11 Apr
2014
11 Apr
'14
12:18 a.m.
On 10 Apr 2014, at 18:16, Scott Howard
Although clients are at risk, the vast majority of browsers do NOT use OpenSSL
Note that a "reverse heartbleed" attack has been described, which has the potential to harvest data from clients who have connected to rogue servers (such as might be triggered by an embedded image in some spam, or by a similarly-crafted banner ad). http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed In other news, Randall Munroe has managed once again to describe a potentially-complicated problem in a six-panel cartoon that a child would have no problem understanding: http://xkcd.com/1354/ Joe