After reporting the problems with OpenSSL, which has been nicknamed 'HeartBleed', 2 contributors have forward articles on why you should change your passwords.
I always believed Mojang would keep my details safe, now I realise they are not in control of their own data. Mojang/Minecraft passwords should be changed immediately
The fallout from the Heartbleed bug is hitting the mainstream. The BBC has an article headlined "Public urged to reset all passwords".
Bruce Schneier calls it "catastrophic", giving this advice to sysadmins: "After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected." He also links to a webpage that will let you test servers for the bug, and an article on Ars Technica discussing the bug.
(Score: 2, Informative) by tomtomtom on Thursday April 10 2014, @10:53PM
Is there a list/way of checking for sites/servers which *were* exposed to the bug, but have now fixed it? If they are still exposed to the bug, I can stop using them but if they aren't then what I really want to know is if I need to change my password if they're not affected. Sort of like Have I been Pwned? [haveibeenpwned.com] but for this bug.
(Score: 3, Informative) by mattie_p on Friday April 11 2014, @12:11AM
As I posted elsewhere, check out this site [filippo.io] to test sites you use.
(Score: 1) by tomtomtom on Friday April 11 2014, @08:30AM
Unfortunately that one only tells you if they are *currently* vulnerable, not if they previously looked like they were unless I'm missing something. For example, putting in www.soylentnews.org says "All good, www.soylentnews.org seems fixed or unaffected!" ie it only talks about how it responds now. Still useful, since that means it's safe to change passwords on that site but not what I was hoping for.
(Score: 1) by Bob The Cowboy on Friday April 11 2014, @02:32AM
Unfortunately, the bug has been in the wild for 2 years or so. A site could have been exposed and patched (perhaps unkowingly, maybe even switched to another OS version) before this made headlines, so there would still be a vulnerable window where a bad actor could have been able to exploit. You should pretty much assume that any site that uses SSL could have been affected.