[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Al Billings
albill at openbuddha.com
Wed Aug 7 09:50:18 PDT 2013
No and no.
It was an issue found by a external security researcher who has submitted a lot of issues to us over time. He found it through his process of investigation and reported it directly to us (responsible disclosure and such). It was a problem and we fixed it. The first indications of any exploit using it at all were when things happened with Tor this last weekend.
If an unfixed bug is being used in the wild, that's a 0 Day and we'll scramble to fix it if the bug is severe enough to merit it. If it is a bug that we've already fixed, we'll investigate to see if further mitigation is necessary and if there is anything further to be done. We had people spend their Sundays looking at the bug in question before it was completely narrowed down, double-checked, and confirmed to be the older issue that had been fixed in the current release of the time (we actually had another normal release yesterday as it is that time on the six week clock).
Al
--
Al Billings
http://makehacklearn.org
On Wednesday, August 7, 2013 at 2:58 AM, Jacob Appelbaum wrote:
> Al - did Mozilla know it was being exploited in the wild, a month ago?
> Was there a known difference at the time between this bug and say, the
> others which were fixed in the ESR17 release cycle?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130807/77c67040/attachment.html>
More information about the liberationtech
mailing list