A few days ago, we reported about a controversial disclosure of an exploitable vulnerability that affects Windows XP and Windows Server 2003. Google engineer Tavis Ormandy had alerted Microsoft of the problem and then just five days later published an advisory detailing the bug, even though no patch had been distributed by Microsoft for the problem.
Ormandy was heavily criticized for ... [ read the full article ]
Please read the original article before posting your comments.
The guy who released the code is a serious bitch, who cares about how long Microsoft took to fix the vulnerability at least we know they will get it fixed, its not like they don't have anything else to do lus they already want to drop support for it. Now this idiot has exposed a vast amount of xp users to it which could have been prevent had he not released it with detail. No excuse that was just wrong.
That is just the thing; microsoft leaves a lot of security holes open for years and years while hackers know about the holes; they patch the easy ones, but the hard ones don't even get fixed for the service packs; in fact some of the security holes in windows 7 have been there since windows 2000, and some even go back to NT4! At least my making a big, public spectacle of the problem, he has forced microsoft to fix the problem...oh wait, it still isn't fixed; they just released a tool to disable features until they fix them...and it isn't even an automatic update. Microsoft should spend less time blaming the person who reported the problem and more time fixing the problem!
Originally posted by KillerBug: "at least we know they will get it fixed"
That is just the thing; microsoft leaves a lot of security holes open for years and years while hackers know about the holes; they patch the easy ones, but the hard ones don't even get fixed for the service packs; in fact some of the security holes in windows 7 have been there since windows 2000, and some even go back to NT4! At least my making a big, public spectacle of the problem, he has forced microsoft to fix the problem...oh wait, it still isn't fixed; they just released a tool to disable features until they fix them...and it isn't even an automatic update. Microsoft should spend less time blaming the person who reported the problem and more time fixing the problem!
Asked you the last time you commented on these security holes, which security hole are you referring to that's been around since NT debuted that still affects Windows 7?
Originally posted by KillerBug: "at least we know they will get it fixed"
That is just the thing; microsoft leaves a lot of security holes open for years and years while hackers know about the holes; they patch the easy ones, but the hard ones don't even get fixed for the service packs; in fact some of the security holes in windows 7 have been there since windows 2000, and some even go back to NT4! At least my making a big, public spectacle of the problem, he has forced microsoft to fix the problem...oh wait, it still isn't fixed; they just released a tool to disable features until they fix them...and it isn't even an automatic update. Microsoft should spend less time blaming the person who reported the problem and more time fixing the problem!
Asked you the last time you commented on these security holes, which security hole are you referring to that's been around since NT debuted that still affects Windows 7?
Exactly....please elaborate with facts, or STFU.
MS doesn't make a habit of not patching known security holes, and there are zero NT to W7 cross platform exploits that I'm aware of (that aren't patched), and I've worked in the PC Security industry (Independant analyst/tester).
I think you're just a "bash MS" bandwagon rider myself, willing to float whatever rumor suits your fancy, without ever explaining them.
Sure...everyone knows Windows is a security nightmare, I'll just drop this made up (but plausible sounding) post out there, all the other wagon jumpers will surely line up to rattle the cages even more, and nobody will ever be the wiser...right?
Wrong...this sh!t is getting old really fast. Normal PC users trying to make a name for themselves on forums by being all blustery and flying the bash flag higher than the others. Maybe all of the others will think you're a cool geeky type because you post claims that all the other wagoneers will roll with gleefully without question, but those in the know are sick of this cr@p and are gonna start calling you on this.
Despite what you think, the entire security industry will think this guy is in the wrong by releasing exploit data before a proper fix can be released. The only thing he's "forcing" is the criminals...to exploit as much as they can before a patch is released thru WU.
Now, go burn up Google search trying to find something that can back up your "claims" and get back to us ASAP.
