Slashdot Mirror
Google Researcher Issues How-To On Attacking XP
theodp writes "A Google engineer Thursday published attack code that exploits a zero-day vulnerability in Windows XP, giving hackers a new way to hijack and infect systems with malware. But other security experts objected to the way the Google engineer disclosed the bug — just five days after it was reported to Microsoft — and said the move is more evidence of the ongoing, and increasingly public, war between the two giants."
Google, like Apple, is no longer any better/different than the companies they claim to be better than (from an ethical stand point).
That depends on how you look at it. It's not like this is the one and only zero day bug that has ever been found in a Microsoft product. Perhaps a bit of public embarrassment from a competitor will prompt Microsoft to do a few more checks on their code.
In the big scheme windows holes are so common that unless goggle is releasing 20 a day with quick and easy tools to help people use them this makes no difference at all.
Whatever it takes to damage Microsoft is okay with me. I've hated this company since the 80s - not because I randomly like to hate inanimate objects, but because Microsoft's products were 5-10 years behind what other companies like Apple, Atari, and Commodore were doing. MS == crap for a long long time.
And because Microsoft would do anything short of murder to "win" in the marketplace, such as stealing trade secrets, locking-out competitors products, or suing smaller companies in court until they went bankrupt (i.e. MS was patent trolling). It's about time MS received a dose of its own medicine.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
>>>"...without giving us time to resolve the issue..."
Oh well. It's no different than how you routinely acted in the 80s and 90s Mr. Microsoft. I guess people should "do as we say, not as we act" eh? It's okay for MS to act like an ass, wiping-out competition left and right, but not other companies to copy the MS Warbook. Hypocritical corporation.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Because he works for google and they will protect him, M$ can't use their massive amounts of money to sway him from talking or slap him with lawsuits....therefor the only thing to do is actually FIX THE BUG!....imagine we live in a world where when we tell a company their product is flawed and even offer a way to reproduce this bug, that they say thank you very much, and fix their product...right away....well I applaud his effort, and think that more people (from google) should all come out with these types of bugs to show that not only are we going to let everybody know about your bug and how to use it, but after giving you a small amount of time to fix it....so you might as well just swallow that pill, put on your coding caps and fix those bugs....
So many exploits come from M$ and have been around for so long that it is nice to see someone (other company) stand up for us and help bring about a safer web/internet for us to play in...
That's not true, only a few people use Linux or OS-X as their primary operating system...
Sorry, just because your arbitrary deadline has passed does not give you right to aid others in harming others computers.
Even the summary needs help here, I really get the impression of a bunch of immature know it all of which that developer who is one. Damn, if I didn't have to put up with this during with five year olds running around...
I warned you!!!! I warned you I was going to do it!!!! See its all your fault.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
If you didn't realize that windows was an insecure product, you get what you deserve.
The end users and admins punish themselves.
Im sure his hotfix and one man testing matches MS's extensive testing. Seriously, do you think any company would just release this fix immediately without serious testing?
I'm sure this was tongue in cheek. I'd safely bet there's a whole lot of "one man testing" that far exceeds MS's lack of testing based on these types of stories that keep coming out about MS's lack of quality control. After all, isn't MS the company known for selling software and letting their customers beta test it?
As for MS releasing the fix? How hard is it to test something when you've been pointed to the flaw, given all the test conditions, and the fix, and it's in a relatively small piece of code? Granted, the folks that wrote it are probably long gone....
The cesspool just got a check and balance.
So... they told Microsoft 5 days ago AND GAVE THEM A FIX...
There are roughly 500 million users running XP.
63% of all PC users globally. Operating System Market Share, PCs In-Use Reached nearly 1.2B in 2008
XP is backwards compatible with many programs written for MSDOS, Win 3.1 and Win 9x.
But protecting the installed base of small business and enterprise applications written for XP is truly misssion-critical for Microsoft. The patch must not break these apps.
It would be lunatic to blindly trust a patch from a competitor -
and it is Microsoft - not Google - that has thirty years experience in its core markets. That knows which apps are likely to break and why.
I'm sorry, but are you high? what is it with militant FLOSSies and fairy tale delusions? Yeah, because everyone is gonna throw away BILLIONS of dollars in proprietary software, many if not most of which like QuickBooks and Photoshop have NO real equivalent on Linux, get rid of years of experience for millions of dollars in retraining for an OS that won't do 1/20 of what they need it to do, just so they can kick MSFT in the nuts and go dancing through the flowers with RMS wearing togas. Get real!
For all those "Yay MSFT got pwned!" militants? Got news pal, this is YOUR ass as well! Don't care if you are running BSD, Linux, OSX, this is still YOUR ASS as well! Why? Because guess what Internet all those pwned machines is gonna be slowing down? Guess whose inboxes are gonna be getting a shitload more spam? Ooops, didn't think of that, did you?
So can we PLEASE quit the immature bullshit and the "They'll all switch to Linux!" fantasies and focus on the big picture? This asshole at Google, who BTW is a douchebag for releasing less than 5 days after telling them on patch Tuesday weekend, probably the worst weekend he could possibly pick, has just made ALL the Internet worse for ALL of us. Remember folks, zero days, no matter which OS, is bad for all of us, because we all use the Internet. The more zombies, the more botnets, the slower it becomes for us all.
So if you want to hate MSFT? Fine and dandy, I still think Bill Gates owes me an apology and a copy of Win2K Pro for WIndows ME, along with Ballmer owing me a heartfelt "I'm sorry" for Windows Vista (which I'll forgive because folks trying to get away from Vista boosted my profits by 30%!) but encouraging douchebaggery like this by going "Good for him!" is exactly the WRONG thing to do. The entire community needs to be saying loud and clear that the standard 90 day response should be stuck to, and anything less is irresponsible asshattery. Because this hurts us all folks, be you on Linux, BSD, OSX, or Windows.
ACs don't waste your time replying, your posts are never seen by me.