The Heartbleed Bug is a vulnerability in OpenSSL. Up until April 2014, OpenSSL was thought to be secure.
Why is it called the Heartbleed Bug?
Cisco and Juniper security solutions were affected. Have Milton's?
No. We utilize both OpenSSL 0.9.8 and 1.01g with Heartbeat disabled. Neither version is affected.
What websites have been affected?
What can I do to protect myself?
1. Change all of your passwords. Check the list of sites from CNET to make sure they've have been patched before making the change.
2. Test sites yourself! Qualsys SSL Labs has set up a page that tests site for you. Just enter the domain name.
3. Be extra suspicious of sites that want personal information.
4. Track your financial accounts, or place them on a fraud alert.
5. If a site hasn't patched the bug, do not log in to it!
I own a website that is affected. What can I do to fix it?
Notify users to reset their passwords.
Get a new Certificate from the Certificate Authority.
Who found the bug? I would like to send them flowers.
A team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, reported it to the OpenSSL team.