I won't go into all the details since every other security blogger on earth is covering it....however, as a reminder this issue is pretty serious if you had generated any keys on affected Debian or Ubuntu systems. The best summary I have found of the issue with links to all the "toys" that have come out to attack this vulnerability are on HD Moore's web site. Here is a summary from HD:

"All SSL and SSH keys generated on Debian-based systems (Ubuntu, Kubuntu, etc) between September 2006 and May 13th, 2008 may be affected. In the case of SSL keys, all generated certificates will be need to recreated and sent off to the Certificate Authority to sign. Any Certificate Authority keys generated on a Debian-based system will need be regenerated and revoked. All system administrators that allow users to access their servers with SSH and public key authentication need to audit those keys to see if any of them were created on a vulnerabile system. Any tools that relied on OpenSSL's PRNG to secure the data they transferred may be vulnerable to an offline attack. Any SSH server that uses a host key generated by a flawed system is subject to traffic decryption and a man-in-the-middle attack would be invisible to the users. This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system."

Ugly vulnerability is right for an OS that changes you....

For those of you using phpBB2 (which last I checked was still one of the most popular open source forum software out there), you had better start to think about upgrading to the latest version, phpBB3 “Olympus”.

I have always had a love/hate relationship with phpBB...it has been the most popular target for attackers in the last couple years in terms of forum hacking so as a webmaster you really needed to keep up with phpBB security patches. There were some rather serious vulnerabilities discovered multiple times over the years so I am not sad to see the 2.0 branch bite the dust. It almost reminds me of how Wordpress is being targeted because of it's recent surge in popularity right now. Anyway, it is good to see the phpBB development team taking secure coding much more seriously with the new version 3.0.