Fallout from the Heartbleed vulnerability continues.

The list of major web sites affected by this issue (and in most cases advising their users to change their passwords) is expanding rapidly. It includes Instagram, Tumblr, DropBox, and many others.

The list of affected software is also growing.

Ars Technica’s ongoing coverage includes the disturbing news that the Heartbleed vulnerability may have been exploited months before patch and Researchers find thousands of potential targets for Heartbleed OpenSSL bug.

Security researchers at the University of Michigan scanned the Internet looking for vulnerable web sites, and found plenty, which they list in their Heartbleed Bug Health Report.

Numerous tools for detecting Heartbleed vulnerability have appeared on the web, including this one at filippo.io. Use these tools with caution, since some will almost certainly turn out to be scams of some kind.

The XKCD web comic has joined in the fun: