So just in case you guys haven't heard of it, there is a new vulnerability of SSL out there which exposes random memory from the server, which could be your login data, private keys, etc..
It's being actively exploited right now. There are patches but some services are taking too long to to patch their servers, so the recommended action is to not login on anythng rigth now.
Some of the sites affected are yahoo.com, steamcommunity.com, redtube.com, hidemyass.com
You can read more about the vuln in here: http://heartbleed.com/
And no, neogaf is not affected.
Basically the thing is, you send up to 64Kb of data to a ssl server and tell him to echo it, and it will. But you can send 1b of data and tell the server that you actually sent 64Kb, so the server will send you back those 64Kb of data. And those 64Kb of data are from the server memory, and close to the SSL thread so...it will send private keys, logins and passwords, basically everything that just passed trough SSL.
If you keep on trying several times, you will get lot of info, especially on sites with lots of logins and such.
This is one of the big ones, available since 2012, not know until a couple of days ago, released into the wild with almost no one patched.
It's being actively exploited right now. There are patches but some services are taking too long to to patch their servers, so the recommended action is to not login on anythng rigth now.
Some of the sites affected are yahoo.com, steamcommunity.com, redtube.com, hidemyass.com
You can read more about the vuln in here: http://heartbleed.com/
And no, neogaf is not affected.
Basically the thing is, you send up to 64Kb of data to a ssl server and tell him to echo it, and it will. But you can send 1b of data and tell the server that you actually sent 64Kb, so the server will send you back those 64Kb of data. And those 64Kb of data are from the server memory, and close to the SSL thread so...it will send private keys, logins and passwords, basically everything that just passed trough SSL.
If you keep on trying several times, you will get lot of info, especially on sites with lots of logins and such.
This is one of the big ones, available since 2012, not know until a couple of days ago, released into the wild with almost no one patched.