- Determine what sites you use have been impacted by Heartbleed, and if they have patched the vulnerability.
- If the site has been impacted by Heartbleed and has not been patched, don't change your password yet.
- If the site has been impacted by Heartbleed and has been patched, change your password.
So, how do you know what sites have been impacted by Heartbleed? How do you know what sites have been patched? To help answer those questions, here are three sources I have found helpful:
- This article lists major sites which were or were not impacted. It is a good starting point, because it addresses such sites as Paypal, Evernote, Yahoo, Amazon, Twitter, and Google. Virtually everyone will see a listing which either eases their mind or puts them on a heightened state of alert.
- This post from CNet.com is constantly being updated. Visit it daily until there are no more sites labeled as "awaiting response" which you use.
- LastPass has established a page which allows you to enter any URL and see its Heartbleed status.
As with any other security compromise, changing your password is the way to stay protected. However, wait until the site is patched before doing so.