Researchers have uncovered a flaw in the cryptography used to secure two-thirds of the entire internet. This results in a vulnerability where it is possible to retrieve the encryption key hidden within security certificates used to authenticate webservers. It doesn’t sound like much, but this allows anyone with to access secure servers and retrieve information stored there without leaving a trace.
The issue stems from a bug in OpenSSL, which is the default cryptographic library used in the Apache and nginx Web server applications, as well as a wide variety of operating systems and e-mail and instant-messaging clients. While the issue has been patched, it will still be a very long time before the entire problem is solved as researchers still have no idea if the bug has left private keys issued previously out in the open.
ArsTechnica has a more complete analysis of the issue, and warns internet users to change login credentials as a security measure. Those who are more security conscious might want to stay off the internet completely until this issue is fixed.
[Source: ArsTechnica]
