Microsoft Gets Security Disclosure Revenge on Google

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Google adopted a policy of disclosing unpatched security vulnerabilities being exploited back in 2013, which angered Microsoft on several occasions, as Windows is often the product being exploited. Their stance has seemingly shifted, however: a Microsoft Security Response Center posting, “Security is now a strong differentiator in picking the right browser,” is giving Google a dose of its own medicine by detailing an unpatched security vulnerability in Chrome.

Microsoft didn’t randomly discover a flaw in Chrome, alert Google, and then wait some period of time before disclosing it publicly. Instead, it specifically started a project to “examine Google’s Chrome web browser” for security problems. And it found some. Alerted Google. And then disclosed it publicly, after taking careful note of how long Google took to fix them. In short, Microsoft just wanted some revenge on Google.
 
They didn't examine chrome for security problems, they examined it to figure out why people are using it more than edge.

rlIggBF.jpg
 
Ok Microsoft, that was a dick move. Only giving them a month to fix the issue before releasing the details on it? If I remember correctly Googles policy is 90 days. Still aggressive but much more reasonable than 1 month.
 
I'm okay with this. As long as the corporations are telling on each other, and improving the security of their products in the process, we win. When they go the other route, and try to get legislation passed to prevent other corporations from telling on them, then we all lose.
 
Sounds like Microsoft were a bit quick to pull the trigger on releasing the information publicly, but other than that, it sounds like they acted pretty reasonably.
 
why is calling google out "petty" but google doing it to microsoft "hipster cool"?

google stopped being google about 5-7 years ago and are no longer the cool company you want a friend to share that rare gmail invite with.
 
90 days vs 30?
If the disclosure policy is different, then the comparison is invalid.
 
Good. Fuck both of them with a rusty spatula. This backdoor nonsense should be fixed weekly not monthly. blah blah blah product life cycle bullshit. There's 1000+ people working on these applications. You are telling me that Google can't do quick release builds for security updates in days?

Horse shit.
 
Good for us, not for them. Gets shit fixed in a timely manner. I hope it happens more often on all sides. Get them to prioritize updating their shit. Competition, even this fierce womanly hair pulling and biting stuff, is good. :)

let-them-fight.jpg
 
oROEchimaru said:
why is calling google out "petty" but google doing it to microsoft "hipster cool"?

google stopped being google about 5-7 years ago and are no longer the cool company you want a friend to share that rare gmail invite with.
Click to expand...

Because the MS hate in these forums is about as strong as racism in the Old South due to year after year of it being cool, now it's the only way to feel and the double standards are real.
 
Bigdady92 said:
Good. Fuck both of them with a rusty spatula. This backdoor nonsense should be fixed weekly not monthly. blah blah blah product life cycle bullshit. There's 1000+ people working on these applications. You are telling me that Google can't do quick release builds for security updates in days?

Horse shit.
Click to expand...

But 995 of those people are busy putting cupcake emoticons into their map application; they have to grow the business, not focus on petty issues like bugs and exploits.
 
Good, Chrome is such a sack of crap, leave it open and watch your PC bog down. How the hell does youtube use 1GB of RAM, fix your crap google.
 
oROEchimaru said:
why is calling google out "petty" but google doing it to microsoft "hipster cool"?

google stopped being google about 5-7 years ago and are no longer the cool company you want a friend to share that rare gmail invite with.
Click to expand...

Man, you got that right.

"Nobody wants to acknowledge that Google has grown big and bad, but it has. Schmidt’s tenure as CEO saw Google integrate with the shadiest of U.S. power structures as it expanded into a geographically invasive megacorporation"
-Julian Asange

"A monopoly both in search and advertising, Google, unfortunately, shows that they are not able to resist the misuse of power. I am saddened by this makeover of a geeky, positive company into the bully they are in 2017. I feel blocking competitors on thin reasoning lends credence to claims of their anti-competitive practices. It is also fair to say that Google is now in a position where regulation is needed. "
-Jon von Tetzchner
 
Ordeith said:
Man, you got that right.

