A major flaw has been found in the OpenSSL library, compromising a large number of websites that use OpenSSL to encrypt web data. Almost one-third of major websites use OpenSSL to encrypt user information (like credit card numbers and sensitive information) that is being passed to their servers. Unfortunately, this vulnerability allows someone to potentially capture important information about the server, making it possible to infiltrate it. Once infiltrated, an attack can pose as the server and intercept any data sent over the SSL connection.
Open SSL has released a patch on Monday to correct the issues. Current users of OpenSSL should either upgrade to OpenSSL 1.0.1g or disable the heartbeat function of the library. The vulnerability has existed for two years, and attack are completely silent and unnoticeable. Experts are also recommending that users of OpenSSL replace their security certificates and keys.
Emergency SSL/TSL Patch Underway- Dark Reading by Information Week