Is anyone else annoyed that the WPA2 KRACK paper author sat on it for >2mos before any disclosure and 5mos before public disclosure?
Show this thread
-
To put it bluntly: if you put academic creds and getting a paper published before everyone's security, you're an asshole.
Show this thread
Protip: this makes your disclosure *irresponsible*. So does notifying an academic review board 2 months before notifying vendors. Asshole.pic.twitter.com/7pu3Qhn0cd
-
-
My thought exactly, also why the heck they worried of people rediscovering patched vuln. More like worrying others might steal their credits
-
If it's only patched in *one* vendor when there are 60+ involved, the vuln can be revealed for every other vendor where it remains unpatched
End of conversation
New conversation -
-
-
also, how about a list of vendor responses
-
https://github.com/kristate/krackinfo … mostly none, sign of an utter failure at responsible disclosure.
- Show replies
New conversation -
-
-
Wait is this the OpenBSD patch? https://marc.info/?l=openbsd-announce&m=148839684520133&w=2 … From March 1?!
- Show replies
New conversation -
-
-
-
From the author.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.