SoylentNews is people
SoylentNews
For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement. The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll), which is a library that enables applications to use graphics and formatted text on both the video display and a local printer.
According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable. Following subsequent tests, the researcher resubmitted his bug report in November, which Microsoft failed to patch in the 90 days interval Google allows vendors to fix bugs before going public with its reports.
This is the second time Google has taken this step against Microsoft after in November 2016 it disclosed details about a zero-day exploited by a cyber-espionage group known as APT28 (Strontium) a few days before Microsoft's November Patch Tuesday. Back then, Google said it took this step to allow users to protect themselves until Microsoft published a patch. Microsoft's Terry Myerson, Executive Vice President, Windows and Devices Group, didn't see it the same way, describing Google's actions as "disappointing" because it put customers at greater risk of exploitation.
(Score: 4, Insightful) by https on Monday February 20 2017, @10:28PM
You are exceptionally mistaken. At least one "side" is very far from 100% correct, namely, more black hats knowing about an exploit does not change the number of computers (or people) vulnerable to that exploit.
Offended and laughing about it.
(Score: 2, Disagree) by Hairyfeet on Tuesday February 21 2017, @03:43AM
Would you say the same if this was another Linux bug like Shellshock or Ghost? The problem with Google's line of thinking is it is basically an is ought fallacy [wikipedia.org] in that because there IS one person who knows of this flaw (The Google researcher) that there OUGHT to be a bunch of hackers that already know this....where is the evidence to back up this assertion? There isn't any. As we saw with shellshock just because there is a bug in the wild does NOT mean its being exploited, the bug in Bash lasted how many years? Something like 2 decades wasn't it? Before it was exploited.
All Google has done is make 100% certain that this WILL be exploited and it will be because of them.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by tangomargarine on Tuesday February 21 2017, @03:46PM
it is basically an is ought fallacy
The name of that page is actually "is-out problem", not fallacy. Apparently there's philosophical arguments for both sides of it.
Critics of religion have argued that the is–ought distinction threatens the validity of secular ethics, by, in the critics' view, rendering secular ethical systems subjective and arbitrary.[4]
namely, more black hats knowing about an exploit does not change the number of computers (or people) vulnerable to that exploit.
You didn't actually speak to the GP's point, either. If X computers are vulnerable to it, you can either have A) a single hacker with the resources to disseminate malware widely, or B) a group of hackers that are rather lazy or ineffectual. In either case, the same number of computers are still vulnerable.
Would you say the same if this was another Linux bug like Shellshock or Ghost?
At least we know with certainty that Hairyfeet would be bitching about it.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by tangomargarine on Tuesday February 21 2017, @03:48PM
*is-ought, blarg
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Wednesday February 22 2017, @08:44AM
But you see, RumbaOleo, it becomes a fallacy when you misspell it! Or when you fallaciously attempt to derive an "ought" (normative statement) from an "is" (descriptive statement). So, simply, just because Microsoft has a dwindling monopoly in fact, that does not mean that it should, and it certainly does not mean that you should collaborate and re-enforce said monopoly. "You may say that I'm a dreamer; But I'm not the only one."
(Score: 2) by tangomargarine on Wednesday February 22 2017, @03:45PM
Is-Ought is an ethical problem; it's not a justification for stuff you don't like being evil.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"