There’s a nasty vulnerability out on the internet right now called Heartbleed that could be making the secured sites you go to unsecure. Normally I would say that if you see the padlock icon in your browser you are ok and can trust all the traffic you send to get to it’s destination safely. This security hole calls that into question, and worse it could mean that anyone who has been gathering and collecting encrypted traffic could now decrypt it.
WHAT DO I DO?
There’s not much you can do yourself right now as a website consumer. There is a fix for the vulnerability, but it has to be applied at the server level. Responsible server admins will be patching this very quickly as there is an update to their software and it’s fairly easy to apply. I would give them a day or two to patch their systems and then seriously consider changing the passwords to your important things like your bank and places that have your credit card on file. Otherwise, someone who has squirreled away your old traffic could now decrypt it and find out your passwords.
HOW DO I KNOW IF I’M AFFECTED?
You don’t know. The hole is such that even the server admins won’t be able to tell if they’ve been attacked with this. The software that had the hole is used on at least 2/3 of the web servers out there and the code that created this hole was released 2 years ago. There’s no way to know if anyone has found it earlier or been exploiting it for a while, but now that it’s out in the open you can bet people will be trying. It’s probably best to assume that the places you use have been effected and change your passwords once they’ve patched their servers.
BUT I WANT TO KNOW MORE DETAILS.
There’s a brief description at techcrunch and a more technical description here.