I think we're safe cause I found this article: http://qz.com/197258/how-to-tell-if-heartbleed-cou
I found playstation.com on the list and it says 'no ssl", I'm not an expert but it sounds like if a site doesn't have ssl it's safe or it it the total opposite?
That list is not entirely accurate.
Take Netflix for example. The list states that Netflix has no SSL so it is not vulnerable.
The main page has no SSL as it is only http://
However, the login page uses https:// meaning it could very well be using SSL, but as the main domain name is not https:// it would have been miss read by this scan.
Also this list is far from official. It was done by a single guy who is an independent programmer. It is not from any reputable security firm.
Be One With The Game.
Qualys SSL Labs (a major organization for the implementation of SSL/TLS) has released an SSL checker that simulates a browser logging into the forums and also simulates the Heartbleed attack.
The login page for the forums gets a pass on the Heartbleed attack. And so does the forums itself.
Here is a tweet from the European Community leader.
The European and American forum use lithium.
There could be a small risk that someone did some hacking before it was patched so you may want to change your password anyway..
It not only needs to be patched, but Sony needs to generate a new encryption certificate to make sure any potential past vulnerability is nullified.
If Sony is vulnerable to this issue, only when they've both patched the software and generated a new encryption certificate is it safe to change your password. Lastpass indicates the forums are potentially vulnerable and the SSL certificate is two years old, not a good sign.
Sony should at the very least make an official statement addressing this issue to tell us whether they're vulnerable or not.