Software firm's report of 'targeted attacks' comes two months after controversial disclosure in blog post
Microsoft says hackers have attacked some computers by exploiting a bug in Windows first disclosed two months ago by a Google researcher, who came under fire at the time for publicising the flaw without telling the software company first.
Microsoft provided few details about the attacks. In a statement on Tuesday, it said hackers had launched "targeted attacks," a term generally used by security experts to refer to cyber-attacks on corporate or government targets, with espionage and sabotage as the motive.
Google security engineer Tavis Ormandy's disclosure in May was controversial because he posted technical information on the web that described the bug in the Windows operating system, which some experts said could help malicious hackers launch attacks, before Microsoft had released software to fix it.
Microsoft officials declined to comment when asked if they believed Ormandy's disclosure of the vulnerability had led to the attacks.
Ormandy also lashed out at Microsoft in his blog posting, saying its security division was difficult to work with.
He advised other researchers to use pseudonyms and anonymous email when communicating with the firm.
"It leaves a slightly bad taste in the mouth to see somebody who is a Google security researcher have a pop at Microsoft," said Graham Cluley, an independent security researcher.
Ormandy was not available for comment. A Google spokesman said Ormandy's Windows project was personal and not related to his work for the company.
No comments:
Post a Comment