The Heartbeat Bug:Strikes Secure Websites, even yahoo.com is vulnerable.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Yahoo seems to be the most major Web to site have been vulnerable to the bug (preliminary tests for Facebook, Google, and Twitter's Web sites said they appear to be safe). The company said that it has "successfully made appropriate corrections" to the main Yahoo properties: Yahoo Homepage, Search, Mail, Finance, Sports, Food, Tech, Flickr and Tumblr. Still, a Yahoo spokesperson said the company is still working to make the fix across the rest of the Yahoo sites.
"I encourage users to not log in into [Yahoo] and other services that are affected since the credentials could have been leaked if they used the service," said Jaime Blasco, director of AlienVault Labs, a security research firm. "As soon as Yahoo solves the issue, it will be helpful if users change their password just in case."HOW TO SECURE YOUR DETAILS FROM THIS BUG
1. Make a list (or think thru) sensitive information you have on the web. (Luckily, Google and all there services are not affected)
2. Mail your service provider to ask questions.
3. Once you've got confirmation of a security patch, change passwords of sensitive accounts.
4. Change your sensitive passwords (mail, bank account)
5. Keep a close eye on financial statements for the next few days