Cybersecurity blog Errata Security scanned a portion of the Internet and found 300,000 vulnerable systems. That's tiny compared to the size of the Internet - and half of what the blog found a month ago - but that means it's still possible to get caught up in Heartbleed.
The blog looked for sites that supported a legitimate coding extension made available over the Internet called "heartbeat." Heartbleed took advantage of a flaw in that extension.
Last month, I found 1-million systems supporting the "heartbeat" feature (with one third patched). This time, I found 1.5-million systems supporting the "heartbeat" feature, with all but the 300k patched. This implies to me that the first response to the bug was to disable heartbeats, then later when people correctly patched the software, heartbeats were re-enabled. Note that only OpenSSL supports heartbeats, meaning that the vast majority of SSL-supporting servers are based on software other than OpenSSL.
There are great ways to stay safe while you're surfing the Web. Here is the one thing you must do right now in response to the Heartbleed bug.