A serious flaw has been discovered in OpenSSL – the browser encryption standard used by an estimated two-thirds of the servers on the internet. This flaw has been there for a couple of years, and allows hackers to read data stored in memory. That gives hackers access to anything in memory, including security keys, user names and passwords, emails and documents. More detail is on Gigaom and Schneier on Security.
An update to OpenSSL fixes the flaw. Anyone who has a website should ask their service provider if it affects their site, and have it updated immediately.
And for those of you still using windows XP or Office 2003 – upgrade that immediately as well. I was surprised to read this morning that as many as 30% of Windows based computers still use XP. As of today, Microsoft is no longer supporting them.