Seems like people didn't care for the new PC NVIDIA, Microslop, ARM teases several days ago?

Good.

#microsoft

lmao, what is this shitty response MSRC.

We do not need corporate yapping like that. Cybersec people are mostly fulled with engineers.

People do not care with "we see" the complain, we need action.

Say what you will do:
For example "ok, researcher can drop their PoC in a week, should we failed to give decision on what to do" or "okay, we will expand our work framework on both side, so people can treated equally".

Full transcript:
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously.

To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate.

We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them.

Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow.

The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.

#cybersecurity #infosec #drama #msrc #midnighteclipse

So recently, in India. There is a group of Ethical Hacker noticingly Nisarga Adhykari. Showing that India's CBSE exam system is really vulnerable.

The Indian goverment denied it is vulnerable, so Nisarga and his team showed many PoCs that it is vulnerable so freaking vulnerable. This one is the most noticable one for me,

For context: Central Board of Secondary Education (CBSE) is a national-level board of education in India for public and private schools, controlled and managed by the Government of India.

Nisarga writeup: https://ni5arga.com/blog/posts/hacking-cbse/

#cybersecurity #infosec #india #cbse #badapple #touhou

lmao, what is this shit?

credit: @jjacky on X

#meta #privacy

Anyone know where is the archive of presentation or recordings from Infosec Europe?

I can't find any archive in the internet.

#infosec #cybersecurity

You know why I love computer security?

This is why.

A big corpo fuck you up? Fuck them back.

While other field is just staggering with "uh, we need to do abcdefg first to make right what is in front of us"

Context: Security researcher are now contacting NightmareEclipse, and willingly to drop Windows product zero days they found in the name of solidarity.

#computersecurity #infosec #cybersec #activism #windows #zeroday

RE: https://infosec.exchange/@AmmarSpaces/116661375738658079

Looking at this, for better opsec. If you want to do things in pseudonym. Use a fresh account.

Don't just change your username, and delete your older tweet or post.

#opsec