In case you all haven't heard the news yet, a rather widespread (and thus annoying) openSSL bug was discovered a few days back. Over the past about 48 hours companies who discovered they were vulnerable scrambled to patch their servers. There is already a lot of information about the exploit some of the best for quickly getting a grasp on the situation I linked below:

http://arstechnica.com/security/2014...oulette-style/
http://techcrunch.com/2014/04/08/wha...eed-the-video/
http://heartbleed.com/

So if you bothered reading through all that (or watching the video in the second link) you're probably wondering what you should do now? Well that answer varies. For companies that discovered they were vulnerable and subsequently fixed that vulnerability, you should go reset your password. Pay extra attention to sites where you have financial or personal information (e.g. facebook, game websites where you've done transactions, etc.). A sweeping list of the status some high profile sites can be found in the link below:

http://mashable.com/2014/04/09/heart...ites-affected/

If the company has come out and said they are not affected, then no worries. The bug is affecting only a specific version of OpenSSL, so if companies are using a different version or not using OpenSSL at all, you don't have to do anything. If the company in question has not yet released a statement, you should probably wait until they do before taking action. Changing your password while the servers are still vulnerable means you'll just have to change it again once the patch is applied.

OpenSSL is used in a lot of areas. Some routers are affected too according to the article below:

http://www.engadget.com/2014/04/10/t...=rss_truncated