ChrisArchitect
[dupe] https://news.ycombinator.com/item?id=48492215
|
wilburTheDog
At what point does it become more sensible to black hat
these zero days? If the company you are helping out isn't
willing to give you more than the finger for your help it
seems like you're the fool in that arrangement.Feeling
grumpy today, I guess.
|
> tptacek
Nobody is buying this vulnerability. If you're unhappy
with how a bug bounty program is structured, you
should absolutely just post the vulnerability. That's
a longstanding norm.
|
> > strken
What makes a vulnerability saleable? Is this one
not valuable because the government clients of
someone like Memento Labs don't care about a MITM
attack on desktop computers?
|
> > > akerl_
Generally the vulnerabilities you can sell for
money are ones that somebody can easily use to
make money, as part of an existing
money-making scheme they have.If the vuln
can't be used to make money, or the way it
makes money requires that a criminal
enterprise make up a whole new set of
workflows, it's not going to have much of a
market.
|
> imglorp
After this disastrous AMD PR, many who find a new vuln
will be asking exactly that question. As a result of
that, many who are buying CPUs will know how seriously
AMD takes security and prompt, correct vuln
fixing.Once again, the AMD motto applies: they never
miss an opportunity to miss an opportunity.
|
> IncreasePosts
Pretty much never unless you live in a jurisdiction
that won't punish you or send you to the appropriate
people to be punished. If you're Russian and want to
never step foot out of Russia and only attack American
systems, you can do it.
|
zingababba
Post from researcher: https://mrbruh.com/amd2/
|