The Heartbleed OpenSSL flaw is worse than you think
The OpenSSL flaw named Heartbleed is pretty huge. Many of us in the computer security industry are prone to hyperbole when a big exploit in a popular piece of software is announced, but I can't put it any better than Bruce Schneier did when he said, "On the scale of 1 to 10, this is an 11."
OpenSSL is a very popular open source service implementation that uses the SSL and TLS protocols. It is the backbone for literally tens of thousands of other programs and services that allow SSL or TLS. It's used in Apache, Nginx, and most open source operating systems (such as Linux and BSD) distributions. OpenSSL probably runs on 60 percent or more of the websites that offer HTTPS connections and is used for many other popular services that use SSL-/TLS-based protocols, like POP/S, IMAP/S, and VPNs.
There's a very good chance that if you can connect to an SSL-/TLS-based service and it's not running Microsoft Windows or Apple OS X, it's vulnerable. This includes most VPN appliances, copy machines, and even most appliances. If you can connect to it using HTTPS, and it's not running on Microsoft Windows or OS X consider it vulnerable until proven otherwise.
