The “Heartbleed Bug” is a flaw in OpenSSL 1.0.1 thru 1.0.1f. The flaw allows an attacker to send a malformed heartbeat request to a unpatched server and get a response with up to 64KB of data from the application’s memory. The vulnerability has been in widespread existence for over two years (made public this week) and affects most of the servers on the internet. Exposed data can be anything including un-encrypted usernames, passwords, IMs, emails, credit card details, etc.
c/o Codenomicon Ltd
Severity: Extremely High
Scope: 500,000+ Servers
Our production servers have already been patched. If you have websites hosted with another company, you should ask them if they have fixed this vulnerability. In addition to your sites, you will no doubt be receiving correspondence from ecommerce, banking, dating, email, etc sites you’ve used to explain this issue and tell you that there is a chance, however small, that your credentials and credit card information may have been compromised.
Gizmodo has an excellent WRITE-UP on the exploit to this flaw. You can find more detailed information at HEARTBLEED.COM.