CloudFlare have challenged people to extract their private keys. Mission accomplished, by two people:
http://www.engadget....dflare-challenge/
OK, so this was a stupid buffer overflow. But wait! There's more! The OpenSSL software actually and intentionally circumvents the system malloc, that, in the case of OpenBSD at least, would have prevented this flaw from being the giant clusterfuck it actually is:
Reddit: http://www.reddit.co...ploit_mitigation/
The inimitable Theo on the openbsd.misc list on Gmane:
http://article.gmane...enbsd.misc/211963
Analysis of what's wrong (answer: everything) with OpenSSL's memory allocator:
http://www.tedunangs...sl-freelist-reuse
Article describing the general utter shittiness of OpenSSL's code:
https://www.peereboo...html/openssl.html