I read about the new bug from the source, but is one of those things is hard to understand its potential unless is explained. This short video does just that.  It is twice that such a huge hole was found in SSL libraries this year.  First couple months ago with apples ‘goto fail’ that didn’t try to follow the rules.  Now this one by fibbing to the server about length of the heartbeat.