Dear Travis, On Oct 6, 2014, at 9:08 PM, Travis Biehn <[email protected]> wrote: > Greg, > When someone else discovers an issue with your product and you find out about > it - you should be thankful. > I was thankful. I literally thanked him.
> In fact "irresponsible disclosure" supposes that this vulnerability was > difficult to uncover. If the vulnerability was particularly easy -for any > threat actor- to uncover then an argument can be made that delaying > disclosure is irresponsible. > Could you please give me a time estimate on this delay that you are talking about? I believe clicking on the email I gave him would take approximately the same amount of time as replying to the list, but I could be mistaken. Kind regards, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. > They could have just as easily sold the bug silently to the intelligence > community - or let you otherwise continue to produce insecure software. > > In fact "irresponsible disclosure" supposes that this vulnerability was > difficult to uncover. If the vulnerability was particularly easy -for any > threat actor- to uncover then an argument can be made that delaying > disclosure is irresponsible. > > Travis > > On Oct 6, 2014 11:11 PM, "Greg" <[email protected]> wrote: > On Oct 6, 2014, at 7:21 PM, Collin Anderson <[email protected]> wrote: >> Here I attempted to make a professional point that you are purporting to >> offer software to an audience whose needs you do not seem to be able to >> serve. Your seriousness in regard to the obligations that those needs incur >> seems to have only come up to denigrate Steve for having laid bare the >> situation, and in what appears to have been a few minutes worth of research. > > Irresponsible disclosure is a serious problem, yes. > > Are you endorsing irresponsible disclosure...? > >> No, I kept my trolling to Twitter. Fun was had by many. > > > And you are actually proud of trolling...? > > Not sure what's so difficult about asking us to just change the text. We're > happy to address you concerns. You don't need to troll us to get a response, > in fact you're more likely to get a better one when you don't troll. > >> Rather than this blasé and hostile attitude, you should have expressed some >> shame for using this community to push your software. > > Someone wanted to know about truecrypt alternatives, and I here was my reply: > > See this list on ArsTechnica's forum: > > http://arstechnica.com/civis/viewtopic.php?f=21&t=1245367 > > I work for Tao Effect LLC, our software is on that list, and you can read > about how its plausible deniability compares to TrueCrypt's here (forgive > this subreddit's insane color scheme): > > http://www.reddit.com/r/security/comments/2b5icu/major_advancements_in_deniable_encryption_arrive/cj24a1n > > In case anyone on this list wants a license, here's a code for 15% off: > LIBERATIONTECH > > There are 10 of them and you can use them on espionageapp.com. They expire > November 1st. > > >> But you haven't. Let us know when Steve's bug has a CVE number. > > > Sure, I can do that for you. :) > > I can also change the website's wording for you. Just send us an email with > how you would prefer we phrase our website's text: [email protected] > > Kind regards, > Greg Slepak > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > [email protected]. > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > [email protected].
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
