AA

Two wrongs make numerous other wrongs.

Tom's Hardware: Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation https://www.tomshardware.com/tech-industry/cyber-security/microsofts-github-bans-security-researcher-who-posted-zero-day-windows-exploits-because-company-ruined-their-life-expert-claims-action-is-vindictive-and-promises-further-retaliation @tomshardware #Microsoft #GitHub #infosec #Windows #zeroday

Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation

"I will make sure your bones are shattered [on July 14]"

Tom's Hardware
May 27 at 2:09pmWeb
Show threadEpic Null5d ago

@AAKL @tomshardware July 14. 90 days.

That sounds like respecting the legal contract, but having disclosed something massive to Microsoft...

Show threadPatrick5d ago
@AAKL @tomshardware I get it, I'm sure most everyone has day-dreamed comeuppance on someone(or company) that wronged you....but yeah two wrongs do not make a right. Not the way to handle the situation.
Show threadzaicurity5d ago
@AAKL @tomshardware I remember a researcher complaining heavily on Twitter about Microsoft not paying multiple bounties years ago (before Twitter became the shit hole is today). I wonder if it’s the same guy. The type of vulns/exploits would fit imho.
Show threadAdriaan4d ago
@zaicurity @AAKL @tomshardware It does feel a lot like polarbear/sandboxescaper (at least that's the vibe i'm getting not saying that it is)
Show threadAA4d ago
@adriaan @zaicurity @tomshardware I don’t know who it is. But he’s been giving Microsoft a headache 😅 for some time. Supposedly, it’s a revenge tour.
Show threadzaicurity4d ago
@adriaan @AAKL @tomshardware I’m thinking of someone else and his old posts are still up. Not going to throw up a name based on a hunch though. While searching around I found some other people who had similar frustrations with Microsoft’s bug bounty, though. They sure know how to piss people off.
Show threadWill Dormann4d ago

@zaicurity @adriaan @AAKL @tomshardware

They sure know how to piss people off.

This is a fact. My most recent interaction with MSRC was to report a vulnerability that was clearly explained in a single sentence. Their response? We need a video POC (proof of concept) on how the said vulnerability is being exploited.

Without the above information we are unable to make progress on this report.

Show threadAA4d ago
@zaicurity @adriaan @tomshardware If Microsoft wants to bury its head in the sand every time there's a vulnerability (there are a lot of them,) at least it shouldn't treat people so obnoxiously.