OpenSSL security flaw "Heartbleed" | General comparisons | Discussion forum

There is a just-discovered flaw in the OpenSSL package, widely used in the "https" security communication between web servers and clients. It can allow badguys to retrieve memory contents from servers, so they could potentially get private encryption keys, or details of accounts, passwords, etc.

To be safe, I personally will be changing my banking passwords, and other sensitive account sites. However, you will want to wait until your bank(s) confirm they have fixed any potential problems (or were never affected), otherwise you might just be changing your password while the system is still vulnerable.

Presumably places like banks will program their firewalls with protection until they can upgrade any SSL software required, but who knows. Revenue Canada shut down their e-filing today to avoid problems.