Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Apr 2014 18:24:24 +0300
From:      Kimmo Paasiala <kpaasial@icloud.com>
To:        Ed Maste <emaste@freebsd.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: http://heartbleed.com/
Message-ID:  <B0B761F5-510F-46AD-B7C0-F4B32EB0E745@icloud.com>
In-Reply-To: <CAPyFy2AZLpG%2B54T6oY=02vPmAzOBpfO0vfgagF8GPcGYuzD0_A@mail.gmail.com>
References:  <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net> <5343FD71.6030404@sentex.net> <5344020E.9080001@erdgeist.org> <680DECA1-4AD9-4B40-8F82-68E8499C01BB@icloud.com> <CAPyFy2AZLpG%2B54T6oY=02vPmAzOBpfO0vfgagF8GPcGYuzD0_A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]

On 10.4.2014, at 15.48, Ed Maste <emaste@freebsd.org> wrote:

> On 10 April 2014 06:33, Kimmo Paasiala <kpaasial@icloud.com> wrote:
>> 
>> Going back to this original report of the vulnerability. Has it been established with certainty that the attacker would first need MITM capability to exploit the vulnerability? I'm asking this because MITM capability is not something that just any attacker can do. Also if this is true then it can be argued that the severity of this vulnerabilty has be greatly exaggerated.
> 
> No, the attack does not rely on MITM.  The vulnerability is available
> to anyone who can establish a connection.

Yes of course when you now read the description of the problem at http://heartbleed.com/ it’s completely clear that the attack can be done by anyone. Thanks.

-Kimmo


[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJTRresAAoJEFvLZC0FWRVpjS8H/jbjQV0Q5uC86+1rX7+dOE2z
Lc66xiuyqeMuBec6j82p/Yz+xIkWY+M8UhWewMD0i7Fnjy1J64S50BWBAMkeb0CK
tO4EjWKo/wvAk8QG7zYYbn8gJY0gQXH6LRJjJgCJFcdC4OeHV8zam6ttYT7GNdGg
Y6IjGqaT8r6HVa0d/JGCBVTdx/DsmgOz8bB90tA3IdIaQP5e0FKQrJzknzCo4LVe
G+xmZV50I7mrBRsL4SFfh5unZ4e5lDWzcJmuSP3kl8+WpPjv+bpDE0His4B7h1yo
5wNN+XCEktG7cbds3q+883Aatl7d9/odgs8UWcpQGyemPnVzNnbFH0zrS9Cb3Cw=
=HfEv
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B0B761F5-510F-46AD-B7C0-F4B32EB0E745>