So…it turns out that OpenSSL has been broken for a couple of years. Most UNIX-based servers are going to be affected. If you use OpenSSL on a server, get this fixed now. Many of the big companies are doing so now. If you don’t, you’re probably going to get several “Hey, you should change your password” e-mails over the next several days.
Bruce Schneier has more. For a humorous take, check out The Daily WTF. Several people there make the argument that we shouldn’t use C or other languages without boundary protection for…well, pretty much anything. Given how easy it is for a good developer to make a catastrophic mistake and for it to sneak by code reviews for years, I think they have a point.