Hacker News new | ask | show | jobs
by ekimekim 4840 days ago
That sounds plausible. Again, I'm not a windows guy, but unless they've statically linked the SSL libraries, you should just be able to inject your own dll and capture the data on the way into the library.
1 comments
Kaali 4840 days ago
I would think that they have statically linked it, which is why I thought about using a debugger to catch the data. With dynamically linked library, such as OpenSSL, it would be quite easy to capture the data.
link
tirant 4840 days ago
You could just search for the certificates in the code, and update them with your own.
link
fnordfnordfnord 4840 days ago
But haven't they been rushing updates out the door? They may have been careless given the situation.
link