For over two years a massive vulnerability has existed in over two thirds of all the computers you visit on the web. Very recently discovered, this vulnerability may mean that information about you has been sniffed out of those computers. The sky is not falling – but every single password you have should be changed ASAP. However, the sky may be falling for unprepared companies whose IT Organizations are scrambling right now to patch their systems to defend against this bug. MRIS customers can rest assured – MRIS and its systems were NOT affected by this vulnerability.
What Happened? The Internet communicates by using a set of rules. These rules are called protocols. They dictate how your request when you click on something should be handled by the computer you are requesting it from and also how that computer communicates with other computers. In this case the protocol SSL (secure socket layer) has versions that have been exploitable for over two years. SSL is the means in which servers secure most of the information on the web.
What Should I Do? Please change your passwords immediately and follow the best practice of using a combination of letters, numbers and characters to create a password. As an additional best practice, you should change these passwords often.
To System Administrators: In order to mitigate this threat, you should patch all systems using OpenSSL (check with your vendors and manufacturers), revoke old keys, change the passwords on systems, invalidate all session keys and cookies, and research potential data compromise.
More from the Department of Homeland Security Computer Emergency Readiness Team: http://www.kb.cert.org/vuls/id/720951