Even before the recent NSA revelations, increasing interest in online privacy led Nadim Kobeissi to develop Cryptocat, an easy to use, secure, web-based chat client.

Unfortunately, Cryptocat – until recently – had a serious flaw. A programming error limited the total possible secure keys to a number small enough to make cracking them trivially easy. The person who discovered the flaw created a demonstration program, and the flaw was quickly fixed, but Cryptocat had been running in this flawed state for at least seven months, possibly longer.

Anyone using Cryptocat versions earlier than 2.0.42 should upgrade immediately. Cryptocat typically runs as a web browser add-on or plugin.

Update: the Duo Security blog has an interesting take on this.