Heartbleed attack on Openssl

[Felipe Vieira]

So going back to the original question as I can see there is no
disagreement on its importance:
*1) What are the consequences to the ordinary user? *
All the news are lacking information on that. Can you point relevant
examples?
All I could gather is that the only major/well known server to be
compromised was Yahoo.
For example: Gmail and Dropbox and Hotmail seem to be imune to this. I also
found out that Mozilla/Firefox browser were also imune. If I would persuade
someone of this bug's importance, which other examples could I give?

2) (specific question) Does Firefox use openssl to connect to some servers
while browsing?

3) How about Ubuntu and other OSs? Do they use openssl to update
themselves? (as in "apt-get update && apt-get upgrade").
Be as clear and basic as possible. In the context of "It's 2014. Are we
there yet?" thread, I would like more shocking/tangible examples to suggest
friends to start thinking of cryptography (and then we are back to gnupg).
Thanks again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140409/b426606c/attachment.html>