[arcnmx]

Quote:

Originally Posted by Reincarnate

I don't know shit about encryption so can someone ELI5 for me -- how does this bug get fixed? What should the average person do to protect him/herself in the meantime?

For most people the bug goes like this: you login to your email on yahoo (lol), use it normally, etc. Then someone random performs the attack on yahoo: the server might randomly send them your password or the contents of your emails or anything, really.

All you can do to protect yourself is to not use a vulnerable service until they fix it, and change your password once they do. It's easily fixed by updating a system, but that's something someone running a server has to do - not something general users have to worry about.

For server administrators it's also worse than just compromising your user's information, as it could leak private encryption keys as well. Anyone who gets a copy of that suddenly can decrypt and sniff all past and future communications as if the connection were never encrypted at all.