Comment by thaumasiotes

1 month ago

> and the response was flow chart tech support with a "buy a webcam" cherry on top

I feel safe in saying that they don't want a video of you at your keyboard typing stuff. An exploit video is a recording of your screen, not of you.

Which, if any of the exploits require anything that isn't on-screen (USB or other HID, key combination), requires a reboot, or anything done before Windows has fully booted, means one must have an external camera

Doesn't sound like it for these exploits specifically (except Yellow Key), but I could be wrong, and again: that's just for these exploits specifically

  • > (USB or other HID, key combination)

    I don't think you'd need an external camera for that. What you're doing would be mentioned in the accompanying report.

    I do agree with you about the boot process, though.

    • I believe Hyper-V supports emulating TPM these days, so doing things to a VM and recording the desktop with the VM window _may_ work. In this case though it'd look very boring because you couldn't tell from the recording that anything happened.

    • Personally I'd think Microsoft would be cool with following the report instead of demanding video evidence in the first place, but silly me thinking the trillion dollar multi-national would be reasonable

  • I've used cheap HDMI to USB adapters for that in the past. Worked fine albeit somewhat low res. (Still much better than a camera pointed at a screen.)

  • >>> flow chart tech support with a "buy a webcam" cherry on top

    >> I feel safe in saying that they don't want a video of you at your keyboard typing stuff. An exploit video is a recording of your screen, not of you.

    > if any of the exploits require anything that isn't on-screen (USB or other HID, key combination), requires a reboot, or anything done before Windows has fully booted, means one must have an external camera

    That still wouldn't mean "buy a webcam" - if someone has had a mobile phone (smartphone or dumbphone) from recent decades, it likely had a camera included.

It feels like they’re trying put hurdles in front of you instead of getting info about repeatability of the vulnerability.