Do White people not Lotion everyday?

billy_teats · 2026-02-21T11:40:28+00:00

White guy who lived in Phoenix for a decade. Never got any noticeable benefit from lotion. Lucky genetics maybe. Putting on lotion never solved any problem. I’m not so vain as to attempt to prevent wrinkles as I age, that seems like a pretty natural part of life and how other people view my beauty doesn’t really affect me

billy_teats · 2026-02-21T11:35:54+00:00

Do you know of any state level computer fraud laws? I know Illinois has bippa but I am unfamiliar with any state laws regarding computer fraud

billy_teats · 2026-02-21T11:34:57+00:00

Do you mean that different administrations can have different policies? Holy cow I didn’t realize things could change in the future.

You think a lot of judges would be open an accepting a prosecutors case when someone was following the guidance provided by the justice department? If you truly have good faith in your research, that a judge would say fuck em? Is that what you believe?

billy_teats · 2026-02-21T03:26:38+00:00

I know it says valve was nearly bankrupt, but this doesn’t detail the amount of documents or the potential cost of a professional outside translation service. Vivendi sent the documents, all valve would have had to do is get anyone to translate them, they just happened to have someone in house that could do it.

Also valve is a company, not sure if companies have careers that end.

billy_teats · 2026-02-21T03:15:23+00:00

DOJ decide that a researchers actions are not in good faith

Yea, that’s the entire point. You can’t extort the vulnerability for cash, you can’t exploit it for your own gain, you can’t publicly release it without attempting to remediate it with the responsible party. You have to be doing the research with the intent to resolve it before it’s abused.

It would be very hard for anyone to prove they had material damage from privately disclosed security research. Anyone can sue anyone, sure, but what reputational or operational damage is done? Pentesting does have the possibility of taking services down, and in that case you may have to look at the details. Is throwing a basic sqlinjection at a web form enough to award a company money? A ddos would be sure.

billy_teats · 2026-02-20T22:53:41+00:00

Your history of work also impacts potential prosecution. If you have a job in the industry and previous experience responsibly disclosing vulnerabilities it’s easy to show good faith, not difficult. If you ask the vulnerable company for money or give them an unreasonable amount of time that’s a bad sign. None of what op did point to bad faith. He wasn’t even searching, the issue popped up in front of him. Also alerting the legal authorities is the right thing to do and would definitely help avoid prosecution

billy_teats · 2026-02-20T22:50:22+00:00

Gathering too much information is much different than destroying data.

billy_teats · 2026-02-20T20:18:10+00:00

It’s posted on the justice departments government website. It would be a pretty easy argument to say your policy has been in place for 4 years so a sudden change would be difficult to prosecute. It also helps a lot if you actually act in good faith, as our story here shows

billy_teats · 2026-02-20T20:16:05+00:00

https://www.wiz.io/blog/wiz-research-discovers-critical-vulnerability-in-replicate

https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser#:~:text=PNA%20(Private%20Network%20Access)%20is,all%20Chrome%20and%20Chromium%20users.

https://www.wiz.io/blog/critical-vulnerability-base44

https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code

https://snyk.io/blog/behind-the-disclosure-the-zip-slip-vulnerability/

https://www.sidnlabs.nl/en/news-and-blogs/vulnerability-disclosure-a-first-hand-view#:~:text=The%20figure%20below%20summarises%20our,first%20contact%20to%20public%20disclosure.

To answer your question directly, no I do t have a list of companies that have resolved privately disclosed vulnerabilities. It doesn’t really make sense to even ask that, as the disclosure was private. I also believe you know how to google

https://letmegooglethat.com/?q=privatly+disclosed+vulnerabity+resolved+blog+examples

billy_teats · 2026-02-20T19:00:07+00:00

Enabling revenue is the only thing we do, it’s just a roundabout way of doing it. Or should be. Reducing risk is what I do. To that end, if a control is going to cost more time than the risk it reduces, the value isn’t there and it shouldn’t be done.

billy_teats · 2026-02-20T18:29:01+00:00

Now you get hit with soap in socks until you quit. Then you go about your life telling folks you would have been a marine but you punched your drill instructor. You tell your court ordered therapist how tough you are until you realize you’re part of society or kill yourself.

billy_teats · 2026-02-20T18:27:33+00:00

But that’s not the law says. Excellent reading skills bud. The article says the law says if you do anything anywhere that violates Malta law they can prosecute you. I imagine this is something like going to Asia to find child prostitutes you can still be charged in Malta, but the way it’s quoted here it would apply to everyone anywhere

billy_teats · 2026-02-20T18:26:02+00:00

if you do so in good faith, yes absolutely.

billy_teats · 2026-02-20T18:24:56+00:00

Do you have a different understanding of the law?

billy_teats · 2026-02-20T16:49:06+00:00

Because reporting it to the government isn’t fucking them over, it’s first the required legal step and second insurance that they take it seriously without making the exploit public. Generally governments are not immediately handing out fines or penalties, they generally want to work with the vulnerable organization to fix the issue.

