I’m not waiting for various businesses to contact me, I’m contacting them asking if they’re vulnerable and if so what’s the plan.
Changing your password is not a fix. Every site that is using a version of OpenSSL that has the bug has to be updated or patched. Obviously, the sooner the better.
Technical details here including the C code for the bug and the fix.
So far I’ve only heard from only a couple of very seriously technical sites, pubnub.com and oauth.io. It’s not clear if credit card companies, online stores like Amazon, banks and brokerage firms, are vulnerable, and if so how quickly they’re installing the patched software. We’re in that awful period where the vulnerability has been fully documented publicly. No one knows if any hackers were aware of the problem before it was discovered, but there is no doubt the bad guys know about it now.
This is one of the reasons why the Internet of Things hype is so scary. Right now, in 2014, our entire financial system is accessible through a compromised system. That’s bad enough. But what happens when our bodies are wired to the net. And our cars, homes, everything. It’s great to think about when everything is working and everyone plays nice. But if you know anything about software and networks you know that’s a naive dream.