{"uuid": "68577ce2-3c1c-42a6-9017-dc543ca5c04c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1385", "type": "seen", "source": "https://infosec.exchange/users/briankrebs/statuses/116663981709666679", "content": "This person has been a prolific bug finder for quite some time. Here's their public HackerOne profile: https://hackerone.com/halove23/hacktivity?type=user\nReading their Xitter timeline over the years is pretty interesting. They went from working w/ a lot of these bug bounty programs and giving MS time to fix stuff beyond the usual 90-day window to increasing frustration in dealing w/ vendors. I wish that were less of an common experience than it still is today, but some dynamics in this industry never seem to change.\nAlso just noticed something interesting. Back in 2019, MS was including hyperlinks to researchers in their advisories. In this advisory, they actually link to the researcher's shitposting Facebook profile, which has posts up until this month.\nhttps://www.facebook.com/com.android.vending\nhttps://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2019-1385", "creation_timestamp": "2026-05-30T14:24:53.250247Z"}