Heartbleed patch may not have fixed the entire problem

By now, everyone knows about the Heartbleed vulnerability in the HTTPS and all the problems it has caused.

According to Akamai, it’s not over. The company has a hand in about 30% of all internet traffic and helped build the patch for OpenSSL. Chief security officer Andy Ellis says the problem is only half-fixed:

In short: we had a bug. An RSA key has 6 critical values; our code would only attempt to protect 3 parts of the secret key, but does not protect 3 others.

Looks like we’ll be changing our passwords again. CNet has more.

Featured Videos