It's also quite the blame gymnastics. The code that enables the bad actors was written, published, and distributed at massive scale by Microsoft. The "crime" they are accusing the researcher of is telling the world about it.
It would be an interesting case if the defendant had good representation.
I’d love to see Microsoft try it on. The defence witnesses in any such trial are going to show up holding all kinds of receipts that Microsoft would prefer didn’t see the light of day.
Straight to jail for you, citizen. Distribution of 0day for lulz has been criminal since 2022. You're free to try and get away with it under any and all amendments. IANAL!
Responsible disclosure is a normalized process in the courts. Skipping it opens you to, at very minimum, a plethora of civil lawsuits, including any and all the damages that resulted from skipping it. The odds are very much not great that you'll be OK.
Re-read the beginning of the First Amendment, because it's such a common mistake that I'm surprised people still make it:
"Congress shall make no laws ... "
The first amendment bars the *government* from infringing on your free speech. It has zero standing or bearing on private citizens or corporations.
Which is why people crowing about it on social media or universities are completely oblivious to the fact that these organizations have absolutely zero responsibility to enable your free speech.
>Hang on.. proof of concept exploit creation and distribution for zero days is “criminal activity” now?
This is what happens when you jump the gun and publish without doing any research. The author needs to lookup how the CFAA works. Now, yesterday, and a decade ago, you couldn't just drop some exploit and walk away rambling about your rights. Dumpster fire takes are everywhere online.
> Hang on.. proof of concept exploit creation and distribution for zero days is “criminal activity” now?
Publicly publishing an exploit is so obviously First Amendment-protected activity that it’s almost tempting to want a test case.
It's also quite the blame gymnastics. The code that enables the bad actors was written, published, and distributed at massive scale by Microsoft. The "crime" they are accusing the researcher of is telling the world about it.
It would be an interesting case if the defendant had good representation.
I’d love to see Microsoft try it on. The defence witnesses in any such trial are going to show up holding all kinds of receipts that Microsoft would prefer didn’t see the light of day.
Straight to jail for you, citizen. Distribution of 0day for lulz has been criminal since 2022. You're free to try and get away with it under any and all amendments. IANAL!
https://krebsonsecurity.com/2022/06/what-counts-as-good-fait...
> Distribution of 0day for lulz has been criminal since 2022
Skimmed the article. Not seeing it support your claim.
Responsible disclosure is a normalized process in the courts. Skipping it opens you to, at very minimum, a plethora of civil lawsuits, including any and all the damages that resulted from skipping it. The odds are very much not great that you'll be OK.
Civil, sure. The dispute is over criminal jurisdiction.
Re-read the beginning of the First Amendment, because it's such a common mistake that I'm surprised people still make it:
"Congress shall make no laws ... "
The first amendment bars the *government* from infringing on your free speech. It has zero standing or bearing on private citizens or corporations.
Which is why people crowing about it on social media or universities are completely oblivious to the fact that these organizations have absolutely zero responsibility to enable your free speech.
Microsoft's blog is calling this criminal activity. They are threatening to bring in the government to go after this speech.
This is a first amendment issue.
>Hang on.. proof of concept exploit creation and distribution for zero days is “criminal activity” now?
This is what happens when you jump the gun and publish without doing any research. The author needs to lookup how the CFAA works. Now, yesterday, and a decade ago, you couldn't just drop some exploit and walk away rambling about your rights. Dumpster fire takes are everywhere online.
https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#C...
Those are some very bold legal threats considering their founder is an epstein associate.
Considering Bill hasn't been Microsoft CEO for only 2.6 decades, these things are probably directly related.
> Microsoft's stance on zero day exploits is a dumpster fire of their own making
The words "'s stance on zero day exploits" are unnecessary in the above sentence.