Internet security ain't as advertised:
Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
Exploits allow attackers to obtain private keys used to decrypt sensitive data.
More in the Times, and at a security website. The security site notes this GitHub site with a test of the vulnerability of 1000 high volume sites. Amazon and PayPal are scored as "not vulnerable". This site can test any URL you enter, including your favorite financial institutions. FWIW, it also says that Amazon and PayPal are aces.