• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Media / The Backlash for Computer Security Experts

The Backlash for Computer Security Experts

2010-06-16 by Jason

It seems to happen every 6 months or so: Technology companies get mad at security researchers and the terms that get thrown around a lot are ‘responsible disclosure’. We just so happen to be in another one of those situations where more than one incident has occurred recently. Last week, a Google employed researcher went public with information regarding a vulnerability he had discovered in Windows XP and Server 2003. Also last week, a security research organization released details of a flaw with AT&T’s website that allowed access to the e-mail addresses of Apple iPad users. With high profile cases, the more main-stream media will pick up on it and so right on cue, the Wall Street journal has an article, Computer Experts Face Backlash, that rehashes the topic in relevance to the recent issues.

‘Responsible disclosure’ in terms of computer security research entails a researcher going directly to a company with the flaw or vulnerability that she has found. The company should then address the issue in a timely manner such as with a patch and then the researcher can publicize the problem they had found with a solution to recommend.

However, a researcher might think that a particular vulnerability that they have found is highly critical and they get impatient waiting for the company to fix the problem. If the company thinks the problem isn’t as critical, it might back-burner the fix. The researcher then might choose to go public with the information to “encourage” the company to release a patch sooner rather than later. With the compensation for some vulnerability reports,  this can also seem like extortion. Since many security researchers and companies are trying to make their name in the industry, they want to go public with their find to get their name out there.

The problem lies with the “timely manner” part of the definition above. Some researchers might think that a week is plenty of time to address the problem. Some companies might need a month to develop, test, and release a patch. When a researcher goes public with the information before a patch is available, it is considered a break of responsible disclosure. Many times, the information released to prove that a vulnerability exists is also enough information for malicious people to create the exact thing the researcher and technology company would have preferred to avoid. People are often put at risk when there is a break of responsible disclosure.

Last week’s cases involved:

  • A Google-employed security researcher went public with information about a vulnerability that he had disclosed to Microsoft just 4 days before. (Microsoft Security Advisory)
  • Goatse Security group discovered a flaw in AT&T’s website that was not directly disclosed to AT&T but instead went through the grapevine that allowed iPad owner’s e-mail address to be revealed.

The results:

  • Microsoft vulnerability being exploited in the wild.
  • The iPad-related flaw may reveal more information than just the e-mail address of subscribers.
  • FBI investigates the AT&T breach.

For further reading on the topic: Threatpost on Full Disclosure and The Wall Street Journal article on the backlash for Computer Security researchers.

Filed Under: Media, News, Security and Privacy

Trending

  • Will your next desktop be in the cloud?
    In Hardware, Gadgets, and Products
  • WineHQ’s Database Compromised
    In Security and Privacy
  • CloudFlare targeted through Google Apps account recovery flaw
    In Security and Privacy, Webmaster

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
  • Benefits of End-To-End Testing That Will Match Company Expectations Benefits of End-To-End Testing That Will Match Company Expectations
  • 3 Key Features of Pets Health Monitoring Systems 3 Key Features of Pets Health Monitoring Systems
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in