lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: ge at (Gadi Evron)
Subject: To anybody who's offended by my disclosure

Hi Rafel. 'Sup?

> What i am saying is, it is now who codes the software, it is how you do.
> (if i was not in a job working frame, i would publishing things that will
> cause you all to say its shit)
> FireFox team claimed its an old bug.bla bla bla.and has no problem and no
> security risk...bla bla bla... and didn't fix it after 4 month...
> Just like MS when they are not even commercial, than what they are? on the
> way to making be the second size'd market share browser.

What does Mozilla and MS have to do with the guy? Yes, he seems like a 
nice guy who knows what he is doing.. but that's where it ends.

He might do things differently usually, or in the future, but he didn't 
in this case, at least as far as I see it.

He did not just release, hold back or notify the vendor - he just sends 
things out with claims of semi-world-domination and 
"you'll-pay-for-ignoring-me" - and then.. blames people for braking GPL 
when they mis-use his "creations" or "findings" if you prefer.

Give me a break.

I think both him and myself now reached an understanding of what the 
other guy was trying to say.

Your claims of "I WOULD HAVE RELEASED IF I DIDN'T WORK HERE" sound just 
as vain. Release or be quiet.
Nobody's perfect - not MS or Mozilla. Let's leave the MS sucks debate to 
other threads.



Or in other words, Rafel: "I am working for a company now, so I can go 
out and act like an idiot." :)

You should add some "the opinions expressed in the email message are not 
necessarily those of my employer" or the like.. I doubt Finjan needs the 
bad publicity among the security community of one of their researchers 
saying this kind of behaviour is "COOL".


Powered by blists - more mailing lists