Several tech firms are urging people to change all their passwords after the discovery of a major security flaw.

The Yahoo blogging platform Tumblr has advised the public to “change your passwords everywhere – especially your high-security services like email, file storage and banking”.

Security advisers have given similar warnings about the Heartbleed Bug.

It follows news that a product used to safeguard data could be compromised to allow eavesdropping.

OpenSSL is a popular cryptographic library used to digitally scramble sensitive data as it passes to and from computer servers so that only the service provider and the intended recipients can make sense of it.

Continue reading the main story

Start Quote
On the scale of one to 10, this is an 11”
End Quote
Bruce Schneier

Security technologist

If an organisation employs OpenSSL, users see a padlock icon in their web browser – although this can also be triggered by rival products.

Those affected include Canada’s tax collecting agency, which halted online services “to safeguard the integrity of the information we hold”.

However, experts stress that they have no evidence of cybercriminals having harvested the passwords and that users should check which services have fixed the flaw before changing their login.

Source

By Harry