Start stockpiling tinned beans and ammo: This malware will end civilisation

....a crap shoot as to what information you could actually obtain

"Although the POTENTIAL was there to expose usernames and passwords, it was still wildly a crap shoot as to what information you could actually obtain from the random memory locations."

It's not about what information YOU, or you or you could gain, it's what information was gained, after how long....and by those government types? I'm sure you (or us) gained very little information, but then we don't have an endless budget, we have to go to work in the morning, perhaps kids afterward (if you're unlucky).......

Trillions (or more) of SSL connections and you have the means to capture it all, and all the supercomputers you can dream of at your disposal, + an around-the-clock staff. Any flaw in the armor of privacy is critical.

This is another worthless register article. Who gives a shit about a logo. Execs, that's who. And if that's what it takes to get their attn, then stick a dagger in that heart. I'm not a fan of c-wing response to critical vulns, but if it gets them to FINALLY listen to security, then slap a big titty / cock on the front page and grab their attention.

Although the POTENTIAL was there to expose usernames and passwords, it was still wildly a crap shoot as to what information you could actually obtain from the random memory locations.

Sigh. Due to OpenSSL's custom (rubbish) memory allocator, typical Heartbleed-vulnerable servers could be induced to disclose private keys with high probability. After that it is Game Fucking Over.

A number of people - Randall Munroe, for example - ran actual real-world tests on Heartbleed vulnerabilities in extant servers. The results showed conclusively that the problem was severe.

Referring to it as a "crap shoot" greatly underestimates the likelihood of exposing sensitive data. OpenSSL's architecture is near-optimal for this sort of attack.