“A major new vulnerability called Heartbleed could let attackers gain access to users’ passwords and fool people into using bogus versions of Web sites. Some already say they’ve found Yahoo passwords as a result.
The problem, disclosed Monday night, is in open-source software called OpenSSL that’s widely used to encrypt Web communications. Heartbleed can reveal the contents of a server’s memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.”* Steve Oh, Jimmy Dore (The Jimmy Dore Show), Malcolm Fleschner (Executive Producer, The Point) and Jackie Koppell break it down.
*Read more here from Stephen Shankland / CNET:
http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/