Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)

Greg greg at kinostudios.com
Mon Oct 6 18:50:39 PDT 2014


On Oct 6, 2014, at 6:41 PM, Collin Anderson <collin at averysmallbird.com> wrote:

> On Mon, Oct 6, 2014 at 9:35 PM, Greg <greg at kinostudios.com> wrote:
> Although this isn't a serious bug, it's still a security-related issue and you don't know how failing to responsibly disclose it could affect someone.
> 
> It seems that you were called out on something fairly basic -- is this about bug reporting or public embarrassment on a matter that you would have wished to remain shuffled away in private correspondences?

Sorry, I don't understand your question, could you rephrase it?

I am embarrassed for Steve Weis. If I were employing him, I'd fire him for claiming to be a security professional while not knowing how responsibly disclose a bug.

Re "fairly basic": yes, modifying timestamps is fairly basic stuff (and it worked in all our tests just fine). I have no idea why it suddenly broke.

- Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141006/fc8324a3/attachment.html>


More information about the liberationtech mailing list