Been doing some Googling and searching about HeartBleed.
I don't know a great deal about web servers, just thought I'd get that out there. I'm a 17 y/o helpdesk tech.
Firstly, who took the time to make a logo? :L
Aside from amusing things like that, from what I know of HeartBleed:
OpenSSL is a widely used Open Source encryption library, used on lots of web servers around the world, and versions 1.0.1 to 1.0.1f have been vulnerable to the exploit, and the amount of time this vulnerability has been there is around 2 years, and though it has recently been found, it apparently leaves nothing in server logs and nobody can confirm if any cyber criminals have even found the exploit, though, knowing cyber criminals, they've probably known about it and been abusing it for the full two years.
The vulnerability, is a bug that allows the perpetrator to get a memory dump of the server in 64KB chunks by sending a malformed "Heatbeat" packet, which is used in TLS as a sort of "keep the connection open even though we have no data to currently share" from what I understand.
So from what I understand, as a cyber criminal with a whole crudload of 64KB chunks in a .txt file, you can see usernames, probably some information like time and date stamps, and then, depending on the websites one of a number of things:
The SSL Key (worst case scenario) - with this the cyber criminal can then decrypt all future transmissions unless the website hoster re-keys everything.
A plain text password and a username (pretty bad) - self explanatory, username and password which they can use and abuse
A hashed password (meh, not soooo bad but still pretty bad, and from what I can tell the most commonly visible data) - A password that's been run through a hashing protocol like MD5, which returns a string of twenty something generated characters, and can be attacked with a rainbow table or a brute force attack or dictionary attack, so, most likely crackable, if the hacker is patient enough to wait a few hours.
A hashed and salted password (probably not a lot to worry about) - a salt basically takes the result of an MD5 hash and changes it, in some reversible way. The thing about MD5 is that it's virtually irreversible, and a salt is designed to be reversible, so that it can be changed back to what its meant to be, however to the unknowing eye, it just looks like another MD5 hash, so if it was brute forced / rainbow table'd without the salting algorithm it would return a password that wouldn't work.
Apparently, it can get further and it's possible that they can get the password of the administrator, and then using another rainbow table or dictionary attack on that, and boom they've got the server.
From what I can ascertain, I don't really need to change my password, if you've got nothing to hide, don't share it. I use online banking, but I'm pretty lenient with that too, I earn nothing, and why on earth would you want to steal my money when you can steal Mr.Moneybags'?
Anyway, if someone could just tell me the stuff I've read isn't all nonsense, or that I haven't got confused somewhere, that'd be great! :3