This just in. OpenSSL has a BIG TIME vulnerability. If your development team or server company isn't on top of this, your websites session data is in immediate danger.
Check your website here: http://filippo.io/Heartbleed/
This vulnerability can be used to reveal not just the contents of a secured-message, such as a credit-card transaction over HTTPS, but the primary and secondary SSL keys themselves. This is very very bad. Apparently you can hit it enough times to reconstruct the private SSL key on the server.
Learn more here: http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/
We've deployed 5 fixes today for sites today alone.
Please share this to help get the word out, Chicago.
Special thanks to Chad on our team for identifying this and showing how easy it was to hack into some of YOUR websites. We've reached out to a few of you directly already. :)
