On 28/09/16 12:23, Nick Lamb wrote: > On Tuesday, 27 September 2016 10:15:38 UTC+1, Gervase Markham wrote: >> https://tyro.com/blog/merchant-security-is-tyros-priority/ > > This site reproduces what I guess is an email from Tyro (can't find similar > text on their website) that suggests very strongly they weren't prepared for > SHA-1 deprecation at all and hadn't previously even notified their customers > of the necessary upgrades. > > http://www.newsagencyblog.com.au/2016/06/02/if-you-are-running-windows-xp/ > > If May was really the first time they realised they had a problem that's > pretty damning.
Presumably this... "The certificate that we use to secure our integration system expires on the 6th of June, 2016 and the new certificate cannot be accepted by POSs that run on Windows XP Service pack 2 or earlier." ...is referring to https://crt.sh/?id=1455926 and https://crt.sh/?id=20031959. If so, that would seem to imply that https://crt.sh/?id=21427475 had not been issued when that article was posted. (The alternative, and I would suggest unlikely, explanation is that Tyro did possess https://crt.sh/?id=21427475 when that article was posted, but for some reason they'd already made the decision to not use it). BTW, I found a couple of other references: http://www.possolutions.com.au/blog/windows-xp-sp2-expires http://www.possolutions.com.au/blog/if-you-are-running-windows-xp-or-server-2003 -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
