At the moment, Heartbleed is probably by far the most discussed security vulnerability in modern web. Since Monday last, huge discussion in going on in different forums, blogs and other similar security related websites. Whatever I have gone through so far, let me quote a few lines out:
Okay, so OpenSSL is a major part of the modern Internet. What would happen if OpenSSL had a flaw? What if that flaw meant those secret keys between you and the server were suddenly accessible by someone else?
What if the flaw meant that someone could secretly gain access to the keys the server has, make a copy for themselves, and eavesdrop on everything you say to that server? What if that flaw was impossible to detect?
That's Heartbleed. It's a vulnerability that, thus far, has operated without detection. Plus, it's designed in such a way that with enough effort and enough time, lots of information could be accessed by someone else. And you (and the server you talk to) would have no idea.
As bad as that is, the worst part is that this vulnerability has actually been around since December 2011. Lots of software packages started using the vulnerable version of OpenSSL in May 2012. So for two years, any app, website, bank or private messaging app that uses OpenSSL has been vulnerable to this bug.
Now, it's important to note that not every web server or application uses OpenSSL as its SSL/TLS implementation. It's also true that if an app was using something older than OpenSSL circa 2011, this bug won't effect it. As we've seen, however, the vast, vast majority of OpenSSL implementations running on the web before Monday were running a version vulnerable to Heartbleed.
An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.
Writing about Heartbleed, security expert Bruce Schneier says 'catastrophic' is the right word. On the scale of 1 to 10, this is an 11."
For one who's interested to learn more on the same, these articles are worth going through.