We're not gonna take it?
Many underground areas have been talking about how this whole heartbleed thing has actually, just for quite a while, been something that was used internally by various gathering entities.
So we're not gonna take it would be appropriate.
Also earlier in the article you will notice they striped a lot of legacy support by forking LibreSSL from OpenSSL. They essentially took the same code and got rid of a bunch of stuff including legacy support for old ass OS's. This suggests that the vulnerability lied in some of that code.