There isn't much the individual user can do at this point (evidenced by NPR's excellent but irrelevant advice at the end of the article). The servers need to be updated and certificates need to be recreated, which is the responsibilities of the admins at various companies.

I haven't received any e-mails from websites telling me to change my password, which I find absolutely amazing. I don't think the scope of the potential leaks has really been understood by the companies yet. This really highlights that more resources need to be put into critical open source projects. Bugs are very difficult to find though, in any complex software. I'm not really sure how these sorts of things can be 100% prevented in the future. Open source is still the best bet for catching them though. Maybe we need more testing and review teams to comb through the source?