Heartbleed attack on Openssl
Robert J. Hansen
rjh at sixdemonbag.org
Thu Apr 10 01:20:09 CEST 2014
> 1) What are the consequences to the ordinary user?
None. The ordinary user is such an easy target that as bad as this
attack is, I don't see it as making things any worse.
> All the news are lacking information on that. Can you point relevant
> examples?
Not yet. Give it a few days: news reports will develop, Wikipedia will
be updated, and so on.
> 2) (specific question) Does Firefox use openssl to connect to some
> servers while browsing?
https://www.google.com/search?q=does+firefox+use+openssl
No, it does not. Nor does Chrome.
> 3) How about Ubuntu and other OSs? Do they use openssl to update
> themselves? (as in "apt-get update && apt-get upgrade").
Usually not. Repositories are normally accessed via HTTP, not HTTPS.
More information about the Gnupg-users
mailing list