On Oct 6, 2014, at 6:41 PM, Collin Anderson <[email protected]> wrote:
> On Mon, Oct 6, 2014 at 9:35 PM, Greg <[email protected]> wrote: > Although this isn't a serious bug, it's still a security-related issue and > you don't know how failing to responsibly disclose it could affect someone. > > It seems that you were called out on something fairly basic -- is this about > bug reporting or public embarrassment on a matter that you would have wished > to remain shuffled away in private correspondences? Sorry, I don't understand your question, could you rephrase it? I am embarrassed for Steve Weis. If I were employing him, I'd fire him for claiming to be a security professional while not knowing how responsibly disclose a bug. Re "fairly basic": yes, modifying timestamps is fairly basic stuff (and it worked in all our tests just fine). I have no idea why it suddenly broke. - Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA.
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
