Recently you may have heard of a serious vulnerability that was discovered in the popular OpenSSL cryptographic software library. The bug allows for the potential to steal encrypted information that has been passed between a sever and a website. Essentially it allows an attacker to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
The bug Heartbleed was discovered by the Finnish cyber-security company Codenomicon, who reported their discovery on April 3, 2014. It was named after the TSL extension, Heartbeat. When the bug is exploited it leads to the leaking of memory contents from the server to the client and from the client to the server. Hence the name HeartBleed. The extension was adopted into widespread use with the release of OpenSSL version 1.0.1 on March 14, 2012, and allowed secure links to be kept live without the need to renegotiate a secure connection each time. As the Heartbeat extension was enabled by default affected versions of OpenSSl software were in essence vulnerable by default.
What makes this bug particularly serious was the large time frame this vulnerability was active, the ease of its exploitation and the fact that an exploit would leave no trace. Within days of its announcement many major web sites to action to patch or disable the bug within days, but it is unclear whether potential attackers were aware of it earlier and to what extent it was exploited.
Does it affect you
According to Codenomicon you are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.