http://heartbleed.com/
Kimmo Paasiala
kpaasial at icloud.com
Thu Apr 10 15:25:58 UTC 2014
On 10.4.2014, at 15.48, Ed Maste <emaste at freebsd.org> wrote:
> On 10 April 2014 06:33, Kimmo Paasiala <kpaasial at icloud.com> wrote:
>>
>> Going back to this original report of the vulnerability. Has it been established with certainty that the attacker would first need MITM capability to exploit the vulnerability? I'm asking this because MITM capability is not something that just any attacker can do. Also if this is true then it can be argued that the severity of this vulnerabilty has be greatly exaggerated.
>
> No, the attack does not rely on MITM. The vulnerability is available
> to anyone who can establish a connection.
Yes of course when you now read the description of the problem at http://heartbleed.com/ it’s completely clear that the attack can be done by anyone. Thanks.
-Kimmo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140410/2d763c60/attachment.sig>
More information about the freebsd-security
mailing list