Apparently there is a Security Bulletins page, but I wasn't aware of it until you posted this link. https://aws.amazon.com/security/security-bulletins/

Just used Zapier to set up a RSS-to-email trigger to get notified about things like this in the future, although Amazon really should be sending them out automatically to customers.

Great idea, I just setup an RSS-to-slack trigger for future notifications: http://zpr.io/HSkn

Should anyone else find it useful, here's what I'm now using: http://zpr.io/HS5f

It detects new AWS security bulletin items and notifies you via Google Hangout.

Great!

./heartbleeder zapier.com

VULNERABLE - zapier.com:443 has the heartbeat extension enabled and is vulnerable to CVE-2014-0160

AWS's ELB (which we use) were vulnerable, we'll be replacing certificates ASAP. We (and most the rest of the internet using ELB) seem to be in the clear now:

    ./heartbleeder zapier.com
    SECURE - zapier.com:443 has the heartbeat extension enabled, but timed out after a malformed heartbeat (this likely means that it is not vulnerable)

When did you run your check? Do you have a recent binary of heartbleeder?

That'd be great, except the last thing in the RSS feed at feed://aws.amazon.com/rss/security.rss is almost a year old ಠ_ಠ