I just saw the alarm raised in another community:
"
ALL USERNAMES AND PASSWORDS USED ON SECURE SITES IN THE LAST TWO YEARS ARE TO BE CONSIDERED COMPROMISED. ALL.Do you use online banking? Financial services? Google? Any accounts you care about that use HTTPS? They're probably fucked. Find their update, wait for them to be fixed, log out, log back in and change your password.
If you don't have word of a fix, ask them what they're doing. Do not log in until you have word that they're fixed or not affected."
I was skeptical, until I went looking up news sites like they encouraged people to do. First one I found confirms:
http://www.techweekeurope.co.uk/news/heartbleed-bug-openssl-143353"Security researchers have patched a serious vulnerability in the popular OpenSSL cryptographic library that they say has left OpenSSL users exposed for the past two years.
Exploitation of the flaw, nicknamed “Heartbleed” and given the official designation CVE-2014-0160, could allow attackers to obtain the secret encryption keys that allow the decoding of material protected by OpenSSL."
Well,
this is lovely.