Microsoft Spurned Researcher Collective swings into action
By Nicole Kobie
Posted on 6 Jul 2010 at 16:26
Security researchers have started an anti-Microsoft club, promising full disclosure of any vulnerabilities.
The Microsoft-Spurned Researcher Collective - which is a spin on Microsoft's Security Response Centre - are angry at the software giant's "hostility" to external researchers, notably Tavis Ormandy, the Google-employed researcher who released the details of a Windows Support flaw days after warning Microsoft about it.
"Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective," the group said in a post on a disclosure website. "MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."
Listing off a flaw in Server 2008 and Vista, the MSRC group said it wasn't able to offer a fix, advising users to look to Microsoft for a solution, cheekily telling them to find the security registry key and change "the 'OurJob' boolean value to FALSE."
The group said it was looking for members, but warned Microsoft against trying to infiltrate it. "We do have a vetting process by the way, for any Microsoft employees trying to join."
Microsoft has yet to return request for comment, but disclosing security flaws before firms have a chance to deal with them is seen by many in the security world as irresponsible.
From around the web
Stupid people!
Who are they helping by doing this?
Are they only looking at Microsoft products? What about the non-Microsoft *Ca-apple-ugh* security flaws that don't generally get mentioned?
By rlsdaveas2000 on 6 Jul 2010 
Pricks!
Tavis only caused uproar for being irresponsible, now these idiots want to be irresponsible, because MS called Tavis irresponsible? :-S
Words fail me.
By big_D on 7 Jul 2010
Sue and be Damned
Shooting someone with a loaded gun is wrong, a criminal act and subject to damages in the courts.
Giving someone a loaded gun who then goes and shoots someone is wrong, a criminal act and subject to damages in the courts.
So perhaps the US victims of the first attack using such a vulnerability will launch a lawsuit for damages which, successful or otherwise, will pour a very cold shower of reason upon this group.
On can but hope.
By QbixQbix on 7 Jul 2010
Oh, I hate apple fanboys disguised as socially responsible savvy techies.
They're poison, pure and simple.
By Ajamu1 on 7 Jul 2010
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk