As some of you may have heard, a new bug called heartbleed has been on the news since Monday.
The problem was found by a top Google programmer in versions of a popular cryptography product call OpenSSL used in many Unix/Linux servers hosting webmails, instant messaging and some VPN products since 2012. The bug allows anyone with an Internet to access the memory of a server protected by these versions of OpenSSL and read the security key protecting the encrypted data such as user id’s and passwords. OpenSSL has released a patch and many sites have updated their security certificates.
There is no indication that this vulnerability has affected Microsoft popular Windows operating systems or most financial institutions that don’t use OpenSSL in their products.
There is also no indication that this vulnerability has ever been used.
If you use any of these websites you should change your password immediately and consider changing frequently until after the site has been cleared.
We are closely monitoring this situation and will keep you post if there are any new developments.
For additional information please visit http://heartbleed.com