Posted on 04/10/2014
This week researchers (security firm Codenomicon and Google Security) discovered a vulnerability, dubbed the Heartbleed Bug, in the OpenSSL software that is used by perhaps two-thirds of the Internet’s active sites. This bug compromises the ability of encrypted data to be truly secure and could expose passwords and other critical information to eavesdropping hackers.
You should change all of your passwords, but that may not do much good YET if the sites and service providers you continue to use have not implemented heartbleed security fixes.
An online server test (to test “google.com”, for example) is available at http://filippo.io/Heartbleed/ (but may not provide conclusive results if the server whose URL you test are not susceptible to the bug).
EONI has reviewed our servers and patched any servers that needed updates.
At this point in time EONI is not forcing all eoni.com email account password to be changed.
However if any eoni.com user wants to request a password change at any time for any reason we always are happy to handle such requests.
For a fast simple description look here.
Or this video gives a good, detailed technical explanation of how the Heartbleed bug works:
And here is just one of the many articles that have appeared in the past hours on this subject, this Q & A from the New York Times.
For even more detailed technical discussion, see http://heartbleed.com.