Heartbleed: Yes It’s Really That Bad

heartbleed

Security researchers this week disclosed details about a major weakness in the basic architecture of the Web. Heartbleed exploits a critical flaw in OpenSSL, which is used to secure hundreds of thousands of websites including major sites like Instagram, Yahoo, and Google. This security exploit allows an attacker to obtain sensitive information like logins and passwords, as well as session cookies and possibly SSL keys that encrypt all traffic on a site. The Electronic Frontier Foundation (EFF) has been tracking this issue closely, and they’ve put together guides for how systems administrators and website operators can take immediate action to secure their systems. They’ve also analyzed logs that, according to them, seem to indicate intelligence agencies have exploited the vulnerability…

Read the rest from Electronic Frontier Foundation

—Image courtesy of Leena Snidate/Codenomicon