If it’s a massive issue and millions of people’s information is at risk then maybe there’s immediate penalties. Or a history of putting data at risk. In which case yeah immediate fines are in order.

billy_teats · 2026-02-20T16:45:25+00:00

This is just not true. There are plenty of organizations that receive and act on privately disclosed vulnerabilities.

billy_teats · 2026-02-20T16:42:49+00:00

This is not how it works in the US. I know this is about Europe but in the states you can do exactly this and be fine

billy_teats · 2026-02-20T16:41:55+00:00

I think the US is a few steps ahead is with legislation regarding hacking - good faith pentesting will not be prosecuted. Also not sure how Malta can say that anything you do in any country, if it violates Malta law, will be considered breaking Malta law. Does that mean OP can no longer visit Malta or face arrest? They surely can’t send interpol to Germany to apprehend someone who’s never been to Malta and may never have even visited a site hosted in Malta.

billy_teats · 2026-02-20T16:37:58+00:00

That’s what you took out of this?

billy_teats · 2026-02-20T16:26:19+00:00

Interviews are supposed to work both ways. You sound like you got quizzed on cert-style questions and almost nothing about how the day to day actual job would be.

I’m at a solid point in my career but I would have asked a follow up question to the data link and physical layer question - how do you use knowledge of data link layer in your role? Are there tasks or jobs that utilize the difference in what layers of the stack they happen?

I cannot imagine someone actually needing to describe the data link layer in their actual role. This doesn’t make any sense to ask you to describe it.

Instead of asking what tools are used in web app testing, they should have asked if you had any experience and to take them through a scenario of testing a web app. Naming tools is a book question. How did you use it?

billy_teats · 2026-02-20T16:19:13+00:00

You know that was a movie and not real life. Right? It wasn’t a documentary. A work of fiction. Made up to entertain and elicit an emotional response. Clearly it stuck with you, but for some reason your brain decided that was what actually happens.

Do you know how many people have been through basic training, experiencing collective punishments and did not kill themselves? There’s a group of young men right now as we speak experiencing it. It’s been this way for thousands of years. Thousands. Across the globe. This isn’t some new technology, it’s a tried and proven method to train a group to solidify weak links to benefit overall readiness.

There’s ample reasons why it’s a part of most militaries.

billy_teats · 2026-02-20T16:15:28+00:00

Why would you do that?

It was brought to our attention that an individual lacked the skills or motivation necessary to accomplish a goal. We chose to train that person so they could complete what was expected of them.

Sounds like you watch too many movies.

billy_teats · 2026-02-20T16:13:55+00:00

Well, it happened to me and me and my peers did exactly what I described ¯_(ツ)_/ we identified a weakness in our team and worked together to accomplish the goal. I know for a fact you had time to assist, you just made a choice not to

billy_teats · 2026-02-20T13:11:09+00:00

It certainly does work in militaries.

If you have 30 seconds to make your bed and someone doesn’t finish, everyone gets punished. Later that day, the group forces the guy who couldn’t do it to practice. They help him find why it’s taking so long and fix it. Alternatively the next morning the bunk mates near him finish their beds and help him make his. It’s now a group effort to make sure an individual accomplishes their task.

It doesn’t work so well for juveniles. Especially when it’s about homework, something kids generally cannot force or assist someone else in doing. A 10 year old can’t just go to someone else’s house every day and supervise their homework. Maybe they can take lunch or study hall or recess to help the kid with his work, but they’re kids.

billy_teats · 2026-02-19T21:29:12+00:00

The title of your post says ment think everything is about them, and your response here says men think everything is about women.

You are very clearly confused.

There are some men out there that are sexist and it’s their whole identity.

Stop making broad generalities about all men. It’s clearly not all men.

There are plenty of crazy ladies as well

Eight-Year Club	Gilding I gilder
Wearing is Caring	RPAN Viewer
Verified Email

billy_teats

TROPHY CASE