Was the article changed since you read it? The first three paragraphs make it clear that this is an attempted reconstruction of events and clarifications/corrections/ are requested.
>Ever since the "Heartbleed" flaw in encryption protocol OpenSSL was made public on April 7 in the US there have been various questions about who knew what and when.
>Fairfax Media has spoken to various people and groups involved and has compiled the below timeline.
>If you have further information or corrections - especially information about what occurred prior to March 21 at Google - please email the author: bgrubb@fairfaxmedia.com.au. Click here for his PGP key.
Sorry, that just still looks like glossing it over.
I mean, when the NSA & other actors do NOT submit their data to this guy, they can say, it's complete now?
It just stinks to me like it's complacency. Just change your passwords & patch, & then don't worry, share everything again, it's private. In 2014, I don't think we're safe & private anymore at all. I can take the downvotes. I don't like it either.
Heartbeats are not logged on a standard configuration, so if people other than the confirmed parties independently discovered the vulnerability, told nobody (or at least nobody who would tell anybody), and then exploited it on systems where heartbeats are not logged (which would be most of them), then how could anyone possibly know?
For most people reading this actual article, I think they will come away with the impression that it's a complete account.