Your passwords stored in many sites were not safe and could have been easily compromised thanks major security flaw which was left unseen for the past 2 years!
The shocking part is this has affected banks and other secure sites which we have been told many times in the past that when a pad-lock appears on the address bar the data transmitted in the server is safe. This new found security flaw has just revealed they are not.
OpenSSL is a popular cryptographic library used to digitally scramble sensitive data as it passes to and from computer servers so that only the service provider and the intended recipients can make sense of it.
Google Security and Codenomicon – a Finnish security company – revealed on Monday that a flaw had existed in OpenSSL for more than two years that could be used to expose the secret keys that identify service providers employing the code.
We will have no idea if our data is stolen as there are no traces left behind.
“If people have logged into a service during the window of vulnerability then there is a chance that the password is already harvested,” said Ari Takanen, Codenomicon’s chief technology officer.
“In that sense it’s a good idea to change the passwords on all the updated web portals.”
Other security experts have been shocked by the revelation
“Catastrophic is the right word. On the scale of one to 10, this is an 11,” blogged Bruce Schneier.
The BBC understands that Google warned a select number of organisations about the issue before making it public, so they could update their equipment to a new version of OpenSSL released at the start of the week.
However, it appears that Yahoo was not included on this list and tech site Cnet has reported that some people were able to obtain usernames and passwords from the company before it was able to apply the fix.
“Our team has successfully made the appropriate corrections across the main Yahoo properties – Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr – and we are working to implement the fix across the rest of our sites right now,” said a spokeswoman for the company.