[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Yosem Companys
companys at stanford.edu
Wed Aug 7 11:04:16 PDT 2013
OK, everyone, let's try to cool it a bit. This discussion is extremely
important, so let's not let it deteriorate into bickering. Otherwise, I'll
have to moderate it, a task I don't enjoy.
Kudos to all of you who have already expressed a similar sentiment,
Yosem, one of the moderators
On Wed, Aug 7, 2013 at 9:50 AM, Al Billings <albill at openbuddha.com> wrote:
> No and no.
>
> It was an issue found by a external security researcher who has submitted
> a lot of issues to us over time. He found it through his process of
> investigation and reported it directly to us (responsible disclosure and
> such). It was a problem and we fixed it. The first indications of any
> exploit using it at all were when things happened with Tor this last
> weekend.
>
> If an unfixed bug is being used in the wild, that's a 0 Day and we'll
> scramble to fix it if the bug is severe enough to merit it. If it is a bug
> that we've already fixed, we'll investigate to see if further mitigation is
> necessary and if there is anything further to be done. We had people spend
> their Sundays looking at the bug in question before it was completely
> narrowed down, double-checked, and confirmed to be the older issue that had
> been fixed in the current release of the time (we actually had another
> normal release yesterday as it is that time on the six week clock).
>
> Al
>
> --
> Al Billings
> http://makehacklearn.org
>
> On Wednesday, August 7, 2013 at 2:58 AM, Jacob Appelbaum wrote:
>
> Al - did Mozilla know it was being exploited in the wild, a month ago?
> Was there a known difference at the time between this bug and say, the
> others which were fixed in the ESR17 release cycle?
>
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130807/1f96ce90/attachment.html>
More information about the liberationtech
mailing list