Unpatched sites and improperly issued SSL certificates could be leaving users vulnerable. A month after the Heartbleed OpenSSL security vulnerability was first publicly disclosed, there are strong indications that there are still a whole lot of vulnerable users.