Jump to content

Epic OpenSSL Security Flaw (affects Yahoo users, among others)


txlaw

Recommended Posts

See the following article:

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

 

The short of it is that if you used Yahoo or any other vulnerable site in the past, it's possible that your password (and other confidential data) has been stolen.  I actually had my Yahoo email contact list stolen, and the culprits have been sending spoof emails from that address to people on my contact list.

 

Could be time to update passwords and actually start using 2-factor authentication. 

Link to comment
Share on other sites

I did a search and didn't find any financial websites affected. Does anyone know if that's indeed the case?

 

(I tried this script https://gist.github.com/takeshixx/10107280 on various sites that I use and didn't find any that were affected, though maybe they have patched things already by the time I got around to it)

 

Probably safer to just change all passwords, after first confirming that the site/service you are using does not have this vulnerability anymore.

Link to comment
Share on other sites

More info: http://heartbleed.com/

 

I'm not sure why Yahoo is singled out, especially since a Google engineer found this, thus identifying an opening they had running for a long time on their own servers. Basically every website out there uses OpenSSL, including all of the banks and financial institutions. Change your passwords! And even better, use multi-factor authentication when available.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...