Heartbleed attack on Openssl
Robert J. Hansen
rjh at sixdemonbag.org
Thu Apr 10 05:13:56 CEST 2014
> Thanks everyone for the quick and complete feedback. New questions arose:
Again, you will have better luck asking on an OpenSSL mailing list.
There is no guarantee that anyone on this mailing list is an expert in
OpenSSL.
> The communication between browser and X could be eavesdropped. Is that
> correct?
Someone else could connect to X and use Heartbleed to scan the contents
of X's memory. Anything sent to X could be considered compromisable for
so long as it's stored in X's RAM.
More information about the Gnupg-users
mailing list