‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords

A major new vulnerability called Heartbleed could let attackers gain access to users’ passwords and fool people into using bogus versions of Web sites. Some already say they’ve found Yahoo passwords as a result.

The problem, disclosed Monday night, is in open-source software called OpenSSL that’s widely used to encrypt Web communications. Heartbleed can reveal the contents of a server’s memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.

Read more at – ‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords

http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/