Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s importa…
I have 2 yubikeys and both are having the same GPG master key besides 3 subkeys for encrypting, signing and authentication, I can encrypt/decrypt and everything regarding gpg seems to be working fine, the problem is when I am trying to use…
I am planning to use a smartphone as a media player and maybe to read the occasional ebook or pdf.
If I were to turn off all connectivity, e.g., bluetooth, wifi, gps, then remove the sim card and/or put it in airplane mode, is there still…
In January 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). In this blog post, we will provide a technical analysis of a…
I’ve been doing a lot of bug bounties lately and although I’ve been gaining reputation and experience, I never seem to find XSS even in private programs. Items are always being reflected as HTML.
It seems unlikely that all of these compan…
Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard (CFG) from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change.
Mitigation Bypass Bo…
Updated September 10, 2018
The Servicing Criteria for Windows has transitioned to an official document and can be found at the link below. Microsoft thanks the members of the research community who provided feedback on the draft copy.
Microsoft Securit…
I was thinking about this earlier this morning and was wondering why websites and devices don’t offer fake logins for hackers? What I mean by that is that if a hacker finds out some of your details and tries to log in to a website (for exa…
In January, 2018, Microsoft published an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). In this blog post, we will provide a technical analysis of…
First, let me assure you that I have read a number of posts on the topic before asking this question, but I am still confused and would appreciate more insights.
So, here’s the premise:
There is a client application that authenticates t…
