Barney's Blog

Blog archive

Doug's Mailbag: Google's Whistle Blowing Too Loud?

Was it wrong for Google to publicly broadcast a Microsoft security hole? Here's what some of you think:

It was irresponsible for Google to tell people how to exploit the hole (if that is indeed what they did). It is also irresponsible for Microsoft to let a high vulnerability stand once they knew about it (if that is indeed what they did).

As I recall, the last time an XP vulnerability surfaced, you had to be on the local machine to exploit it. If this is the vulnerability to which you refer, it is not much of one if it cannot be exploited without sitting at the keyboard.

That said, Microsoft announced the upcoming retirement of Windows XP in 2007 after releasing Windows Vista. Users demanded that they extend the lifetime of XP. Microsoft responded with Windows XP SP3 and announced a retirement date for XP SP3 for April 2014. More likely than not, XP and SP4 will ship shortly before that date.

Since then Vista SP1, SP2 and (a much improved) Windows 7 has shipped. Users have had three years to prepare for the transition to the NT 6.x kernel.

There reaches a point at which it is unrealistic to expect Microsoft to continue to support Windows XP. If users are too lazy or too cheap to upgrade a nine-year-old OS, I just don't feel very sorry for them.
-Marc

If Microsoft knew about this flaw all along and did not fix it then I think they are almost criminally negligent and should be made to refund the cost of the software, as well as any costs associated with any damage caused by the flaw.

I applaud Google for exposing it so that it would be fixed. That this exposure has caused hackers to exploit the flaw should not surprise anyone.
-Anonymous

It appears that the fellow who exposed the flaw was working with a group of his peers within Google. Unless they are working totally off-the-clock and with NO Google resources (even a copy of a compiler or a notebook controlled by the company) I would qualify this as a Google-sponsored issue.

If that's the case and there is any damage done by hackers, I would go after Google because they allowed the programmer to go public with the information in a reckless way. Also, the employee should also be blameed because he is putting many people at risk.

I'm sure that Google would love to embarrass Microsoft any way they can, but putting thousands of people at risk in the process is corporate irresponsibility.
-Tom

Google is encouraging criminal behavior. Could it be prosecuted for conspiracy?
-Ken

Flaws should NOT be advertised so that hackers may exploit them. The owner of the software or platform should be notified so that they may fix it. Even if they do not, it is better not to tell the world that it exists. If you do tell, every hacker around the world can take a stab at it, if they so desire.

Sounds like Google wanted Microsoft to take a hit over this. I trust Google less than I trust Microsoft.
 -Bernie

I am one of those that think that all hackers should be taken out back and SHOT in the head.

Hacking should be a major felony, along with identity theft -- 10 years in federal prison, minimum.

I've been the recipient of these attacks.

Google should have told Microsoft about the problem with a phone call (not over the Internet).

Thanks Google. Stupid...
-Anonymous

Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on June 23, 2010


Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.