Heartbleed is a catastrophic bug that affects thousands of sites and services across the internet, but what is it, and what do you need to do about it to protect yourself from cybercriminals? According to security researchers, around half a million sites worldwide are rendered insecure by the bug. "Catastrophic is the right word," commented Bruce Schneier, an independent security expert. "On the scale of 1 to 10, this is an 11."

Heartbleed has grabbed the attention of the world’s media, but there has been a lot of misinformation bandied around. Here’s a quick rundown of the important bits you should know about.
Heartbleed is the nickname given to a bug in a piece of security software used by almost every secure website on the internet.

It is a flaw in a software package called OpenSSL, which is used by banks, shops, email providers and a plethora of other services across the web to secure a connection between the user and the service. Web servers that use SSL securely send an encryption key to the visitor, which is then used to protect all other information coming to and from the server.
Most people will recognise this secure connection as the little padlock symbol in the top left-hand corner of the web browser.

What is Heartbleed  &  How does it work?
Heartbleed affects the encryption technology designed to protect online accounts for email, instant messaging and e-commerce. It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google researcher who was working separately. Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to show that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock is closed. Interlopers can also grab the keys for deciphering encrypted data without the website owners knowing the theft occurred. The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.