Back to the OP for a minute:

What am I exactly supposed to do regarding the Heartbleed exploit? I keep reading that I should change all of my passwords (groan), but then I read I shouldn’t do it if the site in question has patched the issue.

Does this mean that I should avoid all online transactions, e-mail, social media for the near future, until the site or service indicates they’ve applied the patch? Do I need contact every site and service I use to confirm this?

I’m a fairly advanced tech user, and I’m utterly confused by all of this.