Similar news- AV-Test Certification: Microsoft Security Essentials fails again
- Microsoft: security alerts released about faults in Chrome and Opera
- Microsoft Security Essentials : Beware of fakes!
- Microsoft Security Essentials: 30 million users
- Microsoft Security Essentials 2.0 available for download
- Internet Explorer : Microsoft corrects 10 security holes
- Microsoft reinforces Windows Live Hotmail’s security
- IE8: Microsoft late in correcting a security weakness?
- IE Security fault : Microsoft aware of problem since September 2009 !
- Security: Microsoft takes aim at Chrome and Firefox
Google engineer, Tavis Ormandy was recently a topic of conversation after having publically divulged a vulnerability affecting the Windows XP Help and Support service. On the 29th of June, Microsoft indicted that via this vulnerability more than 10 000 PC’s had been attacked around the world.
Microsoft was highly critical of Tavis Ormandy’s attitude, with the fact that he works for Google having surely enraged Microsoft even more, even if the researcher claims that he acted on his own.
Microsoft heavily criticized Tavis Ormandy, believing that he didn’t provide enough time for the corrective patch to be developed, with only four days’ notice being given before he publically divulged the information. Microsoft also underlined that creating a corrective patch is a complex problem as the roots of the issue have to be eliminated, and that Tavis Oramndy’s actions put the security of end users in danger.
Researchers become annoyed about full disclosure
Numerous colleagues of Tavis Ormandy are visibly upset by Microsoft’s treatment of the researcher. Under anonymous cover, they have created the Microsoft Spurned Researcher Collective, thumbing their nose at Microsoft’s official security group: Microsoft Security Response Centre.
The Microsoft Spurned Researcher Collective has promised to make Microsoft’s life difficult, as the computer researchers associated with this group have promised to publically divulge all vulnerabilities that they discover on their free time. The reprisals have already begun.
Fortunately, in some ways, the first release wasn’t critical, but this was nevertheless confirmed by both Secunia and VUPEN. The released security vulnerability was a 0-day vulnerability affecting Windows Vista and Windows 2008. By exploiting this fault, it is possible to create a denial of service attack and increase the attackers privileges on the affected machine, although only locally.
We now just need to see how far the Microsoft Spurned Researcher Collective is willing to take things. In any event, it appears that they are willing to throw in some provocative humour if we are to judge their work on a counter measure that they implemented which took aim at Microsoft: in the registry, go to the following key - HKCU\Microsoft\Windows\CurrentVersion\Security and change the OurJob Boolean value to False. This is a twisted way of saying that Microsoft didn’t do their job properly when it comes to security and vulnerabilities.
Post a comment
 Previous news
|
Next news 
|
|---|---|
| Firefox 4 beta version available for download | iTunes accounts hacked : Apple taking corrective measures |
June 19th, 2013 - 3:35 PM ET
Join now
Login
