body { -ms-overflow-style: scrollbar; overflow-y: scroll; overscroll-behavior-y: none; } .errorContainer { background-color: #FFF; color: #0F1419; max-width: 600px; margin: 0 auto; padding: 10%; font-family: Helvetica, sans-serif; font-size: 16px; } .errorButton { margin: 3em 0; } .errorButton a { background: #1DA1F2; border-radius: 2.5em; color: white; padding: 1em 2em; text-decoration: none; } .errorButton a:hover, .errorButton a:focus { background: rgb(26, 145, 218); } .errorFooter { color: #657786; font-size: 80%; line-height: 1.5; padding: 1em 0; } .errorFooter a, .errorFooter a:visited { color: #657786; text-decoration: none; padding-right: 1em; } .errorFooter a:hover, .errorFooter a:active { text-decoration: underline; } #placeholder, #react-root { display: none !important; } body { background-color: #FFF !important; }

JavaScript is not available.

We’ve detected that JavaScript is disabled in this browser. Please enable JavaScript or switch to a supported browser to continue using twitter.com. You can see a list of supported browsers in our Help Center.

Terms of Service Privacy Policy Cookie Policy Imprint Ads info © 2023 Twitter, Inc.

Conversation

TrendMicro accidentally left a remote debugging server running on all customer machines ¯\_(ツ)_/¯ #oops bugs.chromium.org/p/project-zero

4:10 PM · Mar 30, 2016

Replying to

Meanwhile, av-test awards TrendMicro a perfect 100% score for "protection against 0-day", so... sigh /cc

4

53

50

Show replies

@SecurityBerg

Stop. This was a totally standard disclosure.

1

Show replies

@SecurityBerg

No…. this is out of hand. Opened at 90 days. Patch may or may not be getting applied at 91.

Shrikanth Shankar

Replying to

we need an anti-anti-virus

4

17

Replying to

"it involves a 3rd party binary and it’s not our native code." Seems apropos:

Quote Tweet

You are responsible for the code you ship, not the code you wrote. Get confused and hackers will use your ownership to own what you shipped.

9

20

Replying to

I don't understand. You have a 90 day policy, they're updating in a few days, why are you pushing them like this?

2

1

2

Replying to

Your work clearly shows that AV vendors don't invest in (decent) security assessments. Do you think you will change that?

1

1