"Nobody wants to acknowledge that Google has grown big and bad, but it has. Schmidt’s tenure as CEO saw Google integrate with the shadiest of U.S. power structures as it expanded into a geographically invasive megacorporation"
-Julian Asange

"A monopoly both in search and advertising, Google, unfortunately, shows that they are not able to resist the misuse of power. I am saddened by this makeover of a geeky, positive company into the bully they are in 2017. I feel blocking competitors on thin reasoning lends credence to claims of their anti-competitive practices. It is also fair to say that Google is now in a position where regulation is needed. "
-Jon von Tetzchner
Click to expand...

Exactly. It's been years since MS was the 800 pound gorilla that needed to be reigned in and Google and Amazon were the scrappy upstarts that deserved to be cheered for. Now they're nigh unstoppable juggernauts and we've got people here either so used to their old hatreds or maybe they're just living in the past like the old lady from Batteries Not Included that was in denial about her sons death.

elizabeth-pena-jessica-tandy-hume-cronyn-dennis-boutsikaris-batteries-bpd1xn.jpg
 
Except if you read the article you’ll see that Google disclosed the flaw themselves.

We responsibly disclosed the vulnerability that we discovered along with a reliable [remote] exploit to Google on September 14, 2017,” the Microsoft post explains. “[But] the source code for the fix was made available publicly on Github before being pushed to customers … the stable channel of Chrome remained vulnerable for nearly a month after that commit was pushed to git.
Click to expand...
 
Ultima99 said:
Because the MS hate in these forums is about as strong as racism in the Old South due to year after year of it being cool, now it's the only way to feel and the double standards are real.
Click to expand...

Or just longtime Windows users that are sick of being shit on and taken for granted in Microsoft's post-7, fisher-price tiled, Metro/mobile identity crisis era of Windows 8 & 10 forced updates and spyware suck.

Cool strawman though - the idea that Microsoft shouldn't be held accountable for terrible, user-hostile policies and utter lack of transparency because "hey look over there at Google, Amazon and Apple" or "You just hate Microsoft cuz you love Googles so much". F that. If "MS hate on these forums" was the extent of Microsoft's problems under Nadella, then Windows 10 adoption wouldn't be stalled so hard, and their consumer products and services wouldn't be DOA every time.

At some point you stop whining and blaming the competition for all your troubles, and start looking inward at what's broken and what's not working. MS made their bed, and consumers no longer caring about Microsoft branded anything didn't spawn out of thin air - there were root causes, and its Microsoft's challenge to find them.
 
Last edited:
The issue I have with Google reporting problems, waiting a month or whatever, then releasing them is that Google is trying to decide for Microsoft what the priority is, and that is wrong.
 
Google: if the exploit is in the wild releases after 60 days (if critical vuln then 7 days).
Microsoft: releases after 30 days.
 
Doesn't make edge any more appealing. No doubt google is a giant evil corporation, but at this point I'm too "invested" in chrome / android to give a rat's ass whether or not Microsoft can put out the trash-fire that is edge and deliver a usable UI - it would take a major innovation to get me to use edge for anything more than installing chrome on a fresh OS at this point. Are you guys [L]imp or something? Do I give a shit if chrome uses 1gb of ram? Nope. Chrome could eat up 16gb of ram and I'd still have more than enough to not notice 90% of the time (and that other 10% of the time I'm not browsing the interwebs). FireFox died out what? Years ago at this point? It looks like crap (yeah I know, if I wanted to piss away hours of my time I could customize the look... of someone else's product... but then again chrome DOESN'T look like ass right out of the box) plus all my bookmarks and passwords are already synced on all my computers / phones thanks to Chrome. Not interested in setting all that up again. IE never managed to keep up with current standards, and then edge happened. I'm pretty certain the only reason IE rates on usage charts is due to major corporations - some of the web apps we rely on ONLY function in ie8 (passable functionality in IE10 compatibility mode).
 
Interesting since last week I saw some click bait story elsewhere about Edge being more secure than ever.

Don't believe that any browser is the end all be all but definitely not buying into any MS marketing hype.
 
You must log in or register to reply here.
Back
Top