About half a day ago, there was bit of a bombshell dropped on the open source crypto-community, when it was announced that the extremely common OpenSSL cryptographic library was vulnerable to an information disclosure exploit, dubbed [
heartbleed.com]
Heartbleed. Among other things, this library is frequently used to provide SSL/TLS (HTTPS) encryption for website traffic. The exploit would allow a remote unauthenticated attacker to disclose 64KB of random memory space on a server by triggering a flaw in how SSL/TLS heartbeats were implemented. Crucially, the attack could be repeated ad nauseam without producing anything suspicious in the logs until the desired information was obtained - most critically, the server's private certificate keys.
Vulnerable versions of the library have been widely deployed - about 2/3rds of the internet is powered by the technology in question, and you should assume that the majority of those use a vulnerable version, which has been available (and recommended) since March 2012. In the most common configurations, obtaining a server's private keys would allow an adversary to decrypt
all traffic that has ever been transferred using the certificate in question - in other words, SSL/TLS encryption for a large number of sites has for all intents and purposes been broken for more than two years.
While we don't use encryption for most non-important stuff, our configuration for the parts that do have
never been fully vulnerable to this attack. Prior to January of this year we were using an older version of OpenSSL that was not vulnerable. A new server using a vulnerable version of OpenSSL was deployed in January, but at the same time we also deployed Perfect Forward Secrecy, which generates fresh encryption keys per-session and therefore fully mitigates the decryption of historic and future traffic based on certificate keys. In other words, the only part of this we have ever been vulnerable to would have been an active Man-in-the-Middle attack, and I have no reason to believe this has taken place. Still, this should now be patched and no longer vulnerable, and I've reissued our certificates just to be safe. So while I don't think it's strictly necessary, if you subscribe to the Paranoid Approach to security, you may consider changing your password.
I still feel it is important to inform people that the majority of SSL/TLS traffic they have transferred over the internet for the last couple of years should be considered compromised, as if it was transferred in plain text. Perfect Forward Secrecy was only available at 6.3% of all HTTPS-enabled websites as per April 2014, so chances are high that any given site does not implement it. This doesn't just apply to websites, but everything that uses SSL/TLS, such as mail servers, chatting services and the Tor network. Furthermore, there is no way for a visitor to tell if a site has been or currently is vulnerable. For the foreseeable future, you should therefore assume that SSL/TLS is worthless as far as protecting your data goes, until the service in question tells you otherwise.
tl;dr: SSL/TLS (HTTPS) is broken, we're mostly not affected.