[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud

[Al Billings]

You realize Tor didn't know this vuln was an issue until two days ago? 

The Tor Browser Bundle is based off of Firefox ESR releases. All the high profile security issues fixed are listed on the Firefox ESR known vulnerabilities web page. You want them to copy that page for you?

Al 

-- 
Al Billings
http://makehacklearn.org


On Monday, August 5, 2013 at 12:55 PM, Griffin Boyce wrote:

> Bernard Tyers - ei8fdb <ei8fdb at ei8fdb.org (mailto:ei8fdb at ei8fdb.org)> wrote:
> > By what Roger Dingledine from Tor has stated in a previous mail, The Tor Project provided the "you need to upgrade message" promptly. I don't know if that is enough. (But it is certainly a lot more that other providers of software would do.) 
> 
>   I can really only speak for me, but I think that a larger part is "what constitutes full disclosure?" Is it a broad advisory? Is it a blog post? Is it tweets? What constitutes a bug big enough to warrant that type of announcement? Every software project has to come up with answers to these questions. FWIW, I keep up with Tor news far more than an average user, and still did not know about this vuln until a couple of days ago. 
> 
>   I would like to see Tor broadcasting recent vulnerabilities/issues/enhancements on the check.torproject.org (http://check.torproject.org) page. Ironically (or not) Nadim and I had already been working on a different TorCheck page when this news came out. 
> --
> Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130805/5ca2eb1e/attachment.html>