So @silent_circle showed why they'll be the first to defend our civil rights -- I just wish their code didn't suck so bad
-
@pro2rat@marshray Phil is famous for his crypto, not for the quality of his code http://blog.erratasec.com/2013/08/when-did-we-start-trusting-bad-code.html …
@ErrataRob @marshray Mr BlackICE asks when we started trusting bad code. His snakeoil had multiple kernel remotes, Witty worm. Glass houses?
-
-
@bellytales@marshray We documented our vulnerabilities for the customer. We called them vulnerabilities. You didn't call yours a vuln. -
@ErrataRob Your use of "you" is incorrect here. To be clear, I'm certainly not defending them, just commenting on your unwarranted hubris.
End of conversation
New conversation -
-
-
@bellytales@marshray ..which is why I was clear not to fault them for the bug itself, but the coverup -
@ErrataRob Untrue, that's what you did. "When did we start trusting bad code?" When we let you touch ring0, for starters.#DoSonly -
@bellytales I agree@ErrataRob is a hubrist and his blog post reads at least as much "their code sucks" as "they need better disclosure". - 1 more reply
New conversation -
-
-
@bellytales To me,@ErrataRob's best point was that@Silent_Circle's formal security advisory seemed to have gotten lost in the drama -
@marshray@erratarob He might want to work on his delivery. If my code gave kernel remote via *a large ping*, I'd criticize very politely. -
@bellytales So how much network code did you write in the 1990's? I don't get the feeling@ErrataRob is too concerned with his delivery :-) -
@marshray@erratarob You might want to re-check your dates on those advisories/worms.
End of conversation
New conversation -
-
-
@bellytales in infosec evry house is glass & evry rsrchr has many stones.@ErrataRob@marshrayThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.