Date: Thu, 10 Apr 2014 18:24:24 +0300 From: Kimmo Paasiala <kpaasial@icloud.com> To: Ed Maste <emaste@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: http://heartbleed.com/ Message-ID: <B0B761F5-510F-46AD-B7C0-F4B32EB0E745@icloud.com> In-Reply-To: <CAPyFy2AZLpG%2B54T6oY=02vPmAzOBpfO0vfgagF8GPcGYuzD0_A@mail.gmail.com> References: <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net> <5343FD71.6030404@sentex.net> <5344020E.9080001@erdgeist.org> <680DECA1-4AD9-4B40-8F82-68E8499C01BB@icloud.com> <CAPyFy2AZLpG%2B54T6oY=02vPmAzOBpfO0vfgagF8GPcGYuzD0_A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_D379FA02-4174-493A-AB71-20F9F6F853EE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 10.4.2014, at 15.48, Ed Maste <emaste@freebsd.org> wrote: > On 10 April 2014 06:33, Kimmo Paasiala <kpaasial@icloud.com> wrote: >>=20 >> Going back to this original report of the vulnerability. Has it been = established with certainty that the attacker would first need MITM = capability to exploit the vulnerability? I'm asking this because MITM = capability is not something that just any attacker can do. Also if this = is true then it can be argued that the severity of this vulnerabilty has = be greatly exaggerated. >=20 > No, the attack does not rely on MITM. The vulnerability is available > to anyone who can establish a connection. Yes of course when you now read the description of the problem at = http://heartbleed.com/ it=92s completely clear that the attack can be = done by anyone. Thanks. -Kimmo --Apple-Mail=_D379FA02-4174-493A-AB71-20F9F6F853EE Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJTRresAAoJEFvLZC0FWRVpjS8H/jbjQV0Q5uC86+1rX7+dOE2z Lc66xiuyqeMuBec6j82p/Yz+xIkWY+M8UhWewMD0i7Fnjy1J64S50BWBAMkeb0CK tO4EjWKo/wvAk8QG7zYYbn8gJY0gQXH6LRJjJgCJFcdC4OeHV8zam6ttYT7GNdGg Y6IjGqaT8r6HVa0d/JGCBVTdx/DsmgOz8bB90tA3IdIaQP5e0FKQrJzknzCo4LVe G+xmZV50I7mrBRsL4SFfh5unZ4e5lDWzcJmuSP3kl8+WpPjv+bpDE0His4B7h1yo 5wNN+XCEktG7cbds3q+883Aatl7d9/odgs8UWcpQGyemPnVzNnbFH0zrS9Cb3Cw= =HfEv -----END PGP SIGNATURE----- --Apple-Mail=_D379FA02-4174-493A-AB71-20F9F6F853EE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B0B761F5-510F-46AD-B7C0-F4B32EB0E745>