HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 48 guests and 1 member online
 
Advertisement

You are here: Home arrow Resourcesarrow News from the Outside Worldarrow Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'
EH-Net
May 21, 2013, 04:14:38 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'  (Read 2996 times)
0 Members and 1 Guest are viewing this topic.
Manu Zacharia (-M-)
Sr. Member
****
Offline Offline

Posts: 393


c0c0n Hacking Conference - where hackers unite


View Profile WWW
« on: July 11, 2010, 02:58:11 AM »
Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'

Quote
An anonymous group of security researchers last week published information about an unpatched Windows bug, saying that they were disclosing the vulnerability because of the way Microsoft treated a colleague.

Click here to continue reading.

More similar articles:

http://www.theregister.co.uk/2010/07/06/ms_spurned_research_collective/
http://www.computerworld.com/s/article/9178878/Angry_researchers_disclose_Windows_zero_day_bug

SANS has already published a poll which can be accessed here:


So what's your opinion?
Logged
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)˛, C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #1 on: July 11, 2010, 07:58:38 AM »
This comment from the Digg submission pretty much sums up my feelings:

Quote from: ichibanjay
So a group of people who want to call attention to themselves are willing to risk the security of millions of non-involved individuals, businesses, hospitals, emergency response, and government computers. All in part for their personal revenge. Nice.

All operating systems have security flaws. Arguably, the current regular update cycle (once a month) Microsoft has chosen is a compromise, as it allows IT professionals to prepare in advance to ensure their workstations remain compatible.

Understandably, Microsoft should not have dragged the Google employee into the PR battle as he was not doing the bug reporting as part of his job. But this group's reaction seems childish.

http://digg.com/security/Rogue_Security_Researchers_vs_Microsoft_Karma_Is_A_Bitch
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
yatz
Full Member
***
Offline Offline

Posts: 222


View Profile WWW
« Reply #2 on: July 12, 2010, 04:53:47 PM »
I saw this on HNN today and at first thought it was funny.  I just can't believe how out of hand this gets.


As a question to those here who are (self-proclaimed or otherwise) security researchers, how does it feel when you find a new bug?

Putting myself in their shoes, I would want to report it to the vendor immediately and I would expect them to cooperate.  With a vendor as large as Microsoft, I would think that cooperation within the bounds of established policies is enough to live with.  Releasing it right away seems prideful and petty.

It's like holding a very precious and fragile work of art.  Do you hold it carefully so it doesn't get stolen until it can be protected behind glass casing?  Or do you throw it on the mach pit of internet scum until it's dirtied and useless?  That's how it feels to me.
Logged
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #3 on: July 12, 2010, 05:19:00 PM »
Interesting.   I wonder if this is a one off thing, or there are going to be others "defending" Tavis Ormandy.   I don't think that we have the complete story on the vulnerability released by Tavis.  I gotta think that he didn't set out to release his code 5 days after contacting Microsoft, but freaked out when they couldn't agree on a time line 

One thing is clear, while there is cloud surrounding the Tavis Ormandy situation and some people view his code release as irresponsible, this incident certainly tops that on the list of asinine things to do.
Logged
~~~~~~~~~~~~~~
Ketchup
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.052 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.