What made the Heartbleed security bug so dangerous?
Heartbleed affected OpenSSL, the most widely-used encryption system on the Web. Because OpenSSL is used in so many different sites and servers, nearly everyone was affected in some way.
Now we've found another flaw in OpenSSL. Wired reports:
The new attack, found by Japanese researcher Masashi Kikuchi, takes advantage of a portion of OpenSSL’s “handshake” for establishing encrypted connections known as ChangeCipherSpec, allowing the attacker to force the PC and server performing the handshake to use weak keys that allows a “man-in-the-middle” snoop to decrypt and read the traffic.