Tuesday, July 9, 2013

Microsoft reports hackings linked to report by Google researcher


By Jim Finkle

BOSTON (Reuters) - Microsoft Corp said hackers have attacked some computers by exploiting a bug in Windows first disclosed two months ago by a Google Inc researcher, who came under fire at the time for publicizing the flaw without going to the software company first.

Microsoft provided few details about the attacks. In an advisory on Tuesday, it said hackers had launched "targeted attacks," a term generally used by security experts to refer to cyber attacks on corporate or government targets, with espionage and sabotage as the motive.

Google security engineer Tavis Ormandy's disclosure in May was controversial because he posted technical information on the Web that described the bug in the Windows operating system, which some experts said could help malicious hackers launch attacks, before Microsoft had released software to fix it.

Officials with Microsoft declined to comment when asked if they believed Ormandy's disclosure of the vulnerability had led to the attacks.

Ormandy also drew attention because he lashed out in a blog posting at long-time Google rival Microsoft, saying that its security division was difficult to work with. He advised other researchers to use pseudonyms and anonymous email when communicating with the software maker.

"It leaves a slightly bad taste in the mouth to see somebody who is a Google security researcher have a pop at Microsoft," said Graham Cluley, an independent security researcher.

Ormandy could not be reached. A Google spokesman declined comment, saying that Ormandy's Windows project was personal and not related to his work for the company.

(Reporting by Jim Finkle; Editing by Leslie Gevirtz)

YOUR COMMENT