Date: Thu, 10 Apr 2014 08:48:02 -0400 From: Ed Maste <emaste@freebsd.org> To: Kimmo Paasiala <kpaasial@icloud.com> Cc: freebsd-security@freebsd.org Subject: Re: http://heartbleed.com/ Message-ID: <CAPyFy2AZLpG%2B54T6oY=02vPmAzOBpfO0vfgagF8GPcGYuzD0_A@mail.gmail.com> In-Reply-To: <680DECA1-4AD9-4B40-8F82-68E8499C01BB@icloud.com> References: <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net> <5343FD71.6030404@sentex.net> <5344020E.9080001@erdgeist.org> <680DECA1-4AD9-4B40-8F82-68E8499C01BB@icloud.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10 April 2014 06:33, Kimmo Paasiala <kpaasial@icloud.com> wrote: > > Going back to this original report of the vulnerability. Has it been established with certainty that the attacker would first need MITM capability to exploit the vulnerability? I'm asking this because MITM capability is not something that just any attacker can do. Also if this is true then it can be argued that the severity of this vulnerabilty has be greatly exaggerated. No, the attack does not rely on MITM. The vulnerability is available to anyone who can establish a connection.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2AZLpG%2B54T6oY=02vPmAzOBpfO0vfgagF8GPcGYuzD0_A>