Originally Posted by _Lynn_
For the computer illiterate people like me in the world, I have no clue what any of that means or what I'm supposed to do, if anything.
I know, I know. I should learn more about this stuff. And I am trying.
Yeah, it's not a simple issue :-/ OK, I'll see if I can make this more user-friendly.
Step 1: make a list of websites where you send confidential information. The main risk here is financial stuff: web banking, utility companies, etc etc.
Ideally, all these companies should be contacting YOU and telling you whether they're vulnerable and what you need to do about it. But most of them probably won't, so...
Step 2: go to this website
and paste in the URLs for each of those confidential websites. By now, they should
have patched the SSL vulnerability, and you should get an "all good" message.
If you get a "something went wrong" message it probably
still means they've patched. But if you get a red warning message, you should avoid giving them confidential information (don't log in until the problem is fixed - use phone banking etc) and you probably want to call them up and nag them to fix it.
Step 3: once you've confirmed that they're patched (or getting a "something went wrong", probably good enough) wait a couple of days and then change your password for that site. Do this for every site on your list. If you have some spare time on the weekend, set aside half an hour or so for password changes.
(If you have the know-how, this is where you'd be checking SSL certificates. But by the weekend, most companies who are going to fix up their certificates will have done so.)
Step 4: keep an eye on bank/credit card statements and watch out for anything suspicious, especially over the next couple of months.
Step 5: Be very wary of any email you get that reads like this:
"This is **** Bank alerting you that your account has been compromised by the Heartbleed bug. Please click on this link to update your details and change your password."
If you get a message like that, it may well be a "phishing" attempt - somebody trying to steer you to a fake website and get you to give them your password. Don't click on links in emails like this.