First, I am not tilted as somebody. Just from a medium level system admin and network programmer point of view, drop some dimes of mine. Read the following: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 http://security.stackexchange.com/questions/55116/how-exactly-does-the-openssl-tls-heartbeat-heartbleed-exploit-work http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html Then capture the traffic: Signature - attacker initiates the heartbeat request, an up-to-date firefox https has no heartbeat request at all. - The lengths are different I do believe commercial firewall with IPS or IDS blades -- intrusion protection/detection, will show clear warn sign or critical sign in their log(s). Suggestion, - 1. if you are not video streaming or VOIP companies, record all network raw data, at least https, ssh. If you have done, you can evaluate the damage. - the ips/ids have not given any sort waring, change them - review your firewall log together with your admin, at least you know what is a warning sign - given current day storage facility size and price, you have not done 1, go to 10. Compare to the giants swelling capital vuluptures, openssl looks like a malnutritioned bean sprout. 10. if you want to blame sb, I suggest the current administration. Thanks for reading if comment much appreciated. This could happen. Now it is time for plan B.