Heartbleed bug (http://www.cnet.com)
Technology News – Cyber Security
A major new security vulnerability dubbed Heartbleed was disclosed Monday night with severe implications for the entire Web. The bug can scrape a server’s memory, where sensitive user data is stored, including private data such as usernames, passwords, and credit card numbers.
It’s an extremely serious issue, affecting some 500,000 servers, according to Netcraft, an Internet research firm. Here’s what you can do to make sure your information is protected, according to security experts.
The problem, is in open-source software called OpenSSL that’s widely used to encrypt Web communications. Heartbleed can reveal the contents of a server’s memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.
(Continue reading at http://www.cnet.com)
My Two Cents: I would never use OpenSSL….security and open source seem to me to be an oxymoron. Here is a link to check to see if your website needs to be fixed: Heartbleed Bug Test