I haven’t not understood a meme so much in a while
Nightmare Scenario
Submitted 3 days ago by redsand@infosec.pub to memes@sopuli.xyz
https://infosec.pub/pictrs/image/4845e1c1-06b6-4c37-ab20-a28dbf9ba1f4.jpeg
Comments
Lojcs@piefed.social 3 days ago
plateee@piefed.social 3 days ago
I think it’s regarding a Microsoft security researcher who is on a hot streak for exploits.
https://www.darkreading.com/vulnerabilities-threats/nightmare-eclipse-microsoft-exploit-rogueplanet
bizarroland@lemmy.world 3 days ago
I haven’t followed your link yet, but this did remind me that the gossip about this is that Microsoft intentionally made these vulnerabilities for spying on people for governments, and he’s dropping all of the exploits on them, forcing them to have to patch them out.
Fortatech@gregtech.eu 3 days ago
I believe there are some dicks missing
redsand@infosec.pub 19 hours ago
I almost placed NIGHTMARE ECLIPSE where that last dong was erased but couldn’t get it to fit and be readable
atro_city@fedia.io 3 days ago
What am I missing? Corporate IT will stop using Windows?
redsand@infosec.pub 3 days ago
In some places yes. Bitlocker being backdoored is a big problem for insurance purposes alone.
atro_city@fedia.io 3 days ago
One can only hope that they actually see the light, but my bet is it would be way too expensive (in terms of money and willingness to retrain) to switch to Linux and they'll just shrug and continue. Hopefully I'm wrong.
possiblylinux127@lemmy.zip 3 days ago
The goods news is that it only impacts the Windows recovery environment
groet@feddit.org 3 days ago
Explanaiton: Microsoft (MSFT) has a bug bounty program. Meaning researchers that find security vulnerability in Microsoft products can send them to the Microsoft security team and get a money reward. However they use AI to look through the submissions and also get slammed by submissions from AI meaning many of the legitimate vulnerability researchers are very frustrated. Submissions get rejected because they are “not a vulnerability” but one month later Microsoft publishes a patch against the vulnerability without acknowledging the researcher.
NightmareEclipse is a … person … who is frustrated by this. And they have A LOT of really really bad vulnerabilities. Because Microsoft did not want to pay them they just release the previously unknown vulnerabilities to the public. No patches exist. The hackers and Microsoft learn about the vulnerability at the same time.
So far they have released ~10 vulnerabilities in one month and claim they have many more with some big drops apparently coming in July.
Because of this, of course Microsoft is getting a lot of shit from big corporations that are afraid they will get hit with some nasty cyber attacks because of Microsoft’s fuckup.
possiblylinux127@lemmy.zip 3 days ago
How much do you want to bet he found government backdoors
While I don’t have much evidence, I suspect they are being pressured into leaving it open
groet@feddit.org 2 days ago
The yellowkey vulnerability might be a backdoor. NightmareEclipse even speculated so in their publication.
Areldyb@lemmy.world 3 days ago
The much-feared July drops aren’t happening, or at least aren’t happening in July. Apparently whoever Eclipse is hasn’t been getting much sleep.
Quotes taken from deadeclipse666.blogspot.com which as far as I can tell is their actual blog.
groet@feddit.org 3 days ago
I feel like they are also doing some misdirection and spread false information. I am sure they are wanted by the FBI and NSA by now so not being predictable is safer.
redsand@infosec.pub 2 days ago
That’s very interesting. They haven’t dropped any RCEs and it very much sounds like they either have something ready or know exactly where to look so I’m still on the edge of my seat. This defiantly doesn’t seem over.