Re: Disturbing NVDA Remote Rumor: any ruth or verification?


jeremy <icu8it2@...>
 

I don't really have any opinions on weather or not Tyler S had malicious intent in the development of the remote AddOn, but I do think it'd be just a little weird for him to do such a thing, most especially for the rest of his contributions he's made towards other accessible projects.

I'd also point out that Tyler S wasn't the only one who assisted in the development of the Addon, something I didn't see mentioned in the fb post. As I recall, the development was carried out by two people, so if it does turn out that something weird is going on, I'd be looking at everyone, not just one dude who's done a hell of a lot for the accessible community.

Buddy Brannan wrote:

On a shared copy of the post, he posted a comment to the effect that the exploit was with NVDA itself, by sending a large amount of text through it all at once. I don't even know if he's on this list and can elaborate himself.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:27 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi,
Okay... I'd like to know where Tyler L is getting this information. Based on
that post, it appears someone may have told him what's up. I'm keeping an
eye on Twitter to find out what's up as well.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:10 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

This should work:
https://m.facebook.com/story.php?story_fbid=10210482594480519&id=1214464156&
refid=17&ref=m_notif&notif_t=feed_comment_reply&_ft_=top_level_post_id.10210
482594480519%3Atl_objid.10210482594480519%3Athid.1214464156%3A30606112949941
4%3A2%3A0%3A1477983599%3A-8014300897192678334&__tn__=%2As


--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:02 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at
least
one exploit where someone can crash a system, whether or not it is enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of
the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name













Join nvda@nvda.groups.io to automatically receive all group messages.