OK here's the lowdown:
1. Google say no need to change Google services accounts
Technically this is true - Google and select partners were informed and patched their servers ahead of the public announcement. Facebook was included in this early heads-up too - but Yahoo was not. Hence:
2. Yahoo say change everything
It's probably best to do so anyway, there's no harm in it. It is true that changing your password on a vulnerable server is ineffective though - in fact, it carries an increased risk as it's recent memory that's most vulnerable - accessing a compromised server therefore puts your details into recent memory and at risk. This leads into:
3. It's not obvious when a server has been patched
Mashable have another table of most large US websites and their status here: [url]http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/[/url]
Beyond that, you can check any website here: [url]http://filippo.io/Heartbleed/[/url] (note the legality of using this on any server you don't own is questionable, but imho I don't think anyone's going to get in trouble from it) and then change your password when the site is verified safe.
Sorry, you need to Log In to post a reply to this thread.