What is the Heartbleed bug?

>"Heartbleed is a flaw in OpenSSL, the open-source encryption standard used by the majority of websites that need to transmit the data that users want to keep secure. It basically gives you a secure line when you’re sending an email or chatting on IM.

Encryption works by making it so that data being sent looks like nonsense to anyone but the intended recipient.

Occasionally, one computer might want to check that there’s still a computer at the end of its secure connection, and it will send out what’s known as a heartbeat, a small packet of data that asks for a response. 

Because of a programming error in the implementation of OpenSSL, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end into sending data stored in its memory.

The flaw was first reported to the team behind OpenSSL by Google security researcher Neel Mehta, and independently found by security firm Codenomicon. According to the researchers who discovered the flaw, the code has been in OpenSSL for about two years, and using it doesn’t leave a trace."<