Latest Breaking News

elleng

(130,861 posts) Tue Apr 8, 2014, 06:22 PM Apr 2014

Flaw Found in Key Method for Protecting Data on the Internet.

Source: nyt

The tiny padlock next to web addresses that promised to protect our most sensitive information — passwords, stored files, bank details, even Social Security numbers — is broken.

A flaw has been discovered in one of the Internet’s key encryption methods, potentially forcing a wide swath of websites to swap out the virtual keys that generate private connections between the sites and their customers.

On Tuesday afternoon, many organizations were heeding the warning. Companies like Lastpass, the password manager, and Tumblr, the social network owned by Yahoo, said they had issued fixes and warned users to immediately swap out their usernames and passwords.

The vulnerability involves a serious bug in OpenSSL, the technology that powers encryption for two-thirds of web servers. It was revealed Monday by a team of Finnish security researchers who work for Codenomicon, a security company in Saratoga, Calif., and two security engineers at Google.

Read more: http://bits.blogs.nytimes.com/2014/04/08/flaw-found-in-key-method-for-protecting-data-on-the-internet/?hp

8 replies

= new reply since forum marked as read

Highlight:

Flaw Found in Key Method for Protecting Data on the Internet. (Original Post) elleng Apr 2014 OP

great phantom power Apr 2014 #1

That is what scared me must about all the password manager apps ... 1StrongBlackMan Apr 2014 #2

What good does changing your password do Ruby the Liberal Apr 2014 #3

Excellent point, Sis. dixiegrrrrl Apr 2014 #4

+1. nt bemildred Apr 2014 #6

If someone can please tell me - we use two separate web hosts for our two business truedelphi Apr 2014 #5

You should call them. bemildred Apr 2014 #7

Thanks bemildred. truedelphi Apr 2014 #8

phantom power

(25,966 posts)

1. great

Reply to elleng (Original post)

Tue Apr 8, 2014, 06:26 PM

Apr 2014

1StrongBlackMan

(31,849 posts)

2. That is what scared me must about all the password manager apps ...

Reply to elleng (Original post)

Tue Apr 8, 2014, 06:32 PM

Apr 2014

hack that and hack the world ... at least my little portion of it.

Ruby the Liberal

(26,219 posts)

3. What good does changing your password do

Reply to elleng (Original post)

Tue Apr 8, 2014, 07:24 PM

Apr 2014

if the sites you log into haven't updated their SSL? They are still vulnerable and you just opened up your new password to the hole.

dixiegrrrrl

(60,010 posts)

4. Excellent point, Sis.

Reply to Ruby the Liberal (Reply #3)

Tue Apr 8, 2014, 08:01 PM

Apr 2014

fogot to add:

i said fuck it a long time ago.
Anything I order on line is protected by my credit card, they will pay for losses, I won;t, if I report it promptly at next statement.

Let Amazon worry about thier sieve like security.

Harrumph!

bemildred

(90,061 posts)

6. +1. nt

Reply to dixiegrrrrl (Reply #4)

Tue Apr 8, 2014, 10:03 PM

Apr 2014

truedelphi

(32,324 posts)

5. If someone can please tell me - we use two separate web hosts for our two business

Reply to elleng (Original post)

Tue Apr 8, 2014, 09:34 PM

Apr 2014

Sites. Do I need to call both of them to see if they have fixed the flaw on their end?

And am I at risk even if they have? I mean, is it only affecting the websites that host other websites, or does it affect individual websites?

bemildred

(90,061 posts)

7. You should call them.

Reply to truedelphi (Reply #5)

Tue Apr 8, 2014, 10:33 PM

Apr 2014

I'd call them if I was you. Then I'd do what they tell you to. And not until then, would I do anything that requires encryption (HTTPS:// type things, encrypted email, passwords for accounts you don't want hacked, etc.)

This was coming anyway with the heightened security concerns in the post-Snowden era.

truedelphi

(32,324 posts)

8. Thanks bemildred.

Reply to bemildred (Reply #7)

Wed Apr 9, 2014, 05:26 AM

Apr 2014

Good advice about waiting to see what they say with regards to passwords etc.

Reply to this discussion