← Back to context

Comment by embedding-shape

1 month ago

Is there any public word from Microsoft about what is going on here? Why would both Microsoft and Gitlab ban the user? I thought both platforms allowed hosting exploits and security research as long as everything is clearly marked up-front, I'm guessing some rules were broken?

Well if it’s a full disk encryption exploit that still requires hardware access I imagine it would have been made for a 3-letter govt org or something

  • The fde encryption exploit is only for volumes that auto decrypt anyway. So it's a know (accepted) that the model doesn't really try to avoid.

    You guys need to stop reaching for conspiracy

Some of the exploits are suspected to be intentional govt backdoors. It is easy to see why Gitlab would ban the user, given that they can be secretly subpoenad as any other US or allied entity.

[flagged]

  • If a government agency wanted to sweep this under the rug, don’t you think they’d just pay the bounties for the guy instead of giving him more ammunition for his crusade?

    I think it’s more likely that the guy is just being as abusive to these services as the quotes in the article where he’s talking about crushing their bones

    • >you think they’d just pay the bounties for the guy instead of giving him more ammunition for his crusade?

      It seldom pays to presume competence.

  • I'm not a BitLocker user or expert, but I thought I'd read that if you used a BitLocker PIN, the exploit didn't work. If the gov't asked MSFT to deploy an exploit, wouldn't they make it work PINlessly?

  • There's zero proof it's an intentional backdoor, it's just FUD spread by the exploit author which is probably not helping his case and may be reason for his ban.

    Microsoft doesn't need to put in a backdoor on disk because they can make payloads that'll pass the TPM and not need a single trace on the disk.