[Zenbit_UX]

Pretty bold to advocate for blackhat behavior on one of the most schoolboy vanilla places on the internet, but I can't say I necessarily disagree with your sentiment, big tech needs a lesson but is this really the vulnerability we want? 115 million DAU on teams...

The amount of damage the NSA or some other state sponsored actor could do with this... It would be very bad to say the least. How bad depends on which state acquires it.

If a script kiddy got it they would likely do a mass randomware infection, hospitals would get hit, people would die. Millions in crypto would be lost to unencrypted wallets found on the vulnerable machines (yes people do that..), this could cause some to lose their life savings... People have commit suicide for less.

My point is its important to look past FAANG being cheap and look at 2nd and 3rd order effects from something this powerful and widespread.

[woodruffw]

Governments around the world already regularly trade in exploits that are as or more severe than this one.

That isn’t to advocate for brokering to a government, just to say that the market already exists and contains comparable exploits. It’s only a matter of time until we see the next EternalBlue to WannaCry lifecycle.

[mistrial9]

> look at 2nd and 3rd order effects .. which FOSS engineers have spent their lives on, while FAANG acumulates patent and SSL money across international borders? forcing TEAMS kool-aid with surveillance built-in, down your desktop with the help of C-Suite and their attorneys?

[corty]

The ethical thing to do is immediate full disclosure, not selling it and not this (ir)responsible disclosure crap.