I'm taking a break from my regular topics for the following public service announcement:
Change all your on-line passwords. Do it now. Then do the whole thing again a week from now, just to be safe.
I'm not kidding. A few weeks ago, a major security flaw -- dubbed Heartbleed -- was discovered which puts passwords, credit card numbers, pretty much any information stored on the Web at risk. This was kept a secret while the major players were given the opportunity to apply patches. A few hours ago, it went public. Which means that every cheap gunsel and two-bit grifter on the Web will be trolling for data.
Here's the problem in CNN's words:
Heartbleed is a flaw in OpenSSL, an open-source encryption technology that is used by an estimated two-thirds of Web servers. It is behind many HTTPS sites that collect personal or financial information. These sites are typically indicated by a lock icon in the browser to let site visitors know the information they're sending online is hidden from prying eyes.
The rest of the article can be found here.
For the xkcd cartoon explaining what's going on in a more lucid manner than most news reports, click here.