“Virtually all net traffic could be intercepted and human readable.”
Nope, just sites running an outdated version of OpenSSL, of which naturally Yahoo is one. It’s just incumbent on web admins to update their libraries and reset user passwords.
It’s not an “outdated version”. It is what was the current version before this bug was found. I checked both my Linux boxes, and both were running a vulnerable version.
For my Raspberry Pi computer runs a somewhat obscure distro (Raspbian) that doesn’t even have an updated openssl package that does not have the issue. So I’ve had to take that machine off the internet for now (it was hosting my remotely accessible cat treat feeder, which has an HTTPS web site).
And even if the site owner updates openssl, there is no guarantee that the private key for his web site certificate wasn’t stolen in the interval before the software was updated. If an attacker was able to steal the private key, he could potentially impersonate the site and steal user’s passwords and other info.
This is a huge big deal that we will be sorting out for some time.