Open SSL is an open-source Secure Sockets Layer library that is used by many secure web site. OpenSSL puts the “S” into HTTPS, and provides secure, encrypted communications for password protected websites, such as ecommerce, social media, and email services. The proof of concept exploit was able to expose several thousand Yahoo user names and passwords, in a recent demonstration by a security consulting firm.
Are you at risk? Yes you are, but this does not mean that you have lost anything yet, or that you need to go out and do another round of password changes. The good news is that there is already a fix available. The bad news is that there is nothing you can do about it, this update needs to be applied to affected web servers by the web service operators.
According to a report in the Washington Post, only 4-6% of web servers are affected, and the number is dropping as patches are applied. For a more technical discussion of this issue, please see the article on Sophos.Share