Heartbleed attack on Openssl

Robert J. Hansen rjh at sixdemonbag.org
Thu Apr 10 01:20:09 CEST 2014

> 1) What are the consequences to the ordinary user?

None.  The ordinary user is such an easy target that as bad as this
attack is, I don't see it as making things any worse.

> All the news are lacking information on that. Can you point relevant
> examples?

Not yet.  Give it a few days: news reports will develop, Wikipedia will
be updated, and so on.

> 2) (specific question) Does Firefox use openssl to connect to some
> servers while browsing?


No, it does not.  Nor does Chrome.

> 3) How about Ubuntu and other OSs? Do they use openssl to update
> themselves? (as in "apt-get update && apt-get upgrade").

Usually not.  Repositories are normally accessed via HTTP, not HTTPS.

More information about the Gnupg-users mailing list