-
Patching affected systems to OpenSSL 1.0.1g
-
Revocation of the old keypairs that were just supersceded
-
Changing all passwords
-
Invalidating all session keys and cookies
-
Evaluating the actual content handled by the vulnerable servers that could have been leaked, and reacting accordingly.
-
Evaluating any other information that could have been revealed, like memory addresses and security measures
“Leaked secret keys allows the attacker to decrypt any past and future traffic”
http://heartbleed.com/