Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Security Expert Finds, Publicly Discloses Windows Kernel Bug

Posted by Soulskill on from the second-verse-same-as-the-first dept.

hypnosec writes "Security expert Tavis Ormandy has discovered a vulnerability in the Windows kernel which, when exploited, would allow an ordinary user to obtain administrative privileges of the system. Google's security pro posted the details of the vulnerability back in May through the Full Disclosure mailing list rather than reporting it to Microsoft first. He has now gone ahead and published a working exploit. This is not the first instance where Ormandy has opted for full disclosure without first informing the vendor of the affected software."

4 of 404 comments (clear)

  1. Target Microsoft by mrbluejello · · Score: 5, Interesting

    If it hadn't been Microsoft, Google may have been a bit more responsible about this, but since it makes their competitor look bad, time to forget about "do no evil".

  2. Full disclosure and open/closed source by intermodal · · Score: 5, Interesting

    The irony of the difference between closed source and open source is that while Ormandy has posted an exploit to this Windows bug, in the open-source world he potentially could have posted a fix too, considering he's the one who seems to understand the bug itself the best...

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
  3. aiding and abetting 8 computer fraud and abuse act by anthony_greer · · Score: 5, Interesting

    Can google and/or this guy be prosecuted for this because releasing the working demo is basically aiding and abetting a criminal

  4. Re: But not to give them a chance to correct it fi by wierd_w · · Score: 5, Interesting

    The nonsequitor there, is in asserting that because the whitehat hasn't disclosed his findings, that others haven't also independently found the hole, and been more mum about it.

    Which is more profitable for a person who makes their living by stealing company secrets, laundering money through wire fraud, or selling stolen identity information?

    Using an exploit that has been publicly discosed, and thus, everyone is super paranoid about it, and actively trying to plug it-- OR-- a nice little treasure trove of privately discovered exploits that aren't public knowledge that you can quiety switch to once the hole you are currently using gets discovered?

    "Saving face" for the company fascilitates the real blackhats by keeping admins and users ignorant of the threat.

    All public disclosure does is make real blackhat attackers silently move to their next vector, and cause a spike in script kid activities. (And of course, make the software vendor look bad.)