9 Apr
2014
9 Apr
'14
6:51 p.m.
- Should authorities scan for bad OpenSSL versions and force their weight
down to 20?
I'd be interested in hearing people's thoughts on how to do such scanning ethically (and perhaps legally). I was under the impression the only way to do this right now is to actually trigger the bounds bug and export some quantity (at least 1 byte) of memory from the vulnerable machine.