So what can I do to protect myself?
Since the vulnerability has been in OpenSSL for approximately two years and utilising it leaves no trace, assume that your accounts may be compromised. You should change passwords immediately, especially for services where privacy or security are major concerns.
Meanwhile, the researchers who discovered the flaw let the developers behind OpenSSL know several days before announcing the vulnerability, so it was fixed before word got out yesterday. Most major service providers should already be updating their sites, so the bug will be less prevalent over coming weeks.