Heartbleed attack on Openssl

Robert J. Hansen rjh at sixdemonbag.org
Thu Apr 10 01:20:09 CEST 2014


> 1) What are the consequences to the ordinary user?

None.  The ordinary user is such an easy target that as bad as this
attack is, I don't see it as making things any worse.

> All the news are lacking information on that. Can you point relevant
> examples?

Not yet.  Give it a few days: news reports will develop, Wikipedia will
be updated, and so on.

> 2) (specific question) Does Firefox use openssl to connect to some
> servers while browsing?

https://www.google.com/search?q=does+firefox+use+openssl

No, it does not.  Nor does Chrome.

> 3) How about Ubuntu and other OSs? Do they use openssl to update
> themselves? (as in "apt-get update && apt-get upgrade").

Usually not.  Repositories are normally accessed via HTTP, not HTTPS.



More information about the Gnupg-users mailing list