News dropped this week of a critical bug dubbed "Heartbleed" in the widely used OpenSSL library - this bug essentially renders any SSL-enabled server vulnerable to memory sniffing, which can reveal things like usernames, passwords, and private SSL keys. In other words, it's pretty serious.

All over twitter, people are talking about how to use the Heartbleed vulnerability to scoop out the memory of remote servers, 64 kilobytes at a time. This appears to be more than enough bytespace to grab passwords and private keys - possibly even from e-commerce sites, Amazon ELB, yahoo services, etc. At the moment it's kind of open season with people (malicious and well-intentioned alike) exploring exactly what this bug can reveal.

This vulnerability was introduced in OpenSSL 1.0.1, as part of a "heartbeat" feature. If you run an SSL-enabled web service - this can be anything from IM servers to VPN servers to HTTPS servers - you should look into upgrading to the latest OpenSSL library immediately. (Note that older Linux distributions may not have this security update available; it might be wise to find a way to force the installation of a pre-1.0.1 library)

Related Tweets:

NOTE: Heartbleed DOES NOT effect just HTTPS. Also check: smtp/imap/pop3/mysql/postgresql, anything using SSL.

— Graham Christensen (@grhmc) April 8, 2014

Time to update all OpenSSL 1.0.1 to 1.0.1g to fix CVE-2014-0160: http://t.co/JjmiMiuoPG

— Adam Langley (@agl__) April 7, 2014

Yahoo, Imgur, Flickr, OKCupid, Eventbrite, et al are confirmed affected by #Heartbleed. Avoid logging in to these. http://t.co/rygDEcO2WS

— Jonathan Wheeler (@jon_e_wheeler) April 8, 2014

Related Links:

• Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
• Heartbleed.com
• Upgrade Ubuntu to address Heartbleed