Search Mailing List Archives
[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)
tbiehn at gmail.com
Mon Oct 6 21:08:12 PDT 2014
When someone else discovers an issue with your product and you find out
about it - you should be thankful.
They could have just as easily sold the bug silently to the intelligence
community - or let you otherwise continue to produce insecure software.
In fact "irresponsible disclosure" supposes that this vulnerability was
difficult to uncover. If the vulnerability was particularly easy -for any
threat actor- to uncover then an argument can be made that delaying
disclosure is irresponsible.
On Oct 6, 2014 11:11 PM, "Greg" <greg at kinostudios.com> wrote:
> On Oct 6, 2014, at 7:21 PM, Collin Anderson <collin at averysmallbird.com>
> Here I attempted to make a professional point that you are purporting to
> offer software to an audience whose needs you do not seem to be able to
> serve. Your seriousness in regard to the obligations that those needs incur
> seems to have only come up to denigrate Steve for having laid bare the
> situation, and in what appears to have been a few minutes worth of research.
> Irresponsible disclosure is a serious problem, yes.
> Are you endorsing irresponsible disclosure...?
> No, I kept my trolling to Twitter. Fun was had by many.
> And you are actually proud of trolling...?
> Not sure what's so difficult about asking us to just change the text.
> We're happy to address you concerns. You don't need to troll us to get a
> response, in fact you're more likely to get a better one when you don't
> Rather than this blasé and hostile attitude, you should have expressed
> some shame for using this community to push your software.
> Someone wanted to know about truecrypt alternatives, and I here was my
> *See this list on ArsTechnica's forum:*
> *I work for Tao Effect LLC, our software is on that list, and you can read
> about how its plausible deniability compares to TrueCrypt's here (forgive
> this subreddit's insane color scheme):*
> *In case anyone on this list wants a license, here's a code for 15%
> off: LIBERATIONTECH*
> *There are 10 of them and you can use them on espionageapp.com
> <http://espionageapp.com/>. They expire November 1st.*
> But you haven't. Let us know when Steve's bug has a CVE number.
> Sure, I can do that for you. :)
> I can also change the website's wording for you. Just send us an email
> with how you would prefer we phrase our website's text:
> support at taoeffect.com
> Kind regards,
> Greg Slepak
> Please do not email me anything that you are not comfortable also sharing with
> the NSA.
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech