hey @taviso: if i buy you some razer gear, would you rip up their little system tray icon software and see what nasty stuff it does? and its almost certain memory corruption problems? :D
-
-
Replying to @Viss @worldwise001
Holy moly, I just installed this. WHY IS CEF (chromium embedded) REMOTE DEBUGGING ENABLED AND LISTENING BY DEFAULT (!?!?!?!). I don't have any razer hardware to test, but they probably (like, *right now*) need to fix that.
6 replies 29 retweets 167 likes -
Replying to @taviso @worldwise001
haha i had suspected shouting would ensue :D
2 replies 0 retweets 31 likes -
Replying to @Viss @worldwise001
OK, well, I figured out how to get calc, I have to file a bug now
. Thanks a bunch
9 replies 5 retweets 49 likes -
Ryan Naraine Retweeted Matt Nelson
Someone else is also on the casehttps://twitter.com/enigma0x3/status/1073645356435484672?s=21 …
Ryan Naraine added,
1 reply 0 retweets 4 likes -
Replying to @ryanaraine @taviso and
good luck reporting it. Twitter has provided me 1 email address over there. Let’s hope he still works there. Let me know if you need it.
1 reply 0 retweets 4 likes -
Replying to @enigma0x3 @ryanaraine and
Thanks that would be helpful, I tried security@ and it bounced. I can't use hackerone, because they require you to agree to follow their policy before allowing you to submit it.
2 replies 0 retweets 6 likes -
Replying to @taviso @enigma0x3 and
Tavis - For public programs: "[you] acknowledge that you have read our Disclosure Guidelines". The ask is to read (implied: state where you disagree). Guidelines are intentionally non-binding. Your standard note of the report being subject to Project Zero's policy is excellent.
1 reply 0 retweets 3 likes -
Replying to @senorarroz @taviso and
If we've missed something in HackerOne's submission flow, please call out any blocking policy language and I'll get it fixed ASAP. Our intent is that public VDPs should have zero barriers.
1 reply 0 retweets 3 likes -
Replying to @senorarroz @taviso and
Maybe Noteworthy: We *do* require policy agreement for private bounties (assuming not applicable to you). Ignoring individual policies may void any stated safe harbor (also assuming not important to you). Every org disclosure policy differs, some are way better than others, sadly
2 replies 0 retweets 1 like
I see, thanks, I think that sounds okay! I will try it, I guess RCE is not in the scope they list, but perhaps it will reach someone who understands. 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.