An anonymous reader writes: Hackers are infecting websites using a Microsoft zero-day vulnerability that was controversially made public by a Google engineer only five days after he had informed Microsoft about the problem.
Tavis Ormandy, a Google security researcher, was criticised last week for not giving Microsoft enough time to fix the vulnerability which he discovered in Windows XP's Help and Support Center, after he published exploit code to the Full Disclosure mailing list. And now malicious hackers have infected a legitimate website with malware that exploits the vulnerability, according to Sophos.
Security blogger Graham Cluley asks Ormandy: "Do you feel proud of your behaviour? Do you think that you have helped raise security on the internet? Or did you put your vanity ahead of others' safety?"