I think I might shut down my Tor exit node. I don't think I support the project anymore.

Microsoft and OpenAI broke up — now they’re ready to fight. Microsoft AI CEO @mustafasuleyman tells me "the goal is to prove that we can become one of the top four labs in the world." Interview from me and deep analysis from @haydenfield 👇 theverge.com/ai-artificial-i…

Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them. Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow. The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.

This is how you de-escalate

Google Chrome is rolling out device-bound session credentials to all users. Session cookies get cryptographically tied to your device, so stolen cookies can't be replayed from a different machine. Attackers who exfiltrate your cookie database get nothing usable.

Been a while, but here’s mine: * I found out that I can use email certificate as a CA certificate on Windows; * MSRC wasn’t interested, thinking it’s Verisign problem; * I posted the issue to SecurityFocus; * Some guy stood up server with fake cert on the Internet; * Microsoft issued a patch. Also: it’s secure@microsoft.com because security@ was the campus guards.

🚨 MSPs don’t lack security data. They struggle to separate real threats from alert noise. 🛡️ @KaseyaCorp explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. ➡️ bleepingcomputer.com/news/se… #cybersecurity #sponsored