On 24/02/16 10:20, Peter Gutmann wrote:
Rob Stradling <[email protected]> writes:
But if it's an old version of NSS or OpenSSL, then the community could help
find an exploitable bug.
If it's a remote-code-exec we could patch their firmware for them to support
SHA-256. Think of it as an undocumented remote admin capability.
(Something like this has been done in the past to fix a commercial vendor's
gear).
True, although engineering and deploying that to 10,000+ terminals
within the next 4 days could be a bit of a challenge! ;-)
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
