Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style

[Agent Smith]

Have you heard of this? Why can't sites just use AES and be done with it? I see some sites that use AES, but the majority use RC4.

http://arstechnica.com/security/201...-yahoo-mail-passwords-russian-roulette-style/

http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html?iid=s_mpm

https://community.openvpn.net/openvpn/wiki/heartbleed

http://filippo.io/Heartbleed/

 

[TrainTrackHack]

The heartbleed bug has nothing to do with the type of encryption used.

Where did you hear most sites use RC4?

 

[Agent Smith]

eBay uses RC4, PayPal uses RC4, my bank uses RC4. Lots of sites.

 

[TrainTrackHack]

I was really looking for actual statistics, not examples of just 3 sites that use it.