.

Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'

<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Sun Jul 11, 2010 2:58 am

Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'

Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'

An anonymous group of security researchers last week published information about an unpatched Windows bug, saying that they were disclosing the vulnerability because of the way Microsoft treated a colleague.


Click here to continue reading.

More similar articles:

http://www.theregister.co.uk/2010/07/06 ... ollective/
http://www.computerworld.com/s/article/ ... ro_day_bug

SANS has already published a poll which can be accessed here:


So what's your opinion?
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Jul 11, 2010 7:58 am

Re: Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'

This comment from the Digg submission pretty much sums up my feelings:

ichibanjay wrote:So a group of people who want to call attention to themselves are willing to risk the security of millions of non-involved individuals, businesses, hospitals, emergency response, and government computers. All in part for their personal revenge. Nice.

All operating systems have security flaws. Arguably, the current regular update cycle (once a month) Microsoft has chosen is a compromise, as it allows IT professionals to prepare in advance to ensure their workstations remain compatible.

Understandably, Microsoft should not have dragged the Google employee into the PR battle as he was not doing the bug reporting as part of his job. But this group's reaction seems childish.


http://digg.com/security/Rogue_Security ... Is_A_Bitch
The day you stop learning is the day you start becoming obsolete.
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Mon Jul 12, 2010 4:53 pm

Re: Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'

I saw this on HNN today and at first thought it was funny.  I just can't believe how out of hand this gets.


As a question to those here who are (self-proclaimed or otherwise) security researchers, how does it feel when you find a new bug?

Putting myself in their shoes, I would want to report it to the vendor immediately and I would expect them to cooperate.  With a vendor as large as Microsoft, I would think that cooperation within the bounds of established policies is enough to live with.  Releasing it right away seems prideful and petty.

It's like holding a very precious and fragile work of art.  Do you hold it carefully so it doesn't get stolen until it can be protected behind glass casing?  Or do you throw it on the mach pit of internet scum until it's dirtied and useless?  That's how it feels to me.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jul 12, 2010 5:19 pm

Re: Researchers Go Anonymous, Form 'Microsoft-Spurned Researcher Collective'

Interesting.  I wonder if this is a one off thing, or there are going to be others "defending" Tavis Ormandy.  I don't think that we have the complete story on the vulnerability released by Tavis.  I gotta think that he didn't set out to release his code 5 days after contacting Microsoft, but freaked out when they couldn't agree on a time line 

One thing is clear, while there is cloud surrounding the Tavis Ormandy situation and some people view his code release as irresponsible, this incident certainly tops that on the list of asinine things to do.
~~~~~~~~~~~~~~
Ketchup

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software