As many of you may know, the Heartbleed bug has been outed and is one of the most severe security risks to come along in quite some time. It exploits the Open Secure Sockets Layer (Open SSL) encryption used to protect the identity of sites and encrypt traffic, namely usernames and passwords, and it’s the security used on about 75 percent of all websites.

What it does is relatively simple in the end; it extracts bits of memory a little at a time and sees if there is anything of value in the chunk it extracts. It may be nothing, but it may be account information, a social security number, a username, a password, or other important information.

It has affected hundreds of thousands of sites, all of which use the Open SSL protocol. Most of them have now been patched, but it is very important you not use these sites until you can be sure yours has as well. You can contact the site if you have their contact information, or you can use The Heartbleed Test or The LastPass Heartbleed Test to check if the server has been patched up or not. If it has, change your password. If it hasn’t, don’t change your password until it has, or your *new* password could be taken.

Many popular sites, including Google, Facebook, Tumblr, Imgur, and Yahoo were affected, and many of them should have indicated via email whether they’ve been fixed up.

This vulnerability and bug has apparently been around for a couple of years, and at least now it is hopefully being taken care of.