as a “serious vulnerability,” given that Open SSL technology runs encryption for two-thirds of the internet. Users will recognize SSL-encrypted sites by the padlock icon that appears next to the address in your browser.