backtop


Print 32 comment(s) - last by Wombat_56.. on May 30 at 9:36 PM


Tavis Ormandy  (Source: flickr)
Tavis Ormandy said Microsoft is difficult to work with regarding these issues

A Google engineer has called Microsoft out on a recent security flaw in the Windows operating system, and even said that the Windows creator is hostile toward third-party vulnerability researchers.

Tavis Ormandy, a Google security engineer, exposed the flaw on Full Disclosure. The Microsoft vulnerability, which was in the Windows kernel driver "Win32k.sys," was featured in a Full Disclosure mailing list on May 17. 

Before that, Ormandy revealed the flaw on GitHub back in March in hopes of bringing other security researchers on board to investigate. 

Ormandy said on Full Disclosure, "I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation."

Ormandy posted on Full Disclosure yet again on Monday, saying "I have a working exploit that grants SYSTEM on all currently supported versions of Windows. Code is available on request to students from reputable schools."

Ormandy also insulted Microsoft on Full Disclosure, saying "As far as I can tell, this code is pre-NT (20+ years) old, so remember to thank the SDL for solving security and reminding us that old code doesn't need to be reviewed ;-)."

Microsoft has been annoyed with Ormandy for publicly discussing vulnerabilities before they could be patched. Microsoft prefers "responsible disclosure," where security experts are asked to report flaws privately to the company.

"Note that Microsoft treat[s] vulnerability researchers with great hostility, and are often very difficult to work with," said Ormandy. "I would advise only speaking to them under a pseudonym, using Tor and anonymous email to protect yourself."

Source: ComputerWorld



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Microsoft lol
By Argon18 on 5/23/2013 11:34:11 AM , Rating: -1
Finding a critical security flaw in Windows is like finding a grain of sand on the beach; it's so commonplace, it's hard not to. Why do people still use that crap?




RE: Microsoft lol
By EasyC on 5/23/2013 11:46:01 AM , Rating: 5
Apple has no security flaws, because it has no security. What a revolutionary, magical idea.


RE: Microsoft lol
By Cheesew1z69 on 5/23/2013 12:03:14 PM , Rating: 3
God, don't feed it! Ugh...


RE: Microsoft lol
By quiksilvr on 5/23/2013 12:43:01 PM , Rating: 2
RE: Microsoft lol
By Cheesew1z69 on 5/23/2013 1:00:52 PM , Rating: 1
lol


RE: Microsoft lol
By ipay on 5/23/2013 1:03:06 PM , Rating: 2
You don't pee on hospitality!


RE: Microsoft lol
By Argon18 on 5/23/13, Rating: -1
RE: Microsoft lol
By crispbp04 on 5/24/2013 9:40:55 AM , Rating: 1
Let's hear about your awesome technologically advanced life. Fill us in on your awesomeness. I want a full bio, educational background, employment history.. the works.


RE: Microsoft lol
By Apone on 5/23/2013 12:48:21 PM , Rating: 3
@ Argon18

You sure you want to open that door?

http://www.dailytech.com/Apples+OS+X+is+First+OS+t...

http://www.informationweek.com/security/vulnerabil...

http://www.zdnet.com/blog/security/apple-plugs-28-...

I could post more links but I'm sure you get point.

@ Cheesew1z69

Sorry, couldn't resist and I have to agree with EasyC; I'm not a MS fanboy but this type of security ignorance is disturbing.


RE: Microsoft lol
By Argon18 on 5/23/13, Rating: -1
RE: Microsoft lol
By Fleeb on 5/23/2013 6:10:02 PM , Rating: 2
quote:
Redmond Cheerleading squad makes

quote:
Sorry, couldn't resist and I have to agree with EasyC; I'm not a MS fanboy but this type of security ignorance is disturbing.


Funny what assumptions people make.


RE: Microsoft lol
By Apone on 5/23/2013 10:54:42 PM , Rating: 2
@ Argon18

quote:
Why do people still use that crap?


Because there's another large mass of ignorant, non-techy common folk "Average Joe" computer users who are fully aware of both Windows and OS X's security flaws and choose to use neither?

@ Fleeb

My apologies for the assumption, force of habit I guess, LOL.


"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki