[octatone2]

That's a very, very limited list of websites. It would be safer to assume that you need to reset your passwords, revoke access keys, for ALL websites you have credentials or keys on. However you should not do so until those websites have made a statement verifying that they have both patched, AND revoked their SSL certs.

[aggresswift]

True, the list was just referenced to show that everyone uses OpenSSL and that the large companies (practically every company in that list) should contribute to OpenSSL in some way.

It's pointless for Google, Yahoo et al, to enable inter-datacenter encryption if the front-end (TLS/SSL) is left wide open.