Google researcher publishes unpatched Windows 8.1 security vulnerability

Discussion in 'other security issues & news' started by Minimalist, Dec 31, 2014.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,046
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    Surprisingly little reaction here to this. I would have thought such a potentially serious issue would have garnered a greater response here. Don't want to see it get buried.
     
  3. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Anyone running a UTM/NGFW is well protected from this..
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,046
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Their so-called explanation as to why 90 days wasn't enough says nothing of any consequence. 90 days is more than enough time.
    Rough translation of the Microsoft response:
    "Do it our way. What we want is all that matters."
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Some Vets here and elsewhere would surely recall when Google's Tavis Ormandy started throwing MS under the bus.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I generally agree with the 90 day deadline, but to suggest that they couldn't wait 92 days in this specific case is dumb. It's not like MS is asking for something out of the ordinary that the might not follow up on. Patch Tuesday has been a thing for over a decade.
     
  11. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Silly. MS asked for just 2 more days until Patch Tuesday...surely they could have been more flexible with the deadline. It would be justified if there was no planned fix from MS.
     
  12. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,046
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I bet Google doesn't expose every unfixed bug in their own software after 90 days. Quite a business model, spending money on finding bugs in others peoples products. They can claim whatever they want about this being for security, but this is basically a cutthroat form of marketing.
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,046
    I agree. It seems to me as bad marketing attempt on Google's side. It would be interesting to see Microsoft asking them to stop testing their software.
     
  19. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    From what I can tell the 90 day deadline is actually automated. The site they are using to publish and share this information with Microsoft on (Google code) will automatically reveal a hidden post after 90 days so there's really no exceptions for anyone, which is unfortunate.

    I also think Microsoft need to reassess the entire concept of "patch Tuesday" for the day we live in today, not the day we lived in 15 years ago. More resources should be dedicated to solving and testing security issues promptly, and pushing them out to end users when completed.
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,046
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,046
    As 0days get meaner, Google defenses increasingly outpace Microsoft
    http://arstechnica.com/security/201...ogle-defenses-increasingly-outpace-microsoft/
     
  22. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    That phrase it's like something that only the PR at Microsoft HQ could write. If 90 days are not enough for a company with 86 billions in revenue and 20 in net profits then, maybe, we should change the meaning of some words that describe the length of time in our dictionaries. The employees at Microsoft might be overworked or not enough to complete the job, but, please, Microsoft as a company has no excuses.
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,046
  24. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm no fan of MS or Apple by any means. IMO, they've been two of the most self serving corporations in existence, but Google is taking this to new extremes, creating an entire division dedicated to disassembling and finding flaws in competitors products. As I see it, this has very little to do with protecting users. This is sparing no expense to attack and damage competitors with zero concern for the collateral damage it does, especially to the consumers they're pretending to protect.
     
  25. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    IMO, good to see Google finding vulnerability in products other than theirs. This is all to the benefit of the users of those OSs.
    Would be nice to see Microsoft and Apple doing the same!
     
Loading...