Google-Disclosed Hole Being Exploited

This is a discussion on Google-Disclosed Hole Being Exploited within the General Chat board part of the General category; Windows screwed hard because of its security issues. As posted on http://www.informationweek.com/blog/...disclosed.html Less than a week after Google security researcher ...

Results 1 to 2 of 2
  1. #1
    razathru's Avatar
    razathru is offline The not so evul DOC!

    Array
    Join Date
    Dec 2009
    Location
    Chennai
    Posts
    3,300
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    16
    Reputation
    1635

    Cool Google-Disclosed Hole Being Exploited

    Windows screwed hard because of its security issues.

    As posted on http://www.informationweek.com/blog/...disclosed.html



    Less than a week after Google security researcher Tavis Ormandy disclosed a security problem with the Windows Help application, attackers are exploiting the hole on Windows XP. Their work was simple since he provided proof-of-concept code.


    This is exactly the situation I feared would happen a few days ago, and it didn't take long for the bad guys to deliver. Sophos has seen an exploit in the wild. Microsoft has a emergency fix that disables the feature being exploited, and you may want to use it in your company.

    This harsh publicity has put Ormandy on the defensive; he recently tweeted, "I'm getting pretty tired of all the '5 days' hate mail. Those five days were spent trying to negotiate a fix within 60 days." That's in reference to earlier concerns Ormandy expressed about how slowly Microsoft was fixing bugs. If that's the case, why not just tell them they had 60 days before the exploit would be revealed, rather than five?

    Some of the commenters on my previous post seemed to blame Microsoft for this situation. I completely disagree. There is no way that Microsoft could reasonably respond to something like this in only five days. The "Windows is full of bugs" argument doesn't wash, either; every OS has its bugs. No responsible security researcher should be making a decision to release an exploit for an operating system without giving the OS maker a reasonable chance to respond. That's doubly true for a researcher employed by Google, a competitor to Microsoft.

  2. #2
    JrMn's Avatar
    JrMn is offline Master Hacker
    Array
    Join Date
    Feb 2010
    Location
    aim_b0n0 -> :P
    Posts
    608
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    7
    Reputation
    146
    Raz, I knew this over a month, it was great
    JrMn Only one JerMen of this kind. ^˙_˙^

Similar Threads

  1. Microsoft warns of 64-bit Windows 7 hole
    By Marik in forum General Chat
    Replies: 0
    Last Post: 05-24-2010, 11:07 AM
  2. How to use Let Me Google That For You.
    By Mads in forum Internet Guides
    Replies: 7
    Last Post: 10-04-2009, 08:14 PM
  3. Replies: 1
    Last Post: 02-28-2009, 01:46 PM
  4. Google?
    By n0p3n4p in forum Deutsch
    Replies: 14
    Last Post: 12-05-2008, 05:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •