Software is created by humans, and humans aren’t perfect.

It’s still up in the air as to whether this truly pans out as a legitimate vulnerability. Komodo says XYZ, and Verisign/Symantec says VWX.

It’s not all gloom and doom. People just need to be aware of the websites they are using and if that site is using the certificate type that is vulnerable. If it has that certificate, send a message to the webmasters of the site and to the maker of the certificate asking them to kindly fix it – FAST. And don’t use the site that is affected.

Not all sites are going to be affected mind you. Not all SSL certificates are created equally.

Remember, it’s “your” privacy that’s at risk.