Several tech firms are urging people to change all their passwords after the discovery of a major security flaw.

http://www.bbc.co.uk/news/technology-26954540

A few of the poker players I know as it happens have mentioned having their acounts hacked this last few weeks but I don't know if its abything to do with this. I don't play on line personaly. Anyway I just noticed this and thought it worth a mention.

Are you telling me that Password123 isn't any good anymore?

You do understand that changing your password means very little at this point? The worldwide encryption system has been fatally compromised for a long time. The panic is somewhat disingenuous given what anyone involved with these matters now knows:
http://www.bbc.com/news/technology-26834889

No. I don't understand computers much at all.

The best password in the world that you'll never forget is "Incorrect".

If for some reason you can't remember what it is, just type anything and hit enter. The message that will come up is "Your password is Incorrect"!

If you use Google services, add an extra layer of protection:

https://support.google.com/accounts/answer/1066447?hl=en

PayPal and Facebook have similar two-factor authentication protocols in place.

Google, Facebook, really? I'm surprised at you Josh. If you were a serious hacker, where is the first place you would go? We already know they give their data to the government.

Fair point. Probably why I shouldn't talk about security after 10 PM. Or before I finish my morning coffee.

If we did our business in person, face to face, like we used to do, the problem would be greatly decreased.

When we allow machines to do our business for us, we lose control of the situation. Much safer to walk into the bank rather than use the ATM, computer or phone. Same with paying bills, do it in person.
Iven

What your enemy Snowden revealed was this: the NSA forced the makers of RSA, the main encryption system used worldwide, to use a weaker form of encryption than possible within the same constraints. They did that so that they would always have access to yours and everyone else's secrets.

But that's not even the main problem. Imagine if the government said that you weren't allowed to put the most secure lock on your front door because they wanted to be assured of access; even if you totally trusted the government, the problem is that by saddling you with an inferior lock, it means that *other* thieves can now break in more easily. This is the situation presently with the most popular worldwide encryption.

The fact that there was a "back door" to encryption systems was well known long before anyone ever heard of Snowden.

Those who may have assumed an NSA back door into RSA encryption assumed that the NSA's computers were powerful enough to decrypt 128 or even 256 encryption. What was not anticipated was that the NSA would force RSA to use an inferior form of encryption using pseudorandom numbers instead of random numbers making the encryption more vulnerable even to parties who do not have the powerful computer capabilities of the NSA. European businesses and governments are getting particularly worried.

OpenSSL is apparently compromised as well....

http://news.yahoo.com/nsa-denies-exploit......811.html

Snowden your hero is not my enemy. The powers that be have the power to spy on me or you and do so if they will. I knew that before you or you hero were born. The ways they do it and the extent may be interesting but the fact that they can and do is no revelation to me. The powers that be spying you is one thing and criminals hacking your computer and stealing is quite another matter. The warning above is to do with the latter not the former as far as I can see. It may be helpful to change your passwords for that reason. If don't want to just because the powers be can still can get passed it, then that is just silly. The powers that be have ability to break into my home or office or whatever but I don't leave the doors, widows and safe open for petty the thieves. If you don't want to change your passwords then don't.

This was copied from an article in Forbes.

"There are complex conditions as to whether your data may or may not have been retrieved, and you should assume details like passwords may have been stolen, but a blind reset of everything could actually make it more likely that you lose your details. You need to reset passwords once a provider has patched."

So just to quickly bring folks who haven't heard, up to speed: OpenSSL, the protool used for making most websites secure when you go to banking sites and the like has been compromised by a virus called Heartbleed. The Heartbleed virus steals passwords and confidntial user info. The accusation is that the NSA discovered this virus and what it was doing, but kept it secret so that it could use the virus for its own purposes.

The NSA has denied this accusation, saying that it didn't know about Heartbleed until the rest of us did.

This is another extraordinary statement by the NSA. This means either one of two things:

1) The NSA is lying, and deliberately left the virus alone as the accusation states, allowing third party hackers to get all kinds of sensitive information, or

2) The NSA is telling the truth and just stumbled on to it recently.

It seems to me that in either case, the resignation of top NSA officials should be forthcoming. If the truth is #1, then the NSA has once more exposed valuable private information to the clutches of unscrupulous hackers deliberately; or if #2, then the federal agency that is tasked to defend government cyberstructures from attack has egregiously failed at its job, and this is a security breach that makes Snowden look like small potatoes.

I look forward to firings and resignations, though I am not holding my breath.