[ef47d35620c1]

It's a client problem too. Many people are over-looking that.

[iscrewyou]

I've been looking everywhere for an answer but this may just be right place to ask.

What can a user or a client do to protect itself? Sites can patch things up (some sooner and some later). But meanwhile, what measures should the client take while waiting for the sites to be patched up?

[regecks]

Ask whoever wrote your client software to rebuild it with a new version of OpenSSL. Or, if its open source, try relink it yourself.

I guess through some convoluted MITM attack, somebody could (for example) try and exploit your email client, or similar.