For those to lazy to follow my link this is the important part: 
 
" Takanen, chief technology officer for Codenomicon, advises you to wait for an official statement from the internet services you use (indicating that they have fixed the bug) and follow their guidelines.
Typically, that will involve things like changing your password. That is something you may have to do across many —services you use.
However, steps like that are useless until the security hole has been fixed for the affected services.
"Changing before the service is patched could expose the new password," said a spokesperson for Google, who also noted that passwords do not need to be changed for Google services because of its early implementation of a bug fix. 
In the meantime, a number of sites have have been set up where you can check if the web services you're using are vulnerable, including this one, set up by Italian security researcher FilippoValsorda.
You might want to stay away from sites identified as "vulnerable" for now.
Security experts also recommend as a general rule that you use strong passwords that are different for different internet services and that you change them regularly.
 

StarTekh
KPerry : thanks !  Kalle manualy update your os , reseting email pass words is suggested , Alex start reading ! :)

I was fully aware of an openSSL vunerabilty that does not effect IIS, however I didn't understand why the global media (which I have since found out why) has reffered this as a 'heartbeat bug'. I couldn't be bothered to look into the details until now (another day another vulnerability so what's new). BTW the media is wrong, this is not a bug it is a flaw.

So KPerry is right, this is an IIS platform here (MS implementation) so should not be effected (at least for now).

So I agree, I should read more. But there is no actual issue here (apart from the CIA) as Cake use MS products. So move on nothing to see.

This Post is a major issue :  http://www.montrealgazette.com/business/technocite/Passwords+other+data+vulnerable+after+discovery/9718513/story.html

Shorter version... The post is about OpenSSL. Cake does not use OpenSSL (they use IIS SSL) as far as I can see. So no problem here.

Hi Everyone,
 
None of our public facing sites are affected - however for your own security don't make the blanket assumption that because a site uses .NET or a Microsoft stack that they're not vulnerable. Lots of load balancers in front of windows servers use openSSL.

Ok. Now I'm embarrassed. A Finnish company had a major role in finding one of the biggest flaws in the history of internet and I did not know about it:o)

However if any cake users also use a Casio, and use the Casio forums - THEY have a heartbleed vulnerability!

Kalle Rantaaho
Ok. Now I'm embarrassed. A Finnish company had a major role in finding one of the biggest flaws in the history of internet and I did not know about it:o)

I wouldn't be .... It just has received a lot of publicity this time, good advice mostly about changing passwords (the CIA will need to update their password database as well )...
 
Check the number of issues found here:
 http://www.openssl.org/news/vulnerabilities.html
 

Willy Jones  : Thank You .. This is what I wanted to hear from Cakewalk !

You can check some sites to see if the exploit has been fixed by using online tools:
 
 Heartbleed test, LastPass Heartbleed checker, or the Qualys SSL Labs 
 
I would not hold my breath to hear from sites that might have been vulnerable announcing that they have a fix or advising you to change your password. These commercial sites and the server farms that house them depend on users believing that they can protect your data and assets, even though history has proven on many occasions that they cannot. In order to tell you that the problem has been fixed, they have to acknowledge that the vulnerability existed on their servers for some time. And advising you to change your password on the on the improbable chance that it has been compromised will cost them dearly in customer confidence. Many sites will no doubt listen to marketing and ignore engineering advice and just hope no one notices. That is the kind of decision that we expect when applying the oxymoron that is business ethics. Cakewalk has at least been forthcoming in stating that their user directed sites are not affected. Let us hope that other companies who were affected will be so honest.