Unfortunately it seems there’s some misinformation floating around about the Heartbleed vulnerability you might have heard about. Some sites and news reports are suggesting you change all your passwords. While changing passwords often is a good idea, it might actually be a bad idea to do so right now.
The vulnerability still affects some sites, and changing your passwords can actually expose your old and new passwords, which are in more peril now that the word is out about this thing. There is really nothing you can do about it until the sites you log in to have updated their security.
Fortunately not every site is affected. I’ve been told that the “OMG 66% of the internet!!!” is a bit exaggerated. Many sites had a different version of SSL or were not using SSL at all. What sites? It took some digging, but I did find this list:
This may be outdated though. If you’d like to test whether or not a service you use is vulnerable, you can try this handy tool:
And finally, here’s an article that seems to be one of the more levelheaded ones out there:
One thing they mention is the idea that the hype can be more dangerous than the vulnerability itself. Don’t fall for phishing scams that ask you to change your password, because there’s probably going to be a lot of spam emails addressing this.