Ok - this is my 4th time today writing a post like this, and unfortunately you are getting the super-abridged version. Please read these articles which explain what the vulnerability are and just how bad this bug is: http://arstechnica.com/security/201...opens-two-thirds-of-the-web-to-eavesdropping/ http://arstechnica.com/security/201...-yahoo-mail-passwords-russian-roulette-style/ and for good measure: http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html This is not a "bla bla, bla, it'll be OK" type of problem. This is a real problem with a proven exploit. In fact, the best thing to do would literally be to stay off of the internet for a few days until it settles a little bit. While we all have a good time here and joke around and such, I take your security while visiting the site very seriously. As soon as I saw the vulnerability, I patched our server and as of right now, I have re-issued our SSL certificate with the patched version of OpenSSL (the cryptographic software which handles SSL Certificates), so we are no longer vulnerable. If you are interested in such things, and look at the details of our SSL certificate, you should no longer trust any wackbag.com certificate that claims to be valid before: The valid certificate has a serial number of: and SHA1 & MD5 Hashes of: Right now, the best piece of advice (aside from avoiding the internet) would be to change your password on any site that you consider to be important (banking, credit cards, email, to name a few). As always, it is strongly recommended that you do not re-use the same password across multiple sites, as a password compromise in one site can then be exploited to gain access to all the others. One tool that does a superb job at managing and maintaining multiple, secure passwords is a web-browser extension called LastPass. This works with all web browsers, is free, and can remember all of the various passwords you may have for different websites. It will even suggest and generate stronger passwords if it detects that your current passwords are too weak. It does this without actually seeing your passwords. For an additional layer of security, many sites offer two-factor authentication which, when enrolled, would send you a SMS every time you attempt to log into the site. :edit: correcting language in regards to which cert is valid and which is not.