The OpenSSL Heartbleed Bug explained, and what you, the User, needs to know.

To help explain The Heartblees Bug in OpenSSL:-

It is not a TLS/SSL encryption flaw. It's all in the TLS heartbeat extension; a 'handshake' between two systems including a missing bounds check... but this one didn't check the length parameter. This means a hacker can trick OpenSSL into allocating a 64KB buffer and take more information than was originally offered up. This space fills up with whatever was in your computers live memory at the time, or the live memory of any of these servers using OpenSSL, 64KB at a time.

This could have been your bank password, a document you just e-mailed someone, payment details, encryption keys (i.e. If you have your VPN) etc. However, there have been no documented instances of attacks exploiting the bug. The problem was found, patched, and then the information passed on so other OpenSSL users can patch their systems. The problem is that some tool tweeted about it and informed all our fellow hackers of the exploit before all servers could be patched. To make it worse, they've created tools to allow you to 'test' whether a site is still vulnerable. However, we can use these tests too.

At the end of the day, there's nothing the Users can do about it at this point. Even if you change all your passwords, it's not going to help if the exploit is still open, but, as I said, there's a chance here the vulnerability was never exploited.

The best you could do as a Systems Administrator for a webserver is to install the OpenSSL update, change your encryption certificates, clear your cookies and turn off your system, unplug it, take out the battery, for a couple of minutes, let the memory die out. As a User of websites, my advise would be to avoid as many varying websites as possible for now. Obviously, we don't know which websites are vulnerable but the patch is already available and has been implemented by all the major players, like Microsoft and Facebook, so don't worry about it.