backtop


Print


Tavis Ormandy  (Source: flickr)
Tavis Ormandy said Microsoft is difficult to work with regarding these issues

A Google engineer has called Microsoft out on a recent security flaw in the Windows operating system, and even said that the Windows creator is hostile toward third-party vulnerability researchers.

Tavis Ormandy, a Google security engineer, exposed the flaw on Full Disclosure. The Microsoft vulnerability, which was in the Windows kernel driver "Win32k.sys," was featured in a Full Disclosure mailing list on May 17. 

Before that, Ormandy revealed the flaw on GitHub back in March in hopes of bringing other security researchers on board to investigate. 

Ormandy said on Full Disclosure, "I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation."

Ormandy posted on Full Disclosure yet again on Monday, saying "I have a working exploit that grants SYSTEM on all currently supported versions of Windows. Code is available on request to students from reputable schools."

Ormandy also insulted Microsoft on Full Disclosure, saying "As far as I can tell, this code is pre-NT (20+ years) old, so remember to thank the SDL for solving security and reminding us that old code doesn't need to be reviewed ;-)."

Microsoft has been annoyed with Ormandy for publicly discussing vulnerabilities before they could be patched. Microsoft prefers "responsible disclosure," where security experts are asked to report flaws privately to the company.

"Note that Microsoft treat[s] vulnerability researchers with great hostility, and are often very difficult to work with," said Ormandy. "I would advise only speaking to them under a pseudonym, using Tor and anonymous email to protect yourself."

Source: ComputerWorld





"Vista runs on Atom ... It's just no one uses it". -- Intel CEO Paul Otellini




Latest Blog Posts
Around the World
Saimin Nidarson - Feb 18, 2017, 5:48 AM
News of Future
Saimin Nidarson - Feb 17, 2017, 6:30 AM
Some News
Saimin Nidarson - Feb 14, 2017, 5:36 AM
What's New?
Saimin Nidarson - Feb 10, 2017, 6:15 AM
Unleashed News
Saimin Nidarson - Feb 9, 2017, 6:00 AM
Eye catching news
Saimin Nidarson - Feb 8, 2017, 6:16 AM
Some World News
Saimin Nidarson - Feb 7, 2017, 6:15 AM
Today’s news
Saimin Nidarson - Feb 6, 2017, 10:11 AM
Some News
Saimin Nidarson - Feb 5, 2017, 7:27 AM
Notes and News
Saimin Nidarson - Feb 4, 2017, 5:53 AM
World News
Saimin Nidarson - Feb 3, 2017, 5:30 AM
Gadget News
Saimin Nidarson - Feb 2, 2017, 7:00 AM
News Around The World.
Saimin Nidarson - Feb 1, 2017, 7:20 AM
Some News
Saimin Nidarson - Jan 31, 2017, 7:57 AM
Tips of Today
Saimin Nidarson - Jan 30, 2017, 6:53 AM
What is new?
Saimin Nidarson - Jan 29, 2017, 6:26 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki