You've probably heard about the Heartbleed hack by now.

[thewayne]

Here's an excellent XKCD comic showing how it works. The basic concept is known as an unchecked parameter where the requester (hacker) asks the server a question and tells it to return 64,000 characters of information. Said information is a random memory location but can contain quite valuable data, including crypto keys, and that's the reason why all of the certificate authorities are slammed and scrambling like mad to re-issue new encryption certificates.

I'll write more about this later after I've had time to research it better. The one thing is that this seems to be a server problem, I don't know how this affects personal computers. I do know that the observatory that my wife works at had at least three vulnerable servers. People are saying "Change all your passwords NOW!", but I'm not sure if that's the way to go. If you change your passwords now, and the server has not yet been updated, it's still vulnerable. I think it would be better to wait until a given web site says 'change your password' as that should be a solid sign that they've taken steps to remediate their servers.

Comments

[thewayne.livejournal.com]

That's definitely not a good thing. I have three types of passwords: low security, medium security, high security. Low security is the same password on a number of sites that don't involve personal information or credit cards, medium is a stronger password but still no credit cards, high is a strong two-part password that is unique for every site. But a lot of people can't handle that even though I don't think it's in the least bit complex.