maybe it was their idea.

Before I get jumped here, let me add that I have absolutely no concrete reason for saying that, other than what everyone knows of their reputations.

at Faux news are going to have orgasms over this.

"Only" the 60% or so that are using OpenSSL. (Fortunately, my bank, my 401k, and PayPal were all in the other 40%.)

It shouldn't have taken much of a "probe" to determine if healthcare.gov uses OpenSSL, so I don't know why they waited this long to make this announcement.

Very few, if any, major websites use OpenSSL. It may be true that "2/3 of the internet" is hosted on resold or shared servers (i.e., GoDaddy and their ilk,) and OpenSSL is a standard part of those. But major websites like banks and large retailers aren't hosted on such machines, and most websites that are, like DU, don't use SSL anyway.

Besides, Heartbleed's "OMG!!11!!" operation is this: The content of a mere 16K of random memory might get tacked onto the end of the keep-alive response. It isn't like a table or spreadsheet. It's just 16K of unlabeled bytes. WOW!!11!1!!

The media has just gone crazy and ridiculous with this, but fear sells their advertiser's (and "expert consultant's&quot products.

anger directed toward the faceless hackers who commit these acts. When viruses are introduced, all become vulnerable.

Direct Express bank account and that is all. If they hack into that they are hacking into the bank account of Social Security. Is this thing bad enough that I should be worried?

All of these silly "sky is falling" stories in the media always happen to have an "expert" they interview who, not only fulfills the requisite fear factor necessary for any media frenzy, also just happens to sell the "ideal product" to "protect" you lest you further soil the floor under your bed with more urine.

of that Social Security site also.

Nobody in their right mind would ever use OpenSSL on such a site.