Right now the Internet community is reeling from what is possibly the largest breaches of security ever discovered. A secure protocol we all use to protect critical services such as websites, mobile phones and your favourite social and media networks was compromised after an update that went unnoticed for over three years.
On the 8th of April someone discovered it and now nearly every website in the world that takes security seriously is in the process of auditing the security.
What is the damage?
Under normal conditions, the SSL certificate which activates when browsing secure pages on the internet encrypts your data securing it from prying eyes. What this vulnerability does, according to the team that found it is allow an attacker to bypass the security all together to steal access to the keys used to secure the communication.
Who is affected?
Some people might believe that this is only affecting the small websites. On the contrary, this is affecting over 70% of the Internet. This are services that use this implementation of SSL. Infact 99% of the top 500 websites according to alexa.com rank are affected by this issue.
Why cant I just change my password and be done with it?
The bug doesn’t just allow attackers to gain access to the data, it gives them the keys to the Kingdom. In other words, they can come and go as they please, impersonating connections which will pass of as valid and have the ability to decrypt any information past and present.
If you are a simplay a user of the service changing your password without your service provider doesn’t do any good as an attacker can decrypt it with the keys the already have.
What are you doing about it?
We have already upgraded our servers to plug the leak, we did that as soon as the news broke. We are re-issuing all certificates used on our service. We will revoke all passwords on our sites and you will have to reset your passwords to get access to your accounts.
I want some more information?
As you should, this is a serious problem and everybody should know about it. We are going to update our media networks soon with more information as it comes to us. In the mean time, you can read the official page set up for this bug.