Heartbleed is a security flaw that's plaguing as much as two-thirds of the Internet, including many popular sites like Yahoo and GitHub. On sites affected by Heartbleed, user accounts are vulnerable -- your username, password, credit card number, and other private information may be exposed. Companies are scrambling to patch their sites.
But don't sit around waiting for a fix. Take these two defensive steps (and one more if you have an Android device):
1. Check whether your most-visited sites are vulnerable
CNET has already checked the top 100 sites to see if they have Heartbleed patches, so visit that page first. For sites not on the list, use the following tools:
2. Change your passwords when the sites are safe
If you've confirmed that a site has been hit by Heartbleed, don't rush to update your password. Wait for an announcement that the site has been patched. Then we recommend changing your password.
As always, it's a good idea to have a different password for every account. To keep track of all those logins, try a password manager. LastPass's mobile apps include Heartbleed scans, but you must have a paid Premium account to use them.
Android phones and tablets may also be affected by Heartbleed if they're running an older version of the Android OS, 4.1.1. Lookout just released a free app that scans your phone or tablet and reports on whether it's vulnerable. The scan is just a diagnostic, not a fix, but at least you'll know if your mobile devices are at risk.