Any reason why not @Zerodium ?
MSRC is a giant joke- if they want to save money they just reject valid submissions without any reason. How can we take them serious when there are no rules- it is just however they feel like for any submission. They do not even come up with a reason.pic.twitter.com/0nBIdlUKF0
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Dude it’s kinda fair game if they have a mitigation upcoming and it works.
-
they do not- windows wil be vulnerable for the next 3 months minium. And even if they had I have another way to exploit it- but without them telling my why the fuck the first was rejected I risk wasting my time making it.
End of conversation
New conversation -
-
-
Yeah,Me too.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Why not just give it to ZDI or something
. -
Also not sure when it’s your job to continue to “protect the ecosystem”. Sounds like they just scammed you for the reported issue and gave you a typical corporate answer.
End of conversation
New conversation -
-
-
Right.
@msftsecresponse 's email looks like it was sent by bot instead of human. And when you reply to that email, you always get no response. Although there is one such sentence"If you have any question, please reply to this email" in their email.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
ZDI is not perfect: 1. Once I gave them full working exploit 2. They reject it as "already public" because I shared a video PoC with a unique, unlisted YouTube link. They promised that as far as they don't buy, it's like I never sent exploit. Actually they l00t the exploit.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.