[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Jacob Appelbaum
jacob at appelbaum.net
Wed Aug 7 03:05:59 PDT 2013
Nadim Kobeissi:
>
> On 2013-08-07, at 12:58 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>
>> Nadim Kobeissi:
>>>
>>> On 2013-08-07, at 12:44 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>>>
>>>> Bbrewer:
>>>>> "We're understaffed, so we tend to pick the few things we might
>>>>> accomplish and writing such advisory emails is weird unless there is an
>>>>> exceptional event. Firefox bugs and corresponding updates are not
>>>>> exceptional events. :("
>>>>>
>>>>> Pardon me,
>>>>> But it does seem that this one was.
>>>>>
>>>>> No?
>>>>
>>>> Yeah, this was such a case - a month ago, we didn't know it was such a
>>>> case - no one did, not even Mozilla.
>>>
>>> That's funny — didn't Mozilla issue a security advisory for it a month ago? That would imply that they actually did know that it was such a case.
>>>
>>
>> The exploit is the exceptional event. Roger just covered this with
>> exceptional clarity.
>>
>> Al - did Mozilla know it was being exploited in the wild, a month ago?
>> Was there a known difference at the time between this bug and say, the
>> others which were fixed in the ESR17 release cycle?
>
> Does an exploit need to exist in the wild and be discovered first in order to warrant a security advisory? I didn't know this!
>
The advisory was about bug being exploited in the wild, so, yes. That
was covered well in Roger's last email.
I'd encourage you to read Roger's email (again, or for the first time).
Specifically the part where we encouraged users to upgrade, notified
every browser user that there was a security update and so on.
All the best,
Jacob
More information about the liberationtech
mailing list