Despite a month having passed since the discovery of the Heartbleed bug, many websites are still vulnerable to having sensitive information exposed. Recent reports have shown that over 300,000 servers are still vulnerable to Heartbleed; while this is a significant drop since the discovery of the bug, such high numbers are still concerning, especially because it can be difficult to determine if the web services you are using are still vulnerable or not.
Even sites that have taken action to protect against Heartbleed may still be vulnerable. A report this week found that while many sites had taken the appropriate reaction of revoking and issuing new SSL certificates for their websites, over 30,000 sites had signed new certificates using the same private key. Notably, this includes several Canadian government agencies. Since private keys were vulnerable to exposure through Heartbleed, any new certificates signed with a compromised key would be vulnerable to impersonation.
While Echoworx was never vulnerable to Heartbleed and major services have been patched, you should remain aware of the possibility that websites you use may still be vulnerable and exposing your personal information. If you have yet to take action regarding Heartbleed, read our previous guide to personal security for important steps.