Why are those channels “proper”?
-
-
Replying to @hdevalence
Because they don't involve everyone on the internet knowing about the vulnerability before a patch is available and a CVE is issued
2 replies 0 retweets 1 like -
Replying to @sgrif @hdevalence
Manish Retweeted Kevin Beaumont
Manish added,
Kevin BeaumontVerified account @GossiTheDogRegarding people attacking the guy who tweeted#IAmRoot last night - multiple people had already tweeted it, GIFed it, posted it on their forum. The difference is his tweet went viral. He doesn’t work in security. He did the world a favour.Show this thread1 reply 0 retweets 1 like -
Replying to @ManishEarth @hdevalence
I know it had at least been posted on their forum. Was not aware of the other cases. I still stand by the statement that anyone in our industry should know better, and if it was ignorance we need to do a better job of teaching this.
1 reply 0 retweets 0 likes -
Replying to @sgrif @hdevalence
Manish Retweeted Sarah Jamie Lewis
Yeah, I don't think it was ignorance, nor do I think it was immoral (seems like Henry is of the same opinion?) I kinda agree with Sarah here. I personally would privately disclose but I don't consider this specific case immoral to not.https://twitter.com/SarahJamieLewis/status/935700213074817025 …
Manish added,
2 replies 0 retweets 2 likes -
Replying to @ManishEarth @hdevalence
Immoral is much stronger than what I was trying to express.
1 reply 0 retweets 0 likes -
Replying to @sgrif @hdevalence
Improper/immoral/unethical/or basically "wrong" in any way.
1 reply 0 retweets 0 likes -
Replying to @ManishEarth @hdevalence
I think the difference in my point is this: I don't see this as a disclosure, I see this as a disclosure to the developers working there who aren't magically more powerful than the developers working on OSS. I reject the notion that throwing more money at it fixes the problem
1 reply 0 retweets 0 likes -
That does not make it OK that this happened, nor does it mean the reporter is responsible for the problem (that very squarely falls on Apple's shoulders), but I do think that it is only fair that the developers be given a chance to correct before it is made publich
3 replies 0 retweets 1 like -
Replying to @sgrif @ManishEarth
I don’t think it’s fair to keep users in the dark and unable to do anything to protect themselves
1 reply 0 retweets 2 likes
Replying to @hdevalence @ManishEarth
The fact that there was an easy user-actionable protection in this case is extremely rare, and was not known at the time that this went down.
3:45 PM - 29 Nov 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.