Heartbleed attack on Openssl

Robert J. Hansen rjh at sixdemonbag.org
Thu Apr 10 05:13:56 CEST 2014


> Thanks everyone for the quick and complete feedback. New questions arose:

Again, you will have better luck asking on an OpenSSL mailing list.
There is no guarantee that anyone on this mailing list is an expert in
OpenSSL.

> The communication between browser and X could be eavesdropped. Is that
> correct?

Someone else could connect to X and use Heartbleed to scan the contents
of X's memory.  Anything sent to X could be considered compromisable for
so long as it's stored in X's RAM.




More information about the Gnupg-users mailing list