Slashdot Mirror


Microsoft Spurned Researchers Release 0-Day

nk497 notes the news that a group of researchers calling themselves the Microsoft-Spurned Researcher Collective (the name is a play on Microsoft's Security Response Center) have come together to protest Microsoft's perceived heavy-handedness towards researchers who disclose security flaws. Pushed into action by the reception to the flaw disclosed by Tavis Ormandy, the group has released full details and exploit code for a previously unknown Windows local privilege escalation vulnerability. The advisory for the vulnerability, which affects Windows Vista and Windows Server 2008, contains the following manifesto: "Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective. MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."

3 of 246 comments (clear)

  1. All these internet "radicals" by countertrolling · · Score: 5, Funny

    No wonder the government wants an off switch...

    --
    For justice, we must go to Don Corleone
  2. vetting? by LordPhantom · · Score: 3, Funny

    FTA: Current MSRC Members (alphabetical order!): XX XXXXXX XXXX XXXXXXXX XXXXX XXX XXXXXXX XXXXXXX XXXXXX XXXXXXXXX XXXXX XXXXXXXX

    If you wish to responsibly disclose a vulnerability through full disclosure or want to join our team, fire off an email to: msrc- disclosure () hushmail com We do have a vetting process by the way, for any Microsoft employees trying to join ;-)


    I wonder how they are going to determine *that*......

  3. Re:So... by bberens · · Score: 3, Funny

    This is Slashdot, you're required to use a car analogy.
    It's more like someone finding out that if you plug in a 2nd generation iPod into a 1996 Civic LS with the upgraded stereo then it will cause a short and your car will explode into a fiery mess. Sure, some yahoo could run around plugging iPods into Civics, but generally I'd be happy to know of the potential danger.

    --
    Check out my lame java blog at www.javachopshop.com