Would like to know more here about whether this was responsibly disclosed and time given to the Zoom team to fix it. https://twitter.com/zackwhittaker/status/1245350371876315137 …
-
This Tweet is unavailable.
-
Replying to @argvee
Yes. Just because they are in the news doesn't make dropping 0-day in Techcrunch appropriate.
2 replies 4 retweets 31 likes -
Replying to @alexstamos @argvee
Disagree, it's a problem with the installation, and installations are spiking *now*, not in six months. Now is the time to make sure people are aware of the risks, good work
@patrickwardle. This is what real responsible disclosure looks like.5 replies 33 retweets 165 likes -
Replying to @taviso @alexstamos and
Releasing 0-days without bothering to contact the manufacturer themselves, only for a bit of fame during a worldwide pandemic. This is exactly why la ot of InfoSec people have such a terrible reputation of being narcissists...
1 reply 1 retweet 1 like -
Replying to @JeroenJacobs79 @alexstamos and
The only reason someone might want to warn people in danger is their own personal fame? Maybe you need to do some self examination here. Vulnerability disclosure is hard, frustrating and thankless work, literally nobody is in it for the fame.
1 reply 0 retweets 4 likes -
Replying to @taviso @alexstamos and
If you can't even bother to give them even 24 hours to fix a security issue before disclosing it publicly, well yes, I don't believe you are doing the users of that software a favour. It doesn't take much introspection to realise that...
2 replies 0 retweets 1 like -
Replying to @JeroenJacobs79 @alexstamos and
You'll have to walk me through your thought process. When I see someone in danger, my first thought is to warn them. Your first thought is keep it quiet and leave everyone at risk... for what reason, to protect the vendors business interests?
1 reply 0 retweets 2 likes -
Replying to @taviso @alexstamos and
End-users can't fix it themselves, they are at the mercy of the vendor. At least give them the time to issue an update and inform users to install the update. That's my thought process.
1 reply 0 retweets 0 likes -
Replying to @JeroenJacobs79 @taviso and
What do you expect users to do? You think they will suddenly uninstall their primary business communication tool and switch to competitor in few hours?
1 reply 0 retweets 0 likes -
Replying to @JeroenJacobs79 @taviso and
Tell me, why has Google a 90 days disclosure policy before they release vulnerabilities in public? What's the thought process behind that?
1 reply 0 retweets 0 likes
You need to calm down and think it through. People are vulnerable for a short window during installation, if you've already installed then you were either already compromised or not - no fix can change that. If you haven't installed obviously you can *wait* for a fixed installer.
-
-
Replying to @taviso @alexstamos and
Doesn't change the fact this causes panic for end-users without giving the vendor a chance to communicate this to their users. Especially at a moment where remote work is required, and not an option.
1 reply 0 retweets 0 likes -
Replying to @JeroenJacobs79 @alexstamos and
Think the attack through. The *only* people this affects are people who are *not* users yet. You're saying don't warn them, just put them at risk, we must protect the vendor? Most people want to hear about designs flaws in the products we use, you're in the minority here.
2 replies 0 retweets 3 likes - 22 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.