Heartbleed has made quite some headlines recently. If you’re using Chrome as your preferred browser (like me) you should check your settings for the following entry:
Chrome (by default) does not check with the Certificate Authority (CA) if a certificate has been revoked, but uses an own process called CRLSets instead. In short: Google will push a compiled list of revoked certificates to Chrome, so that the browser does not have to contact the CA to check validity. This may be good for performance, but comes with a risk because the list may or may not be complete.
A lot of website providers that used OpenSSL for encryption have now revoked their certificates (which are used for encryption) and issued new ones, because there might be a chance that their private keys have leaked out. Attackers having the private key are able to decrypt any past and future traffic and impersonate the service at will, without anyone noticing.