I'm really surprised, and disappointed, that Travis announced this publicly like... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tedivm on March 22, 2017 \| parent \| context \| favorite \| on: LastPass RCE vulnerability fixed I'm really surprised, and disappointed, that Travis announced this publicly like this. From my understanding the Google team has a policy of giving people time to patch the bug before announcing it. I know that the technical details weren't released by by confirming there is a zero day exploit he's making it more likely to be discovered and exploited. The responsible thing would have been to notify the vendor and apply the standard policy they have in place for disclosure.

libeclipse on March 22, 2017 | [–]

He announced it exists, though not what it is. Who knows, it might even spur some people to move away from LP.

sp332 on March 22, 2017 | | [–]

They fixed all 3 bugs already. https://mobile.twitter.com/taviso/status/844573211278794753 I'm not moving.

ryanlol on March 22, 2017 | [–]

I can confirm that there is unpatched exploitable vulnerabilities with high impact in the following software products:

Linux

OpenBSD

iOS

Windows

Google Chrome

Mozilla Firefox

Safari

Apache

nginx

openSSHd

bonzi buddy

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact