What I find so interesting about this vulnerability is that government agencies such as the NSA must have known about the flaw and said nothing to the world at large. You doubt this? Just think, if you''re in signals intelligence and you find out about a way to extract information from supposedly secure systems in a way that is undetectable, aren't you going to use it and keep quiet about it?! And if the NSA didn't know about Heartbleed then they should all be fired for incompetence.
why because it is a buffer overrun and memory leak two things that are easily detectable if you use software or specialists to find exploitable bugs in software to be able to intercept the communications even if they pretend to protect it
the developer himself said it was a stupid mistake he should have seen immediately (and everybody who is supposed to have looked upon the quality of the code (the so-called cummunity).
and if you have found a bug like this you surely get a promotion, because there is no trail that you have done this (the wet dream of any spy) and no they are not all Snowden IPS/IDS have added now this discovery.
there are also the slides in which the NSA says that it can decrypt encrypted communication that passes through routers, they already had the source code of the Huwaie routers and for the cisco routers they only needed the passwords because they were already vulnerable for this leak. It means that in environments totally under their control they could intercept, decrypt and send any information to where-ever - through trusted channels that weren't monitored (because they were supposed to be safe and trusted)
and it also works on Android mobiles, Juniper VPN access to networks and so on ......
If they didn't have it than they surely are doing something very wrong and wasting much money in things that compared to this are a big waste of time and money.
which means that intelligence agencies will now go over any critical opensource code as if it has other golden hidden vulnerabilities that weren't found out before.
which means that people responsable for thos opensource project should do the same
which means that you will now see many updates for open source products and stricter rules before any new code is added to the kernel