Hacker News new | ask | show | jobs
by zamadatix 2448 days ago
I'm surprised the number of people on HN that assume Microsoft's security group involved in actively trying to find malware by running unknown programs has absolutely 0 precautions that one of the programs they run would be malicious.
2 comments
opencl 2448 days ago
Microsoft does not exactly have the best track record with this.

https://bugs.chromium.org/p/project-zero/issues/detail?id=12...

link
zamadatix 2448 days ago
In what way is "had a RCE CVE" a track record that "Microsoft's security group involved in actively trying to find malware by running unknown programs has absolutely 0 precautions that one of the programs they run would be malicious."

I'm not talking about invulnerable software I'm talking about the comments assuming Microsoft doesn't expect __malware testing servers__ to run scanning or DDOS malware.

link
samus 2447 days ago
Depends on the definition of "malicious". Breaking hard drives and other hardware like in the good ol' days, or attacking other Microsoft servers? I agree, totally their problem. This is a proof of concept of phoning home though, possibly to exfiltrate data, via Microsoft servers and IP ranges!
link