Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/112040042626401636">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 05-Mar-2024 08:36:59 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/112027038989119814" rel="in-reply-to">in reply to</a></div></section><article><p><a href="https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/" rel="nofollow noreferrer">https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/</a></p><p>Ars has a good look at this one.</p><p>My take - it may well have been a bunch of technical work to fix the vulnerability, absolutely. But Microsoft can afford to resource this stuff - it’s one of the most profitable companies on earth, and they end to end own and create 100% of the code.</p><p>To again repeat one plea for vulnerability researches - publish public timelines on blogs about disclosures. It would create visibility of how long fixes take, and encourage accountability.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2783000#notice-5531778">In conversation</a><time datetime="2024-03-05T08:36:59+09:00" title="Tuesday, 05-Mar-2024 08:36:59 JST">about a year ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/112040042626401636" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/112040042626401636">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1361005">Untitled attachment</a></label><br></li><li><article><header><div>Domain not in remote thumbnail source whitelist: cdn.arstechnica.net</div><h5><a href="https://arstechnica.com/ars/">ars | Ars Technica</a></h5><div></div></header><div>Serving the Technologist for more than a decade. IT news, reviews, and analysis.</div><footer></footer></article></li><li><article><header><img height="100" width="125" src="https://gnusocial.jp/thumbnail/2335462?w=125&amp;h=100"><h5><a href="https://www.vinebeat.com/">VineBeat</a></h5><div> from <span>VineBeat</span></div></header><div>VineBeat - We create and invent the future</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 05-Mar-2024 08:36:59 JST Kevin Beaumont
in reply to
https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/
Ars has a good look at this one.
My take - it may well have been a bunch of technical work to fix the vulnerability, absolutely. But Microsoft can afford to resource this stuff - it’s one of the most profitable companies on earth, and they end to end own and create 100% of the code.
To again repeat one plea for vulnerability researches - publish public timelines on blogs about disclosures. It would create visibility of how long fixes take, and encourage accountability.
In conversationabout a year ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment
2. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
  ars | Ars Technica
  Serving the Technologist for more than a decade. IT news, reviews, and analysis.
3. VineBeat™
  from VineBeat
  VineBeat - We create and invent the future

Public

Embed Notice

HTML Code

Corresponding Notice