|
Well the bug in SSL essentially allowed anyone to access whatever was in the server's RAM or main memory at the time. Now any processing that a computer does involved moving data from your normal file system to the RAM.
Now imagine there's a file 'supersecret.txt' on my Dropbox that I just accessed. The files contents are copied to main memory on the way to me. The contents of the file itself remain restricted to me, but whatever is within the main memory isn't really associated with my file any more once I'm done. It's just unstructured data sitting there, and can be overwritten at any time.
However, someone exploiting this bug can get it to spit out whatever is in the main memory and it will, because the server doesn't see the bunch of 1s and 0s as belonging to your file any more. And so any sensitive data may have been obtained. It's a crapshoot, but there's a chance of it happening.
Not all major websites used OpenSSL, but it is pretty widely used, so a lot of servers have been putting up patches for the flaw. Obviously changing your password is useless if the company itself hasn't patched their server.
__________________
Credits to Loveless for the great signature!
We rode on the winds of the rising storm
We ran to the sounds of thunder
We danced among the lightning bolts
And tore the world asunder
|