" just about every SSL-encrypted internet communication over the last two years has been compromised."
No, it really hasn't.
It's accurate to say that just about every Open-SSL encrypted session for servers that were using NEW versions of OpenSSL (not all those ones out there still stuck on 0.9.8(whatever) that never had the bug) were potentially vulnerable to attack.
That's bad, but it's a universe away from "every SSL session is compromized!!!" because that's not really true.