x404.co.uk
http://www.x404.co.uk/forum/

Google engineer publishes XP exploit
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=8898		 Page 1 of 1
Author:  bobbdobbs [ Wed Jun 16, 2010 10:44 am ]
Post subject:  Google engineer publishes XP exploit
clicky


Quote:
the exploit is a classic drive-by attack that only requires a Windows XP user to visit it.


Quote:
The flaw was first revealed by Tavis Ormandy, a security engineer at Google. He revealed the flaw only five days after reporting it to Microsoft. He said that he revealed the flaw because Microsoft would not commit to fixing the bug in 60 days, and even posted sample exploit code.


interesting action by a Google employee (was it sanctioned by Google?), are we going to see a new section at MS dedicated to finding and publishing exploits for Google products now?
Author:  l3v1ck [ Wed Jun 16, 2010 11:56 am ]
Post subject:  Re: Google engineer publishes XP exploit
That would be good in a way. If they know about bugs, they can fix them.
Author:  bobbdobbs [ Wed Jun 16, 2010 12:07 pm ]
Post subject:  Re: Google engineer publishes XP exploit
l3v1ck wrote:
That would be good in a way. If they know about bugs, they can fix them.


It would be if there wasnt all ready exploits out in the wild. Publishing after 5 days is just unbelievable.
Author:  l3v1ck [ Wed Jun 16, 2010 12:47 pm ]
Post subject:  Re: Google engineer publishes XP exploit
Yeah, he could have given them a month or so to fix it.
Author:  Nick [ Wed Jun 16, 2010 2:20 pm ]
Post subject:  Re: Google engineer publishes XP exploit
I agree.

Rather than just making it public after they don't agree to fix it within 60 days, he should have told them that if it isn't fixed within 60 days he will make it public.
Author:  big_D [ Thu Jun 17, 2010 6:37 am ]
Post subject:  Re: Google engineer publishes XP exploit
The tech podcasts were all over him last week, as was the tech press. Now, on Tuesday, they have been reporting that there is now an active exploit in the wild and people should use the Microsoft hot-fix - which basically kills the help system on Windows XP machines (it removes registry entries and you can delete / rename the affected DLL, but then no applications will be able to display help).
Author:  Amnesia10 [ Thu Jun 17, 2010 7:18 am ]
Post subject:  Re: Google engineer publishes XP exploit
bobbdobbs wrote:
Publishing after 5 days is just unbelievable.

And all because they would not commit to fixing within 60 days.
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/