"A 2FA bypass is not a bug because you'd need to know the username and password to use it"
uhhhhh folks what do you think 2FA is for?
@r000t also uh, wait… source?
@xerz HackerOne ticket I opened this morning.
I gotta give them props for the response time, but that's it.
@xerz iknorite?
They do offer a much larger bounty for anybody who can pop vgk.sys ("Vanguard"),
But at the same time, the exact same rubric says that "Logic flaw bugs leaking or bypassing significant security controls" in "Critical Riot infrastructure (game servers, services in the game loop, Riot accounts infrastructure)" pays between $1,000-$10,000. I got zero, and told that they won't even fix the problem.
So there very well could be bugs in Vanguard, that Riot refuses to admit are bugs
@xerz FWIW, any MDM/AD domain profiles I roll out, specifically block the big "anticheat" drivers.
I get to hide behind "opaque kernel blobs bad for security lmao" and the companies get to hide behind "don't play video games on work issued equipment"
@r000t this is the company which is confident about the rootkit they require you to install in order to play their games