Heartbleed online security breach?

[KL07]

Just saw something on Facebook about this. A friend of a friend seems to work in IT and says to avoid using the internet for any financial transactions or anything sensitive for at least 24hrs...
There's a BBC news story about it but it doesn't give the same messages...

[SquirtedPerfumeUpNoseInBoots]

From what I've read it's a vulnerability in Open SSL.

Problem is, you've likely no idea if the systems you use are vulnerable to the exploit.

It's a major security hole, yes. And how do you know a site has applied the patch in 24 hours? You don't.

It's exciting to the IT Security world because it's a completely new flaw, however the same old, same old problems of applying patches promptly to protect systems aren't new. And the people who release details before patches are available? Same for Microsoft, Adobe, Java. Although admittedly not reserved for credit card details.

[nannynick]

BBC article says bug has been there for past 2 years.

Sensible precaution I expect is to keep a closer eye on bank/credit card transactions. Notify card issuer of anything that you did not authorise.

[HBmonk]

Late reply but - most the information stated here is wrong, though, yes, heartbleed does effect many sites; all the major ones are shouldn't be too bad. A patch for the openSSL bug was available just not easily appliable for those computer literate. Mumsnet has failed to inform people that if there mumsnet account is breached so could there email accounts, addresses and accounts to other sites may be in danger; Please do not rely on the ignorance of the workers at MumsNet to keep you safe online.