Heartbleed

If you use the internet, it's probably a good idea to reset your passwords. Don't say you haven't been warned.

Yesterday, a security vulnerability in Open SSL was made public.

There is more information here: http://heartbleed.com

That is quite a technical resource, so feel free to browse the more friendly versions here:

http://www.bbc.co.uk/news/technology-26954540
http://gigaom.com/2014/04/08/heres-everything-you-need-to-know-about-the-heartbleed-web-security-flaw/
http://www.theregister.co.uk/2014/04/09/heartbleed_more_than_just_a_website_vuln

Approximately 2/3rds of the internet is affected (here’s a list of big providers: https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt) and there is a huge amount of interest in the story, with the BBC carrying it on their homepage today (linked above). You will likely see this pop up across many sites you log into very soon.

In essence, it is possible for an attacker to eavesdrop on passwords being sent by users to login to their accounts due to a bug in the encryption software.

If you use the internet, it’s worth resetting your passwords immediately. The implications of this vulnerability are huge - sites you though you were signing in to securely may not have been.

Finding out about the heartbleed OpenSSL vulnerability and considering the implications