Here's the presentation slides from blackhat: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539449 I'm not sure how much of this applies to OpenSSL, but there are several very scary vulnerabilities mentioned. Someone with more knowledge of the code should look into this ASAP. tim