Cybersecurity

10034 readers

207 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 3 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Microsoft’s incident response is getting a failing grade from researchers (databreaches.net)

submitted 21 hours ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works

10 comments fedilink hide all child comments

Microsoft is ticking off a lot of researchers this week by claiming that those who dump proof-of-concept exploits for vulnerabilities they have not responsibly disclosed are enabling criminal activity, and that Microsoft will track them and bring cases against them.

you are viewing a single comment's thread
view the rest of the comments

[–] DrMartinu@lemmy.dbzer0.com 6 points 17 hours ago* (last edited 17 hours ago) (3 children)

I got the month wrong, but because the guy that's been steady dumping 0days is sounding like a school shooter on Microsoft support boards. An actual quote:

I might sound like crazy idiot who is whinning around but I have proof for every single word I said, I just can't release it yet. Why ? Microsoft still has chains in my hands, it's been like this for years and I just can't stay silent anymore. I hope I can release the documents soon.

Mark this date July 14th, I will make sure your bones are shattered that day. Nothing will be released this June (or maybe I will release smtg, depending on circumstances).

[–] sp3ctr4l@lemmy.dbzer0.com 1 points 1 hour ago

To me it reads as English is not their first language and they're using idioms that are more common in another language, but oh yes, they do sound extremely pissed off, either way.

It seems like, at least according to them, they had some kind of deal, for payment, worked out with MSFT, and then MSFT reneged on it and just pretended such deal never existed.

Deny delay defame playbook seems to have gone into effect basically instantly.

My absolute guess would be that this person is somebody who either had been previously jailed for some kind of cybercrime, or at least was under serious threat of that from some country... MSFT decided to 'employ' them, and then burn them.

So, beyond being pissed, they're desperate. They were trying to go legit, be legit, and then MSFT fucked them. They mention that they will be homeless because of what MSFT has done.

Basically the plot of a fair number of cyberpunk stories, but well, that is where we are right now.

... either way, extremely, hilariously obvious at this point that the NSA has been calling a fair number of the shots at MSFT for a while now.

[–] Ixoid@aussie.zone 1 points 1 hour ago

Sounds like someone who's had enough to me.

[–] Vendetta9076@sh.itjust.works 2 points 14 hours ago

That's fuckin crazy.