this post was submitted on 27 May 2026
885 points (99.2% liked)

Technology

85038 readers
3447 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
885
Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation (www.tomshardware.com)
submitted 4 days ago by throws_lemy@reddthat.com to c/technology@lemmy.world
137 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] someone@lemmy.today 11 points 3 days ago (2 children)

If she's going for maximum damage, I am surprised this person doesn't just announce when she's found a big exploit, and then just sell it to up to 10 people, and then announce in very vague terms what the exploits are. (Like, "just sold exploit for windows defender" or "just sold way to hack into bitlocker").

It seems like the vagueness of such things would make corporations more worried about being hacked and Microsoft could only guess as to what specific code was hacked, costing them greater resources.

Yes, it would be illegal, and therefore I hope she doesn't do that and recommend against it. But I am just surprised, given the level of anger, that she has been approaching things in a way that is so easy to patch.

Is her approach more damaging the way she's actually doing it?

[–] BJ_and_the_bear@lemmy.world 3 points 2 days ago

Would it actually be illegal? Im not a lawyer or anything, but im not sure what crime it would be. Using the exploit to hack someone would be illegal, but I cant see why developing and selling an exploit would be

[–] Jason2357@lemmy.ca 1 points 3 days ago (1 children)

Its a fine line between getting revenge on Microsoft and screwing over human beings that trusted them. I wouldn't be surprised if a bitlocker zero day got someone killed, given the number of people using it around the world.

[–] incompetent@programming.dev 3 points 2 days ago (2 children)

I wouldn't be surprised if a bitlocker zero day got someone killed

How would it get someone killed?

[–] Jason2357@lemmy.ca 4 points 2 days ago

Because people keep secrets on computers. You cave the combination of a tiny percentage of people who have secrets that are life threatening, and millions of people use bitlocker because its built into Windows. Its a tiny number times a huge number.

If I had to guess, that might include journalists who investigate authoritarian regimes, activists who keep their identity secret, and minorities who live in countries where their identity is a capital crime.

Then there are probably also governments who rely on bitlocker to secure the computers of people with state secrets like the identities of spies. Probably lots of other weird edge cases.

[–] miliponia@reddthat.com 1 points 2 days ago

Image a dissidents hard drive and break into it later when an exploit drops. Selling to an exploit broker is even worse sense the individual would never know how or if a government intelligence agency got all their personal data because they expect it do be secured.