"The thing that has bothered me the most is mass media's coverage of heartbleed (or really lack of coverage). Most of the tech press have gotten it right, but when we look at more traditional media you get the following: 1) Change your passwords 2) Don't use you the same password on multiple sites. 3) Be careful, the government warns that malicious hackers are trying to use the bug (so change those passwords) They don't mention: 1) If the website hasn't fixed the vulnerability, changing your password don't do any good (actually it gives you a false sense of security) 2) That this bug reveals more then your password. It can give the attacker the keys to all of a site's encryption. 3) That everyone hasn't fixed the vulnerability. They don't seem to be calling out those who haven't announced their status. 4) That the NSA might have been aware of this vulnerability and been using it, instead of working to get it fixed. 5) Even if the NSA weren't aware they have years of traffic stored in..." - Sean Reiser