- atrielienz@lemmy.worldEnglish1 month
If the guy exposing the exploits is the be believed, they notified MS (or attempted to) and were ignored and then actively rebuffed. Then MS deleted the account (and the proof that this person actually reported these vulnerabilities/bugs).
Even if this person is lying I’m more likely to believe MS is the bad guy here. It seems like bullying to me. That and an attempt to mask the problems at the company because they have been getting a lot of bad press and are having trouble with the entirety of windows 11 which they forced on people and they keep breaking. The adoption rate of windows 11 being so bad also lends credence to what this person is claiming.
- 0x0@infosec.pubEnglish1 month
Microsoft has always been an evil company, but wow they are trying their hardest to reach Gates level of shit
- bamboo@lemmy.blahaj.zoneEnglish1 month
Microsoft has been mum on any details about these matters, so it’s hard to tell if the situation is about an uncooperative researcher who doesn’t follow standard disclosure rules or a company being difficult about security reports. Regardless, the move to ban Eclipse’s GitHub account makes for poor optics, as it is being heavily criticized, and ultimately achieves nothing for security, since the code is out there anyway.
Classic Streisand effect. Just two years ago Satya Nadella publicly announced they’re prioritizing security above all else, but now have nothing to say about these exploits and are trying to silence the researcher? Viewing from the sidelines, it did seem a bit reckless how Eclipse was dropping these as zero days, but Microsoft’s actions speak louder than words and they probably didn’t pay for the bounties.
- Bazoogle@lemmy.worldEnglish1 month
He also intentionally did it the day after patch Tuesday. July 14th is also Patch Tuesday. This is about retribution for him. How you view that is going to depend on your world view. I doubt any of us feel bad for Microsoft though XD
- kungen@feddit.nuEnglish1 month
And I fully believe it’d be some kind of justified retribution. The silence from Microslop’s side is deafening.
- 1 month
They most likely did something illegal or at least something that puts them on very shaky ground if they try to litigate. I am guessing there are multiple other people they fucked over and those people are not as ethical as this person. So they chose the blackhat path. I would treat any Windows device as a comprised device. It is possible that there are 20 other people, who are the best of the best security researchers, that were taking the low effort paycheck because it was a legal route that are now going to fuck Microsoft up. The non technical people who made the decision to stop paying out, did not fundamentally understand what they were doing. Mythos was just marketed as the best model for doing security research and they fell for it.