--Apple-Mail=_D379FA02-4174-493A-AB71-20F9F6F853EE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 10.4.2014, at 15.48, Ed Maste <emaste@freebsd.org> wrote: > On 10 April 2014 06:33, Kimmo Paasiala <kpaasial@icloud.com> wrote: >>=20 >> Going back to this original report of the vulnerability. Has it been = established with certainty that the attacker would first need MITM = capability to exploit the vulnerability? I'm asking this because MITM = capability is not something that just any attacker can do. Also if this = is true then it can be argued that the severity of this vulnerabilty has = be greatly exaggerated. >=20 > No, the attack does not rely on MITM. The vulnerability is available > to anyone who can establish a connection. Yes of course when you now read the description of the problem at = http://heartbleed.com/ it=92s completely clear that the attack can be = done by anyone. Thanks. -Kimmo --Apple-Mail=_D379FA02-4174-493A-AB71-20F9F6F853EE Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJTRresAAoJEFvLZC0FWRVpjS8H/jbjQV0Q5uC86+1rX7+dOE2z Lc66xiuyqeMuBec6j82p/Yz+xIkWY+M8UhWewMD0i7Fnjy1J64S50BWBAMkeb0CK tO4EjWKo/wvAk8QG7zYYbn8gJY0gQXH6LRJjJgCJFcdC4OeHV8zam6ttYT7GNdGg Y6IjGqaT8r6HVa0d/JGCBVTdx/DsmgOz8bB90tA3IdIaQP5e0FKQrJzknzCo4LVe G+xmZV50I7mrBRsL4SFfh5unZ4e5lDWzcJmuSP3kl8+WpPjv+bpDE0His4B7h1yo 5wNN+XCEktG7cbds3q+883Aatl7d9/odgs8UWcpQGyemPnVzNnbFH0zrS9Cb3Cw= =HfEv -----END PGP SIGNATURE----- --Apple-Mail=_D379FA02-4174-493A-AB71-20F9F6F853EE--