Would like to know more here about whether this was responsibly disclosed and time given to the Zoom team to fix it. https://twitter.com/zackwhittaker/status/1245350371876315137 …
-
This Tweet is unavailable.
-
Replying to @argvee
Yes. Just because they are in the news doesn't make dropping 0-day in Techcrunch appropriate.
2 replies 4 retweets 31 likes -
Replying to @alexstamos @argvee
Disagree, it's a problem with the installation, and installations are spiking *now*, not in six months. Now is the time to make sure people are aware of the risks, good work
@patrickwardle. This is what real responsible disclosure looks like.5 replies 33 retweets 165 likes -
Replying to @taviso @alexstamos and
People think that the responsible and responsible disclosure means that You have some sort of weird responsibility to the vendor when that is in fact not the case :)
6 replies 10 retweets 64 likes -
Replying to @daveaitel @taviso and
indeed. one's responsibility isn't to the vendor, it's to the users who would potentially become victims. the way to avoid that is to give the vendor as much of an advantage over attackers as possible
1 reply 0 retweets 1 like -
Replying to @imaguid @daveaitel and
^^^ this. And it's not always the case that telling the vendor first/privately is best for potential victims, but it often is.
1 reply 0 retweets 2 likes -
That is self-serving garbage, "The best way to help victims is to make sure they don't know we sold them a shoddy product", how convenient. As a consumer, I want to know if you sold me a lemon, so I can tell you what I expect you to do about it.
2 replies 0 retweets 4 likes -
A couple things: Lots of users have no idea how to assess security, which is half the lemon problem. They depend on vendors. Second, huge benefits to publishing vulns, w/details. The CVD bet is that it's net lower risk to give vendor (even Zoom) a head start.
1 reply 0 retweets 0 likes
I don't know how to assess mechanical problems in my car, I still want you to tell me about design flaws.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.