fsebugoutzone.org:9999

       Post AriFHFFGgAX2CejIsC by wdormann@infosec.exchange
 (DIR) More posts by wdormann@infosec.exchange
 (DIR) Post #AriFHCXwiGgppiRg4O by wdormann@infosec.exchange
       2025-02-25T20:22:25Z
       
       0 likes, 0 repeats
       
       Me to a major vendor, in a PGP-encrypted email (their request):Describes vul in their software.  Here&#39;s an animated GIF showing exploitation of the vul. Please let me know how I can get a large file to you so I can get the PoC to you.Vendor (in cleartext): Please send us a GIF and the PoC.Me: I already sent the GIF. Are you saying you didn&#39;t get it? Also, please tell me how to get a large file to you.Vendor: We have not received the GIF. Please send us a PoC.Me: table_fip.gifI fully understand why people go the full disclosure route.
       
 (DIR) Post #AriFHDGG3W8S39B48e by wdormann@infosec.exchange
       2025-02-26T21:48:54Z
       
       0 likes, 0 repeats
       
       A different vendor (Broadcom):We encourage finders to use encrypted communication channels to protect the confidentiality of vulnerability reports. Our PGP public key is available at the following link:The PGP key:
       
 (DIR) Post #AriFHE4b2MOwZGjGbI by wdormann@infosec.exchange
       2025-02-27T13:22:50Z
       
       0 likes, 0 repeats
       
       A yet-another large vendor, after having received the vulnerability report through the mechanism of their choice (PGP email):would be possible provide .zip attachment with password protected?
       
 (DIR) Post #AriFHEaV7jvEADekKW by wdormann@infosec.exchange
       2025-03-03T16:21:03Z
       
       0 likes, 0 repeats
       
       Another large vendor to me, after providing a working PoC to them:How can an attacker create this PoC?Me: I dunno, it comes to them in a dream, like with Mendeleev?How does this even matter?
       
 (DIR) Post #AriFHFFGgAX2CejIsC by wdormann@infosec.exchange
       2025-03-04T12:52:00Z
       
       0 likes, 0 repeats
       
       Me to Tend Micro ZDI:Trend Micro Antivirus fails to detect  viruses in a mounted VHD/VHDX file at all. You should probably fix this.Trend Micro ZDI:we are not interested in this vulnerability type.This truly is a thankless job.  🤦‍♂️
       
 (DIR) Post #AriFHG0PqsFIYsmxMW by Suiseiseki@freesoftwareextremist.com
       2025-03-04T13:41:52.353755Z
       
       0 likes, 0 repeats
       
       @wdormann &gt;Proprietary malware developers aren&#39;t interested in carrying out extra work detecting certain kinds of proprietary malware.Is that meant to be a surprise?