The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea Maybe their new LLM forgot to remove the code before shipping a new production version.
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea this is what you get when you do disk encryption without user input
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
I already went through the hassle of configuring my laptop to get secure boot and encryption on my Windows and Linux partitions, and then I learned the NTFS encryption key gets automatically submitted to Microsoft so decrypting it is as easy as stealing my Outlook account. I'm yet to rekey my hard drive with a local-only key, as I fear I'd have to format and reinstall. Does this exploit make local-only keys equally unsafe, too? -
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea This would be pretty serious if BitLocker was a security feature, not a user annoyance one.
-
@kallisti @0xabad1dea well by asking Microsoft nicely for the decryption keys they store in plain text among account data on their server of course
(fck microsoft) -
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea To be honest, I had a Huawei phone for a long time, because I trust the human rights record of the PRC more than I trust the US tech companies.
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea MS has been known - from the start with their first windows versions that they distribute beta versions that come with bugs galore. The user/customer then hands in all those problematic situations which (with luck) get repaired and updated every other day. Those repair updates will happen as long as the version is distributed and only stop when there is a new and "better" version... again, of course, beta, full of bugs.
Microsoft customers are used to being used as beta testers. -
@0xabad1dea To be honest, I had a Huawei phone for a long time, because I trust the human rights record of the PRC more than I trust the US tech companies.
@rrb Well you got a point there. At least it wouldn't be worse than a US tech phone @0xabad1dea
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea oh I'm sure if was the merest accidental oversight and that they're very very sorry and feel so foolish now.
-
@rrb Well you got a point there. At least it wouldn't be worse than a US tech phone @0xabad1dea
@energisch_ @0xabad1dea and I don't live in China, so their ability to mess with me is limited
-
@energisch_ @0xabad1dea and I don't live in China, so their ability to mess with me is limited
@rrb exactly! @0xabad1dea
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea Kind of ironic that this is posted on github!!
-
@0xabad1dea Kind of ironic that this is posted on github!!
@pa27 that's why I was quick to download it
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea How did they come by the content of these files?
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea There's also about 20 MB of other files.
-
@0xabad1dea There's also about 20 MB of other files.
@jernej__s they're just empty log files (a header plus megabytes of zeroes), presumably because if they're missing entirely, something errors out before the flag gets processed
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.
another win 10 w!!!!!!!!!!!!!!!! -
@rrb exactly! @0xabad1dea
@energisch_ @0xabad1dea And this is unrelated to a former student of mine working on security for Huawei, because another student is managing security for Microsoft
-
RE: https://cyberplace.social/@GossiTheDog/116565662607962457
The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…
The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant
@0xabad1dea I feel certain that FileVault also has some kind of magic bypass. Either of the ‘haha nobody will ever discover the arcane incantation needed to put this developer test mode’ or more likely requested by a three letter agency.
