Barney's Blog

Blog archive

Doug's Mailbag: Google's Whistle Blowing Too Loud?

Was it wrong for Google to publicly broadcast a Microsoft security hole? Here's what some of you think:

It was irresponsible for Google to tell people how to exploit the hole (if that is indeed what they did). It is also irresponsible for Microsoft to let a high vulnerability stand once they knew about it (if that is indeed what they did).

As I recall, the last time an XP vulnerability surfaced, you had to be on the local machine to exploit it. If this is the vulnerability to which you refer, it is not much of one if it cannot be exploited without sitting at the keyboard.

That said, Microsoft announced the upcoming retirement of Windows XP in 2007 after releasing Windows Vista. Users demanded that they extend the lifetime of XP. Microsoft responded with Windows XP SP3 and announced a retirement date for XP SP3 for April 2014. More likely than not, XP and SP4 will ship shortly before that date.

Since then Vista SP1, SP2 and (a much improved) Windows 7 has shipped. Users have had three years to prepare for the transition to the NT 6.x kernel.

There reaches a point at which it is unrealistic to expect Microsoft to continue to support Windows XP. If users are too lazy or too cheap to upgrade a nine-year-old OS, I just don't feel very sorry for them.

If Microsoft knew about this flaw all along and did not fix it then I think they are almost criminally negligent and should be made to refund the cost of the software, as well as any costs associated with any damage caused by the flaw.

I applaud Google for exposing it so that it would be fixed. That this exposure has caused hackers to exploit the flaw should not surprise anyone.

It appears that the fellow who exposed the flaw was working with a group of his peers within Google. Unless they are working totally off-the-clock and with NO Google resources (even a copy of a compiler or a notebook controlled by the company) I would qualify this as a Google-sponsored issue.

If that's the case and there is any damage done by hackers, I would go after Google because they allowed the programmer to go public with the information in a reckless way. Also, the employee should also be blameed because he is putting many people at risk.

I'm sure that Google would love to embarrass Microsoft any way they can, but putting thousands of people at risk in the process is corporate irresponsibility.

Google is encouraging criminal behavior. Could it be prosecuted for conspiracy?

Flaws should NOT be advertised so that hackers may exploit them. The owner of the software or platform should be notified so that they may fix it. Even if they do not, it is better not to tell the world that it exists. If you do tell, every hacker around the world can take a stab at it, if they so desire.

Sounds like Google wanted Microsoft to take a hit over this. I trust Google less than I trust Microsoft.

I am one of those that think that all hackers should be taken out back and SHOT in the head.

Hacking should be a major felony, along with identity theft -- 10 years in federal prison, minimum.

I've been the recipient of these attacks.

Google should have told Microsoft about the problem with a phone call (not over the Internet).

Thanks Google. Stupid...

Share your thoughts with the editors of this newsletter! Write to [email protected] Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on 06/23/2010 at 1:17 PM


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.