"I have to tell you a quick story, Christina. Last week, I spent a night patching a number of clients' systems. One of them called me then next day accusing me of taking advantage of the exploit to make some money since the news said that, "If you don't change your passwords your SSNs might be stolen". So, he felt, "all we need to do is change passwords and since the system doesn't store SSNs there's no need for action". I sent him a number of articles setting him straight, but it left me to wonder if there are firms out there that haven't fixed things because a non-technical manager / CEO depriortized it based on a 3 minute report on the radio. IMHO, Users should be advised to check with their providers. If a site hasn't posted someplace what their heartbleed status is; users should email / tweet/ call them. Users should be advised not to use systems where the heartbleed status isn't clear. I agree that users can't fix this, but I feel they need to pressure website owners to get this..." - Sean Reiser