Date: Thu, 10 Apr 2014 08:48:02 -0400 From: Ed Maste <emaste@freebsd.org> To: Kimmo Paasiala <kpaasial@icloud.com> Cc: freebsd-security@freebsd.org Subject: Re: http://heartbleed.com/ Message-ID: <CAPyFy2AZLpG%2B54T6oY=02vPmAzOBpfO0vfgagF8GPcGYuzD0_A@mail.gmail.com> In-Reply-To: <680DECA1-4AD9-4B40-8F82-68E8499C01BB@icloud.com> References: <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net> <5343FD71.6030404@sentex.net> <5344020E.9080001@erdgeist.org> <680DECA1-4AD9-4B40-8F82-68E8499C01BB@icloud.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10 April 2014 06:33, Kimmo Paasiala <kpaasial@icloud.com> wrote: > > Going back to this original report of the vulnerability. Has it been esta= blished with certainty that the attacker would first need MITM capability t= o exploit the vulnerability? I'm asking this because MITM capability is not= something that just any attacker can do. Also if this is true then it can = be argued that the severity of this vulnerabilty has be greatly exaggerated= . No, the attack does not rely on MITM. The vulnerability is available to anyone who can establish a connection.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2AZLpG%2B54T6oY=02vPmAzOBpfO0vfgagF8GPcGYuzD0_A>