[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)
Greg
greg at kinostudios.com
Mon Oct 6 18:50:39 PDT 2014
On Oct 6, 2014, at 6:41 PM, Collin Anderson <collin at averysmallbird.com> wrote:
> On Mon, Oct 6, 2014 at 9:35 PM, Greg <greg at kinostudios.com> wrote:
> Although this isn't a serious bug, it's still a security-related issue and you don't know how failing to responsibly disclose it could affect someone.
>
> It seems that you were called out on something fairly basic -- is this about bug reporting or public embarrassment on a matter that you would have wished to remain shuffled away in private correspondences?
Sorry, I don't understand your question, could you rephrase it?
I am embarrassed for Steve Weis. If I were employing him, I'd fire him for claiming to be a security professional while not knowing how responsibly disclose a bug.
Re "fairly basic": yes, modifying timestamps is fairly basic stuff (and it worked in all our tests just fine). I have no idea why it suddenly broke.
- Greg
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141006/fc8324a3/attachment.html>
More information about the liberationtech
mailing list