My questions are
- is this site vulnerable?
- if we login through an outside service (e.g. Google) are our credentials safe?
- if either of the above are true, when will this be patched?
Also, anyone have some big websites you use that are vulnerable? I'm sure everyone here would like to know.
This is a time to contact the site administrator. Not really sure what the recommended channel for doing so is. Might try the "contact us" link at the bottom of the page first.
if we login through an outside service (e.g. Google) are our credentials safe?
AFAIK if your google account itself was not compromised you will be fine, but login token might be stolen and used to login on this site until it expires (which is really fast).
if either of the above are true, when will this be patched?
LB and ResidentBiscuit already answered that.
Also, anyone have some big websites you use that are vulnerable?
In Russia at least
8 banks
2 payment systems
8 VPN providers
2 largest search engines and mail providers
were compromised.
I think there was ssl avaliable, but twicker received message from LB and it is gone now. Online heartbleed detectors gives "no ssl" error now when they were giving positives before.
Thanks for the info everyone. I was clueless as to who to ask, and I knew someone here would. My main concern was with the google and yahoo logins, but I suppose the worst thing that could happen is someone could pose on this site as someone else for a brief time if I'm understanding correctly?
There are a lot of sites not accepting https connections right now. I had trouble getting my package manager to work yesterday. Also, I can't tell about my bank right now because they've taken a sledgehammer approach to blocking outside connections. I just wonder how much it will impact companies that rarely update software anyway.
It's hard to explain to family members that you should change your passwords, but you can't change it now on many websites.