Summary: A researcher has uncovered vulnerabilities in Microsoft’s PlayReady technology, which could allow unauthorized access to content on popular streaming platforms. The situation raises concerns about responsible disclosure practices and the effectiveness of bug bounty programs.
Threat Actor: Adam Gowdiak | Adam Gowdiak
Victim: Microsoft | Microsoft
Key Point :
- Gowdiak demonstrated how vulnerabilities in PlayReady could lead to unauthorized movie downloads.
- Microsoft initially dismissed the findings as implementation issues rather than vulnerabilities.
- After months of negotiation, Gowdiak chose to disclose his findings publicly to raise awareness.
- Experts emphasize the importance of coordinated disclosure and the potential pitfalls of bug bounty programs.
- The situation highlights the need for better communication and agreements between researchers and companies.
Source: https://www.securityweek.com/microsoft-drm-hacking-raises-questions-on-vulnerability-disclosures/