

Google Services Updated to Address Heartbleed - cleverjake
http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to-address.html

======
epo
This does not say if there had been a risk of certificate theft (sorry,
sharing) prior to patching and so is completely useless. I want to know if and
when I need to change Google passwords. Ditto Amazon, Dropbox ....

~~~
somesay
So why should they patch it then? Keep in mind that any attack using that bug
is quite stealthy.

~~~
epo
The patch prevents future attacks.

Replacing certificates and advising users to change passwords prevents
exploitation of any previous successful attack. Google have not done anything
about previous attacks, but nor have they said such attacks could not have
been successful.

