For those who have been concerned about the impact (among other things): http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
And for those who follow Schneier, he had some comments as well. https://www.schneier.com/blog/archives/2014/04/more_on_heartbl.html He refers to an xkcd comic which is less funny than many xkcd comics, but fairly illustrative of the general problem of unchecked array boundaries. For those who are getting excited, don't. Take the time to understand the whole process, and the reason certificates and cryptographic tokens should be rotated, and how you go about doing it. (They should be rotated anyway, and if you don't, well, it's time to start leaning how, and this is as good a reason as any.) Incidentally, nobody does it right yet, not even the banks. In my way of thinking, that's a bigger problem than being able to reach blindly into a server's memory. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart.
