If you have not checked and/or patched your OpenSSL deployment, better get to it: Heartbleed

XKCD does it again and provides the best explanation of how Heartbleed, one of the worst (THE worst?), Internet security flaw, works:

What versions of the OpenSSL are affected?

* OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

* OpenSSL 1.0.1g is NOT vulnerable

* OpenSSL 1.0.0 branch is NOT vulnerable

* OpenSSL 0.9.8 branch is NOT vulnerable

* Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.