• antlion@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      109
      arrow-down
      1
      ·
      8 months ago

      On the other hand, Gowdiak has not provided the technical details of his findings to Microsoft. The researcher is displeased with the way the tech giant handled his previous PlayReady vulnerability report, saying that his work was mostly ignored. Gowdiak claims Microsoft has now requested additional information on the findings, informing him that the research may be eligible for a bug bounty reward, but the researcher says at this point he is only willing to share the information with the vendor through a commercial agreement.

  • Rentlar@lemmy.ca
    link
    fedilink
    English
    arrow-up
    65
    arrow-down
    8
    ·
    8 months ago

    It’s hard not to laugh when “Microsoft Windows” and “secure” are in the same sentence.

  • Moonrise2473@feddit.it
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    2
    ·
    8 months ago

    The guy contacting the streaming services hoping to hit the jackpot with a bug bounty: they literally don’t care until it’s public, and when it’s public it’s a Microsoft problem.

    The only reason they’re using playready it’s to make happy the copyright trolls and being compliant with the content license. The streaming services they just choose a solution that does the job with the minimum amount of work and money.

    Seems like he wasted months for nothing. Next time try to do bug hunting on WordPress, it’s easier and more remunerative.

    • Moonrise2473@feddit.it
      link
      fedilink
      English
      arrow-up
      23
      ·
      8 months ago

      An exception might be nowTV from sky. Being copyright trolls themselves they would spend years in development to reinvent the wheel if there was a 0.1% to block pirates.

      In 2018 I was given a 6 months coupon for their service. I wasn’t able to watch a single minute:

      1. For Android, at the time it was available on just 5 whitelisted Samsung Galaxy S devices (of course with strong root checks)
      2. For windows it required to install Microsoft silverlight even if it was discontinued years before by Microsoft itself, giving users a big security issue (using a discontinued web plugin that has direct access to the os is not a good idea)
      3. Linux support was completely missing
      • thegreekgeek
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        Oh damn I forgot about silverlight. Only thing I used that was for some random Twitter client.

    • conciselyverbose@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      17
      ·
      8 months ago

      The streamers are the content owners.

      That’s why the market is so shit now. Because everyone who owns anything split into their own streaming service with 2 shows and 200 pieces of shit.

  • onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    15
    ·
    8 months ago

    “The new research embeds some potentially valuable IP / know-how, which we need to protect too,” Gowdiak said. “Finally, disclosure of our know-how / toolset to Microsoft might jeopardize our future projects targeting the Windows OS platform.”

    Amazing. He wants to protect hacking IP from Microsoft in order to continue hacking them. Suck it M$!

    DRM is defective by design anyway. Once the master keys are out, either a new one is used and all devices with old key baked in are useless, or they have to suck it and be pwned.

    Anti Commercial-AI license

  • AnAnonymous@lemm.ee
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    4
    ·
    edit-2
    8 months ago

    This is what happens when all the “ethical hacking” bullshit is trending…