Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 27-Feb-2025 07:09:18 JST Will Dormann

Me to a major vendor, in a PGP-encrypted email (their request):
Describes vul in their software. Here's an animated GIF showing exploitation of the vul. Please let me know how I can get a large file to you so I can get the PoC to you.
Vendor (in cleartext): Please send us a GIF and the PoC.
Me: I already sent the GIF. Are you saying you didn't get it? Also, please tell me how to get a large file to you.
Vendor: We have not received the GIF. Please send us a PoC.
Me: table_fip.gif
I fully understand why people go the full disclosure route.
In conversation about 2 months ago from infosec.exchange permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  http://PoC.Me/
- Embed this notice
  Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 27-Feb-2025 07:09:18 JST Will Dormann
  in reply to
  
  A different vendor (Broadcom):
  We encourage finders to use encrypted communication channels to protect the confidentiality of vulnerability reports. Our PGP public key is available at the following link:
  The PGP key:
  In conversation about 2 months ago permalink
  Attachments
  1. Thunderbird found the following key for symantec.psirt@broadcom.com. The following key cannot be used, unless you obtain an update. O0x603CDEDA46E98449 - created on 1/20/2020 Fingerprint: FEA8 C7F7 CC25 FE73 86BB 0A47 603C DEDA 46E9 8449 This key was previously accepted but expired on 1/20/2024. Discover Public Keys Online... Import Public Keys From File...
    https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/072/388/359/779/554/original/d9341f638380b157.png
- Embed this notice
  Will Dormann (wdormann@infosec.exchange)'s status on Tuesday, 04-Mar-2025 22:41:55 JST Will Dormann
  in reply to
  
  Me to Tend Micro ZDI:
  Trend Micro Antivirus fails to detect viruses in a mounted VHD/VHDX file at all. You should probably fix this.
  Trend Micro ZDI:
  we are not interested in this vulnerability type.
  This truly is a thankless job. 🤦♂️
  In conversation about 2 months ago permalink
  Attachments
  1. Machine with Trend Micro Maximum Security antivirus allowing a virus that Trend Micro detects to execute from a mounted VHD.
    https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/104/248/601/577/337/original/fd6ad88b347569d5.png
- Embed this notice
  翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 04-Mar-2025 22:41:55 JST 翠星石
  in reply to
  
  @wdormann >Proprietary malware developers aren't interested in carrying out extra work detecting certain kinds of proprietary malware.
  Is that meant to be a surprise?
  
  In conversation about 2 months ago permalink
- Embed this notice
  Will Dormann (wdormann@infosec.exchange)'s status on Tuesday, 04-Mar-2025 22:41:56 JST Will Dormann
  in reply to
  
  A yet-another large vendor, after having received the vulnerability report through the mechanism of their choice (PGP email):
  would be possible provide .zip attachment with password protected?
  In conversation about 2 months ago permalink
  Attachments
  1. confused reaction GIF
- Embed this notice
  Will Dormann (wdormann@infosec.exchange)'s status on Tuesday, 04-Mar-2025 22:41:56 JST Will Dormann
  in reply to
  
  Another large vendor to me, after providing a working PoC to them:
  How can an attacker create this PoC?
  Me: I dunno, it comes to them in a dream, like with Mendeleev?
  How does this even matter?
  
  In conversation about 2 months ago permalink
  
  scriptjunkie repeated this.

Public

Conversation

Notices

Feeds