[Gygash]

Found a Python PoC: http://s3.jspenguin.org/ssltest.py

Edit: and just used it to dump 64K from a known-vulnerable device we control. Got a session cookie. Jeez.

[cdelsolar]

JESUS CHRIST, all sorts of private information. Patch your servers now!

[vinhboy]

After reading your comment, I started looking back at the packets I got using the script on a site I knew was not patched. Damn.. there are plaintext passwords in there for paypal.

This shit is scary.

[cdelsolar]

There is going to be massive amounts of fraud all over the world for a while because of this bug.

[thenickdude]

Looks like that file was pulled. Here's a mirror on Pastebin:

http://pastebin.com/YsdUXL1F

[MasterScrat]

Works pretty well on openssl.org...