[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] is it me or did tor talk get really quiet?

> tortalk@xxxxxxxx wrote:

>> It depends on what you want to read. If you want some scary rants
>> about Tor and 0 days you might want to read:
>> http://arstechnica.com/security/2016/09/bug-that-hit-firefox-and-tor-browsers-was-hard-to-spot-now-we-know-why/
>> "Bug that hit Firefox and Tor browsers was hard to spot now we know 
>> why"

>  His bug was interesting in a few ways.  For one, it appeared weeks 
> after he claimed to have it.  Perhaps most surprising was that senior 
> engineers needed to walk him through the problem he was interested in 
> reporting (by Erinn Atwater & Ryan Duff [2]) before he could articulate 
> it in any meaningful way.  His insistence that it was a Tor-exclusive 
> bug also cost him a bug bounty from Mozilla (their chart would appear to 
> indicate $10k+ for a bug like that).

Why should Tor users be interested in the expertise or motives of the person 
who reported this bug?
> It's also worth noting that Tor released a patch the same day the bug > was finally reported.  Rotor Browser (jmprcx/movrcx's project) hasn't 
> patched the issue [1], even though Mozilla and Tor both did.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to