Earlier this week Heartbleed, a 28 months old flaw in SSL was patched, that 'could allow attackers to monitor all information passed between a user and a Web service or even decrypt past traffic they’ve collected'. Do I hear someone muttering 'NSA' ?
There's little a user browsing the web can do about this, as the bug is located in a library used in the Apache and nginx Web server applications (which need to be updated), but it's something that should give one yet another pause commensurate with the importance the web plays in one's life. I'm sure there's more to come, both with regard to info about this particular issue, and others down the line.
