Tuesday, April 8, 2014

“This might be a good day to call in sick and take some time to change your passwords everywhere— especially your high-security services like email, file storage and banking, which may have been compromised by this bug.”

Flaw Found in Key Method for Protecting Data on the Internet - Nicole Perlroth/Bits

The tiny padlock icon that sits next to many web addresses, suggesting protection of users’ most sensitive information — like passwords, stored files, bank details, even Social Security numbers — is broken.

A flaw has been discovered in one of the Internet’s key encryption methods, potentially forcing a wide swath of websites to swap out the virtual keys that generate private connections between the sites and their customers....

“This still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe was actually making all that private information accessible to anyone who knew about the exploit,” Tumblr’s security team wrote on their site. “This might be a good day to call in sick and take some time to change your passwords everywhere— especially your high-security services like email, file storage and banking, which may have been compromised by this bug.”

Mr. Chartier advised users to consider their passwords gone. “Companies need to get new encryption keys and users need to get new passwords immediately,” he said. “And do it quickly.”