It isn't just these sites. OpenSSL is used in about 70% of web servers running open-source operating systems and web server software. It's also used for the majority of email servers, and OpenSSL is used ALL OVER the place for all kinds of other things.
This bug is really a disaster...you can no longer simply rely on the notion that if you are in SSL, your safe. It will take weeks at least for really critical sites to upgrade to the patched SSL version, and it could take months or years for the majority of affected servers to be patched.
That basically means you can no longer trust that when your browser says your secure (i.e. it's using SSL over HTTPS), that you actually are secure.
Trust nothing anymore, ppls!
Web site security is now a highly nebulous thing. Unless you directly verify that the server is using OpenSSL 1.0.1g (or something else entirely, like Windows Server which is not affected), I wouldn't trust ANY web site under SSL for a while.