Hacker News: Thousands of websites still vulnerable to Heartbleed
It takes roughly three steps to remediate the Heartbleed bug.
- Patching: Update your software to the latest versions of OpenSSL; thankfully almost all organization have accomplished this step.
- Creation of New Private Keys: Creating new private keys will prevent an attacker, who already exploited the flaw before patching, from being able to spy on your encrypted.
- Reissuance of Security Certificates: This step will eliminate the ability of any attacker to spoof organizations and fool or phish their customers.