1. 3

There was some speculation that a compromise of the hypervisor code itself was the way the OpenSSL site was defaced, but it now appears to just be a weak password.

  1.