1. Which mods/admins were being Power Tripping Bastards?

Snoopy

  1. What sanction did they impose (e.g. community ban, instance ban, removed comment)?

Community ban

  1. Provide a screenshot of the relevant modlog entry (don’t de-obfuscate mod names).

  1. Provide a screenshot and explanation of the cause of the sanction (e.g. the post/ comment that was removed, or got you banned).

I woke up to suddenly being banned with a dm that was misgendering me. It appears the real reason I was banned was due to fact I was critical of Piefed’s recent actions.

Snoopy has no evidence that “I personally released the exploits into the wild" It was actually @yogthos@lemmy.ml who did the deed. I’m not technically enough to be pull it off, nor do I want to.

  1. Explain why you think it’s unfair and how you would like the situation to be remedied.

Hopefully unbanned and unblocked.

  • TechLich@lemmy.world
    41·
    22 hours ago

    This, assumes the vendor acts in good faith

    Responsible disclosure does not assume the vendor acts in good faith. Usually the disclosure period is around 90 days before the vulnerability is released, fixed or not (although this is negotiable with a good faith vendor).

    Forks etc. could have been informed privately first too if possible.

    amateurs now have access to tools they should not, and WILL forgo proper standardized communication channels to disclose issues

    This is not a good argument. Undisclosed zero days in the wild have always been part of the threat model. Amateurs with LLMs or not, a large percentage of vulnerabilities are not disclosed responsibly and are only fixed after damage has been done. Putting people and their personal information at risk because you want to make a point about the dangers of zero days (which everyone is already aware of) is woefully unethical.

    Not everyone is privileged enough to afford security courses, and standardized education.

    That doesn’t mean we should abandon these things. The vendor can report the CVE too. Or anyone else with an interest in it. It doesn’t have to be the untrained amateur grey hat asking Claude for vulns. A malicious threat actor exploiting a system doesn’t report it either. The community benefits from skilled people handling things properly. Pretending that it doesn’t because most people don’t have those skills is silly.

    • alapakala@quokk.auEnglish
      11·
      13 hours ago

      Responsible disclosure does not assume the vendor acts in good faith.

      You’ve never been sued then.

      Putting people and their personal information at risk because you want to make a point about the dangers of zero days (which everyone is already aware of) is woefully unethical.
      Undisclosed zero days in the wild have always been part of the threat model.
      a large percentage of vulnerabilities are not disclosed responsibly and are only fixed after damage has been done.
      This is not a good argument.

      Hopefully I don’t need to demonstrate how this also isn’t an argument that doesn’t hold itself.

      The community benefits from skilled people handling things properly.
      A [skilled] malicious threat actor exploiting a system doesn’t report it either.

      And unskilled people now have access to skilled tools that doesn’t handle things properly…. It’s not an argument people’s personal information is already at risk. It’s an argument that the tools people now have access do not properly handle things. Maybe teach the people that developed claude mythos how to Mitre & CVE responsibly ╮(︶▽︶)╭