Good, fuck them. They need to be taught a lesson.
Good, fuck them. They need to be taught a lesson.
Archive: https://archive.today/35ZO4
From the post:
>Updated: Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with the way the company handles security reports. Ammar Askar dropped a proof of concept (PoC) exploit for a Visual Studio Code (VS Code) flaw within just an hour of disclosing it to “an old contact” at the open source platform, according to his account of things. The vulnerability he exposed involves attackers configuring repos, either of their own making or those they have compromised separately, to push malicious VS Code extensions via its Workspace Recommendations feature, which then steal OAuth tokens they can then use to read/write public and private GitHub repos. It affects anyone who has ever used github.dev, a feature that allows users to open a GitHub repo in a browser-based version of VS Code.
Archive: https://archive.today/35ZO4
From the post:
>>Updated: Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with the way the company handles security reports.
Ammar Askar dropped a proof of concept (PoC) exploit for a Visual Studio Code (VS Code) flaw within just an hour of disclosing it to “an old contact” at the open source platform, according to his account of things.
The vulnerability he exposed involves attackers configuring repos, either of their own making or those they have compromised separately, to push malicious VS Code extensions via its Workspace Recommendations feature, which then steal OAuth tokens they can then use to read/write public and private GitHub repos.
It affects anyone who has ever used github.dev, a feature that allows users to open a GitHub repo in a browser-based version of VS Code.
Askar’s approach is reminiscent of a researcher who goes by Nightmare Eclipse, a suspected former Microsoft employee who has attracted a great deal of attention in recent weeks for leaking zero-days without informing Microsoft beforehand.
If I find anything of note I am not going to waste my time with the vendor. Fuck ethics. These cocksuckers sell my data and spy on me on behalf of the government or whoever pays them. That faggot that found the DNS leak thing made bank from it by blackmail but M$ won't fall for that again.
> Askar’s approach is reminiscent of a researcher who goes by Nightmare Eclipse, a suspected former Microsoft employee who has attracted a great deal of attention in recent weeks for leaking zero-days without informing Microsoft beforehand.
If I find anything of note I am not going to waste my time with the vendor. Fuck ethics. These cocksuckers sell my data and spy on me on behalf of the government or whoever pays them. That faggot that found the DNS leak thing made bank from it by blackmail but M$ won't fall for that again.
Ammar Askar
Let me guess:
Sandnigger used AI models trained for coding to search for vulnerabilities.
The AI found one.
He jumped in the air yelling he was gonna get rich.
Submitted a vulnerability report.
Got a reply that it's not worth money.
Got mad because no more bobs and vagene.
He decides to leak it as a form of retaliation.
> Ammar Askar
Let me guess:
* Sandnigger used AI models trained for coding to search for vulnerabilities.
* The AI found one.
* He jumped in the air yelling he was gonna get rich.
* Submitted a vulnerability report.
* Got a reply that it's not worth money.
* Got mad because no more bobs and vagene.
* He decides to leak it as a form of retaliation.
It could be that, but according to Nightmare Eclipse (deadeclipse666.blogspot.com) even if you are only trying to responsibly report something to Microsoft and ensure that they fix it they will arrogantly ignore you, defame you, delete the account you used to report the bug, delete your GitHub account (just to be jerks), eventually fix the bugs without crediting you, and sometimes without even putting out an advisory (deadeclipse666.blogspot.com). It all sounds like pajeet behavior, but it doesn’t matter. They’re doing security wrong.
If the software maintainers will not even acknowledge a vulnerability the responsible thing to do is alert the public so they can take their own measures to protect themselves.
It could be that, but according to [Nightmare Eclipse](https://deadeclipse666.blogspot.com/) even if you are only trying to responsibly report something to Microsoft and ensure that they fix it they will arrogantly ignore you, defame you, delete the account you used to report the bug, delete your GitHub account (just to be jerks), eventually fix the bugs without crediting you, and sometimes [without even putting out an advisory](https://deadeclipse666.blogspot.com/2026/05/were-doing-silent-patches-now-huh-also.html). It all sounds like pajeet behavior, but it doesn’t matter. They’re doing security wrong.
If the software maintainers will not even acknowledge a vulnerability the responsible thing to do is alert the public so they can take their own measures to protect themselves.
Agreed.
A pajeet got pajeeted by a Microsoft H1B DEI pajeet who will take credits for a vulnerability discovered by an AI.
Agreed.
A pajeet got pajeeted by a Microsoft H1B DEI pajeet who will take credits for a vulnerability discovered by an AI.
I don't disagree, but fuck microsoft, the faster they can be relegated to the internet wayback machine the better.
I don't disagree, but fuck microsoft, the faster they can be relegated to the internet wayback machine the better.