SC Magazine: After issuing a community challenge on Friday, website performance and defense firm CloudFlare learned within 11 hours that private keys can be stolen using the Heartbleed bug – a critical vulnerability in widely used versions of the OpenSSL library that ultimately puts SSL/TLS encrypted communications at risk.
Following a roughly weeklong analysis of the vulnerability, the experts with CloudFlare wanted to see just how susceptible vulnerable servers were to Heartbleed, so they set up an nginx server with one of the vulnerable versions of SSL and told the community to start hacking.