Proof that the verification problem is real!And @verygreen should turn over a private key to someone with an anonymous handle of @ggr because you say you know someone who knows someone at Tesla. Perhaps @JonMc would be a better option after all.
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
Proof that the verification problem is real!And @verygreen should turn over a private key to someone with an anonymous handle of @ggr because you say you know someone who knows someone at Tesla. Perhaps @JonMc would be a better option after all.
KbhAHUkN+od2MoHH5doC7ZGLdyroSi1DwShT11GjIAwIECrW2avrDfJkDhehiWm1
jU3LVQtT21VqgQMLzAYqGAQ64xsY7x+C/0cZRWO+TrlEdDBQqPkHtzsY4/lQ3MX/
8f2gS7EXJ5TinodI+EMZum13uq7zpH8Lht0k4DBs3LRNP2UMHLCtpnxTtT634zhT
Pjs+fCHe1Nddv+0eRP6B3va53hlWaWi9JHZxPINcNeyONX3IG+Bsdz1hr0r5W/L5
rZkvub5hjrvA501QiRvXEbavVbKfAvNu2y/aXoUF7eN7VyryxGICqTmsoK4/OmND
2hFlXZSbZqwdk/abU3OgYQ==
Tesla runs a bug bounty program. Tesla’s bug bounty program | Powered by Bugcrowd . If genuine, that's where it should be reported.
Of course I got them notified the second I found about this using the way outlined on their website, but it did not really lead to anything.
You would get the public key from your car, obviously, every car has it.
Anyway, I got contacted by Tesla security by email and they are claiming they never got my mail this time (though they did in the past), so they are looking into this.
Anyway, I got contacted by Tesla security by email and they are claiming they never got my mail this time (though they did in the past), so they are looking into this.
Last year I submitted a issue to Bugcrowd for Tesla's bounty program. They had it patched within roughly 12 hours and I was paid very promptly. I would say that the program worked great on all sides.
What's your point, though? @verygreen had contacted Tesla and for him it did not work out.
My point is that when Bugcrowd took the lead they were very fast and good.
Something is amiss
Wasnt there an incident when @wk057 found something in the firmware and posted an encrypted message on twitter at 3 am with someone at Tesla encrypting it in a matter of hours and contacted him? And that was about the new then 100D or something. I mean, how come that thing got so much attention in matter of hours and this, much more serious issue, is unanswered for MONTHS?!?!
Something is amiss
Well, we will never know, but anyone from IT knows that this is easily verifiable - check the logs and everything will be clear if an email was delivered, where was it delivered to, and what happened to that email since then.Tesla said they didn’t get verygreen’s email. Not sure if I believe that or not
Well, we will never know, but anyone from IT knows that this is easily verifiable - check the logs and everything will be clear if an email was delivered, where was it delivered to, and what happened to that email since then.
If in fact an email was received but "slipped through the cracks", the person who allowed that email to "slip through the cracks" should definitely be fired. This is much larger problem that Aaron using "discounts" in his email and getting canned for that. Here, we are talking about leaving the key the the house at the front door.
This is much larger problem that Aaron using "discounts" in his email and getting canned for that. Here, we are talking about leaving the key the the house at the front door.
Sadly it seems like a trend that the way to grab the attention of a tech company is to tweet at them or otherwise escalate via the media. Otherwise things slip through the crack. Tesla said they didn’t get verygreen’s email. Not sure if I believe that or not
Wasnt there an incident when @wk057 found something in the firmware and posted an encrypted message on twitter at 3 am with someone at Tesla encrypting it in a matter of hours and contacted him? And that was about the new then 100D or something. I mean, how come that thing got so much attention in matter of hours and this, much more serious issue, is unanswered for MONTHS?!?!
Something is amiss
Yes, yes, yes! That one! I mean, the mere possibility of leaking a new product got their attention and immediate response/retaliation but this - got nothing (at least at first). Seems that they are in contact with verygreen now.I believe he posted an easily decoded/crackable hash that almost anyone could figure out that led to the (previously un-announced) 100D logo/image. It was a thinly veiled way to release the information without actually releasing the information.
Immediately following that Tesla tried to downgrade his firmware without his permission.
(At least this is how I remember it, I might be a little off).
That may be a bit extreme. Since the key was for the map server, it may be more akin to letting someone swap your newspaper.
I believe he posted an easily decoded/crackable hash that almost anyone could figure out that led to the (previously un-announced) 100D logo/image. It was a thinly veiled way to release the information without actually releasing the information.
Immediately following that Tesla tried to downgrade his firmware without his permission.
(At least this is how I remember it, I might be a little off).
Security is no joke.