Angry researchers disclose Windows zero-day bug

Anonymous group claims Microsoft has hostile attitude, backs Google researcher

By , Computerworld |  Security, bug

An anonymous group of security researchers last week published information about an unpatched Windows bug, saying that they were disclosing the vulnerability because of the way Microsoft treated a colleague.

The flaw in Windows Vista and Server 2008 could be used by attackers to gain unauthorized access to a PC or cause it to crash.

Microsoft downplayed the threat, saying that the vulnerability required an attacker to have physical access to the computer or have compromised it with another exploit.

More intriguing than the vulnerability or its public disclosure -- both are commonplace with Windows -- was the declaration that began the message posted July 1 to the Full Disclosure security mailing list.

"Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft -Spurned Researcher Collective," the message read. "MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."

The name of the group is a poke at the Microsoft Security Response Center, the group responsible for investigating vulnerabilities, which also goes by the acronym (MSRC).

Tavis Ormandy is the Google security engineer who was at the center of a storm last month after he publicly disclosed a Windows vulnerability when Microsoft wouldn't commit to a patching deadline.

Ormandy's vulnerability was quickly put to use by hackers, who began launching attacks five days after he publicized the flaw. Last week, Microsoft claimed that it had tracked attacks on more than 10,000 computers since June 15.

While some security researchers criticized Ormandy for going public with the Microsoft vulnerability, others rose to his defense, calling out both Microsoft and the press -- including Computerworld for linking Ormandy to his employer, Google .


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question