Google going to new lows
June 9, 2013 Leave a comment
It seems some companies will go to new rock bottoms to kick the competition in the [computer] balls.
Google researcher Tavis Ormandy, who has had run-ins with Microsoft over vulnerability disclosure before, appears to be on course for a new one after publishing an exploit ahead of Microsoft releasing a patch for the flaw.
The exploit is for a vulnerability that affects a Windows kernel function in Windows 2000, XP, Vista and 7 and 8 as well as Windows Server 2003 and 2008. [Oddly the last two servers are not vulnerable but the client versions are.]
Note: It seems Microsoft have yet to correct the kernel problems. Seems every month there is a new patch to fix problems in the old one.
Unsure why Ormandy would publish details of the vulnerability except for one or more of the following reasons:
- He wants to make a name for himself.
- He despises Microsoft so much that he will do almost anything.
It is pure incompetence to publicize the vulnerability before a company has a chance to either respond and/or correct the problem.
Microsoft is expected to release an update in this week’s patches [June 10th] to fix the problem.
If Microsoft [or any other company] wanted to be childish and fling back some sewage, it wouldn’t be hard. Google’s Chrome browser was the second most vulnerable web browser of 2012 [according to Symantec and Secuna] – with Apple’s Safari top ranked. This is after Chrome was ranked number one for all browsers of 2011 [and more vulnerabilities than ALL Microsoft products combined in 2011 – according to GFI].
But just about every company out there wouldn’t be as incompetent as Google and Mr. Ormandy was by releasing the details early. Did Google bother releasing details of that Linux vulnerability that was unpatched for two years or the unpatched vulnerability in Apple’s OS for a while [search for Flashback]? Nope. Maybre Mr. Ormandy did it own his own, who knows.