Hackers exploit flaw in 'silly Microsoft code' publicised by Google engineer
Latest updates to Windows 7 & 8 fixes vulnerability first identified by Tavis Ormandy
In the latest patch update for their Windows operating system, Microsoft have warned that hackers may have been actively exploiting a vulnerability made public by a Google engineer. It claimed that “targeted attacks” had been launched, taking advantage of the flaw.
The engineer in question, Tavis Ormandy, made the flaw public in a blog post back in May. Ormandy said that he didn’t have much time “to work on silly Microsoft code” but that “the bug is really nice”. The bug in question applies only to Windows 7 and Windows 8, allowing local users to increase their security privileges.
Many security experts criticized Ormandy for publishing the vulnerability rather than directly contacting Microsoft so that they could fix the software. In a previous blog post Ormandy said that Microsoft “treat vulnerability researchers with great hostility” and are “often very difficult to work with”.
Ormandy was so wary about speaking with Microsoft’s team that he advises those researchers that do contact them to do so “under a pseudonym, using tor [an anonymous browser] and anonymous email to protect yourself”.
The reporting of software vulnerabilities by non-affiliated software engineers is a common practice and Google employees especially seem to take a keen interest in this sport. In February of this year, it was revealed that more than half of the vulnerabilities addressed in Microsoft’s monthly software update (‘Patch Tuesday’) had been identified by engineers working for the search giant.
However, normal practice is to identify faults quietly and discretely, even if it's found in your competitors' code. Independent security specialist Graham Cluley has challenged Ormandy's actions, saying: "You have to ask yourself if the public disclosure of this vulnerability before Microsoft was ready to protect against it was really to the benefit of internet users."
"I’m not questioning Tavis Ormandy’s expertise at finding security holes, or his skills as a vulnerability researcher. There’s no doubt that he is extremely skilled in these departments. I just wish that Microsoft and Ormandy could find a way of working more reasonably with each other so that vulnerabilities can only be disclosed in a responsible fashion, once a patch is available."
Neither Ormandy nor Microsoft have offered any comment, but a Google spokesman made it clear that Ormandy’s time spent identifying Windows vulnerabilities was personal and not related to his work for the company.
Life & Style blogs
Rochester by-election: Ukip gains second MP as Tory defector Mark Reckless holds seat
'Beast of Bolsover' Dennis Skinner takes Ukip MP Mark Reckless to task moments after he is sworn in
Rochester by-election: Labour MP Emily Thornberry resigns after posting white van and England flags tweet
The young are the new poor: Sharp increase in number of under-25s living in poverty, while over-65s are better off than ever
Revealed: How the world gets rich – from privatising British public services
Exclusive: UK approved £7m Israeli arms sales in six months before Gaza conflict
- 1 Tamir Rice: 12-year-old boy playing with fake gun dies after being shot by Ohio police
- 2 To help fuel their propaganda machine against the poor, our government has now decided to redefine the word 'welfare'
- 3 Bill Cosby: Isn’t it obvious why his accusers have stayed silent up until now?
- 4 Halle Berry takes ex-boyfriend Gabriel Aubry to court for allegedly trying to make daughter look less African-American
- 5 Isis propaganda image showing 'abuse of Muslim woman by soldiers' is actually taken from Hungarian porn film
iJobs Gadgets & Tech
£26000 - £33000 per annum + benefits and bonus: Ashdown Group: PHP Developer (...
£18000 - £24000 per annum: Recruitment Genius: A Junior Software Developer is ...
£28000 per annum: Ashdown Group: PHP Web Developer - PHP MySQL JQuery HTML CSS...
£250 per day: Langley James : Network Engineer, NHS, CCNA, CCNP, West London £...