A flaw was discovered in the tls renegotiation process where a 'man in the middle' could take over the connection in a number of ways and perform a number of exploits. Transferring login, credit card, and other important info using https:// is no longer considered secure. The 'man in the middle' could be bumming off your local wireless network, anywhere in between you and your ISP, your ISP and the destination, or on the destinations network. Secure Certificates from the likes of VeriSign can no longer be fully trusted until they find a fix, at which point you'll need to update all your software - browsers, email clients, twitter apps, smart phone firmware, as all the software manufacturers implement and roll out the new(not yet figured out or released) protocol.

Luckily the vast majority of internet users are stupid and this won't affect activity on the internet a bit, even people that are reading or writing this post will still log into their email accounts and go about their online life relying on sheer improbability of them being exploited by this massive(read: catastrophic) security hole. Once again it's stupidity and recklessness that will keep the world turning cause as we all know if you stop and think about anything too long you'll just give up and go live in the forest like we were originally supposed to.

If you're interested in a more technical description go here.

If you're a programmer and you contribute to or write software which implements tls please disable renegotiation a.s.a.p. and push the update to all your users until a new version of the protocol is released.

via Ars Technica