While most of the focus on Heartbleed has been on vulnerable public websites, the bug affects much more than this. While most popular sites are no longer vulnerable, this does not mean that end-users can drop their guard.
Heartbleed equally affects client software such as Web clients, email clients, chat clients, FTP clients, mobile applications, VPN clients and software updaters, to name a few. In short, any client that communicates over SSL/TLS using the vulnerable version of OpenSSL is open to attacks.
In addition, Heartbleed affects various other servers aside from Web servers. These include proxies, media servers, game servers, database servers, chat servers and FTP servers. Finally, hardware devices are not immune to the vulnerability. It can affect routers, PBXes (business phone systems) and likely numerous devices in the Internet of Things.
Attacking these software and...