Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Hackers infect site with MS zero-day vulnerability (sophos.com) 2

An anonymous reader writes: Hackers are infecting websites using a Microsoft zero-day vulnerability that was controversially made public by a Google engineer only five days after he had informed Microsoft about the problem.

Tavis Ormandy, a Google security researcher, was criticised last week for not giving Microsoft enough time to fix the vulnerability which he discovered in Windows XP's Help and Support Center, after he published exploit code to the Full Disclosure mailing list. And now malicious hackers have infected a legitimate website with malware that exploits the vulnerability, according to Sophos.

Security blogger Graham Cluley asks Ormandy: "Do you feel proud of your behaviour? Do you think that you have helped raise security on the internet? Or did you put your vanity ahead of others' safety?"

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hackers infect site with MS zero-day vulnerability

Comments Filter:
  • The exploit has been there for eight years.

    If one guy can find it in his spare time, how many enemy states (that Microsoft gave the Windows source code to) have counter-intelligence divisions discovering these exploits and banking them up for the cyber war to come? Releasing it to childish web defacers gets indifferent Microsoft to fix it now. Do free work for Microsoft by finding their bugs and reporting them directly, expect something between indifference and the FBI visiting you.

    It's not just hacking [computerworld.com]

  • Chances are that the infected website would have only installed the patch once they were hit, if MS had time to release the patch.

Can anyone remember when the times were not hard, and money not scarce?