While this is a major issue from a technical point of view, there is little point in changing any passwords until:
a) you know that the service involved actually used OpenSSL, and
b) that they have updated their servers to solve the problem
The full technical details can be found here: Heartbleed Bug
As far as not using online banking and other (all) services, given that this bug has been present in the OpenSSL codebase since 2012 then it is unlikely to make a significant difference. I appreciate that there will now be a lot of people trying to exploit this wherever possible, but online financial transactions clearly can't be stopped overnight so for any given individual, the likelihood of compromise is low.
Ultimately, the guidance is to check what online services are affected by the Heartbleed bug by using this list: https://github.com/musalbas/heartble...er/top1000.txt
and if one you use is on it, check that services information pages for their plans on fixing the issue and then change your password / follow their advice after
the fix has been conducted.
For any personal banking (or other) website you wish to check which is not listed, please see this tool: Test your server for Heartbleed (CVE-2014-0160)
(this is what was used to compile the aforementioned list).
I hope that puts people's minds to rest somewhat, the mainstream media simply isn't able to translate something this technical into sensible guidance.