> tort...@arcor.de wrote:

>> It depends on what you want to read. If you want some scary rants
>> about Tor and 0 days you might want to read:
>> http://arstechnica.com/security/2016/09/bug-that-hit-firefox-and-tor-browsers-was-hard-to-spot-now-we-know-why/
>> "Bug that hit Firefox and Tor browsers was hard to spot now we know 
>> why"

>  His bug was interesting in a few ways.  For one, it appeared weeks 
> after he claimed to have it.  Perhaps most surprising was that senior 
> engineers needed to walk him through the problem he was interested in 
> reporting (by Erinn Atwater & Ryan Duff [2]) before he could articulate 
> it in any meaningful way.  His insistence that it was a Tor-exclusive 
> bug also cost him a bug bounty from Mozilla (their chart would appear to 
> indicate $10k+ for a bug like that).

Why should Tor users be interested in the expertise or motives of the person 
who reported this bug?
> It's also worth noting that Tor released a patch the same day the bug > was 
> finally reported.  Rotor Browser (jmprcx/movrcx's project) hasn't 
> patched the issue [1], even though Mozilla and Tor both did.

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to

Reply via email to