""The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," Symantec security expert Nick Johnston explained in a blog post. "The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages.""
"In Eric S. Raymond's seminal essay on open source, The Cathedral and the Bazaar, he defines Linus's Law (named for the father of the Linux kernel, Linus Torvalds), which states that "given enough eyeballs, all bugs are shallow." In other words. If enough users are looking at the code, bugs and problems will be found."
"Naturally, you should do this - but be aware that this situation presents an ideal opportunity to phishers to start sending fake emails, complete with embedded links to the "change password" page - in reality, a website designed to harvest your details."
The US National Security Agency (NSA) knew of the Heartbleed flaw in the widely used OpenSSL security tool and exploited it for year - instead of blowing the whistle so that the patch could be flawed."