On 10.4.2014, at 15.48, Ed Maste <ema...@freebsd.org> wrote: > On 10 April 2014 06:33, Kimmo Paasiala <kpaas...@icloud.com> wrote: >> >> Going back to this original report of the vulnerability. Has it been >> established with certainty that the attacker would first need MITM >> capability to exploit the vulnerability? I'm asking this because MITM >> capability is not something that just any attacker can do. Also if this is >> true then it can be argued that the severity of this vulnerabilty has be >> greatly exaggerated. > > No, the attack does not rely on MITM. The vulnerability is available > to anyone who can establish a connection.
Yes of course when you now read the description of the problem at http://heartbleed.com/ it’s completely clear that the attack can be done by anyone. Thanks. -Kimmo
signature.asc
Description: Message signed with OpenPGP using GPGMail
