Posts

Showing posts with the label Security

MSRC: Ministry of Screwing Researchers (And Ignoring Big Fucking Holes)

Image
   I got a story for ya, fresh from the digital trenches, the land of bits, bytes, and bureaucratic bullshit. This ain't about some schmohawk trying to get a free toaster, no. This is about a guy, a professional mind you, who finds a gaping, bleeding wound in the side of the Microsoft behemoth – Teams, Skype, the whole goddamn shebang – and tries to tell the giant, "Hey, you're leaking vital fluids, and the sharks are circling!"   So, this fella, Piergiorgio (sounds like a Renaissance painter, but he’s painting with vulnerability code) he sends a nice little note on March 6th. "Hey, Microsoft," he says, real polite, "I found a couple of… let's call 'em 'oopsie-daisies' in your ICE server setup. Like, 'anyone can walk in and grab the keys to the kingdom' kind of oopsie. I'm withholding the exact recipe for disaster until we can have a grown-up, secure chat, maybe discuss a little 'thank you for saving your ass' bounty,...