Get a Pentest and security assessment of your IT network.

Cyber Security

Does Google Have a Double Standard on Full Disclosure?

Google s Tavis Ormandy published a vulnerability in the hcp protocol handler. It allows the attacker to run arbitrary commands as the user. In practice it created a lot of alerts and warnings for me but the XP install I was using is somewhat locked down. Later his reports says it works around the alerts (I couldn t reproduce that, but that was his intention). However, there are some odd things about this that really struck me the wrong way. Google says it adheres to responsible disclosure, but at the same time they give Microsoft 5 days to fix their 0day that Google’s researchers themselves created!

Source: https://threatpost.com/does-google-have-double-standard-full-disclosure-061010/74091/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation