The short answer is HeartBleed is the name given to a software bug (#CVE-2014-0160) found in specific versions of the OpenSSL software library installed on many Linux/Unix computers and servers that are connected to the internet.
The bug itself was discovered by security engineers at Codenomicon and Google Security and the details were made publicly available on April 7th.
If you own or manage a website hosted on a Linux server with the vulnerable library, and your site was using an SSL certificate to encrypt it's content, then you need to take the following actions:
- Verify that your Web Host has patched the OpenSSL library on the server hosting your website. The patched version numbers will vary based on the servers' Operating System. For CentOS 6.5 you'll wan't your Web Host to verify that OpenSSL v1.0.1e, build 16.el6_5.5 (or later) is installed. Any build ending in _5.4 or lower is vulnerable.
- Once you've confirmed the OpenSSL library has been patched you'll need to re-key and have your SSL Certificate reissued by contacting the company that sold you the Certificate. Make sure a new Certificate Signing Request ("CSR") is generated as part of the reissue request. The new CSR will include a new Certificate Key file.
- After installing a new Certificate and Key file reset "admin" account passwords for any software or ecommerce applications used by your website (e.g. WordPress, Joomla or Magento).