Microsoft is ticking off a lot of researchers this week by claiming that those who dump proof-of-concept exploits for vulnerabilities they have not responsibly disclosed are enabling criminal activity, and that Microsoft will track them and bring cases against them.
Somehow Microslop is surprised that security researchers are unhappy after pissing on them regularly. Good that this is not my problem.
Yeah I’m gonna go ahead and just leave my windows machine powered off on
JuneJuly 14th.He said he likely wouldn’t be dropping anything til July, June should be “safe” (as safe as running windows is normally anyhow)
Whoops, thanks 🤣
Why June 14th?
Patch Tuesday. Gonna be some wild zero-days exploits dropping. Windows updates go live at 12p PST, fireworks to follow.
I got the month wrong, but because the guy that’s been steady dumping 0days is sounding like a school shooter on Microsoft support boards. An actual quote:
I might sound like crazy idiot who is whinning around but I have proof for every single word I said, I just can’t release it yet. Why ? Microsoft still has chains in my hands, it’s been like this for years and I just can’t stay silent anymore. I hope I can release the documents soon.
Mark this date July 14th, I will make sure your bones are shattered that day. Nothing will be released this June (or maybe I will release smtg, depending on circumstances).
To me it reads as English is not their first language and they’re using idioms that are more common in another language, but oh yes, they do sound extremely pissed off, either way.
It seems like, at least according to them, they had some kind of deal, for payment, worked out with MSFT, and then MSFT reneged on it and just pretended such deal never existed.
Deny delay defame playbook seems to have gone into effect basically instantly.
My absolute guess would be that this person is somebody who either had been previously jailed for some kind of cybercrime, or at least was under serious threat of that from some country… MSFT decided to ‘employ’ them, and then burn them.
So, beyond being pissed, they’re desperate. They were trying to go legit, be legit, and then MSFT fucked them. They mention that they will be homeless because of what MSFT has done.
Basically the plot of a fair number of cyberpunk stories, but well, that is where we are right now.
… either way, extremely, hilariously obvious at this point that the NSA has been calling a fair number of the shots at MSFT for a while now.
Sounds like someone who’s had enough to me.
That’s fuckin crazy.
Everything old is new again, I guess. Many companies have responsible disclosure processes and even bug bounties, directly because they got raked over the coals by security researchers in the early 2000’s and 2010’s. When someone can completely fuck your reputation by releasing direct proof of your failings, pissing them off is a pretty bad plan.
But, it would seem that all of the intelligence at Microsoft really is artificial these days.