It’s never fun to hear someone say that his system is failing in terms of security. Especially when it is the world’s number one software. And even less when it is a competitor that reveals this information ! Google revealed on Monday, in a blog post, the existence of a fault judged as “particularly severe ” on Windows, the Microsoft operating system. The vulnerability would have already been found by hackers who have exploited to perform various attacks.
If the firm of Redmond has acknowledged the existence of the problem and indicated that it was working on its resolution, with a software update scheduled for November 8, it has hardly appreciated the initiative of his rival california.
Lack of coordination
” The decision by Google to publicly disclose the vulnerability before patches are ready is disappointing. And it increases the risk for clients “, commented one of the main leaders of the group, Terry Myerson, in charge of the division Windows and terminals. Microsoft, which ensures that users of the latest version of Windows 10 and the browser house Edge are protected, and considers that shine the spotlight on this problem will attract more hackeurs eager to exploit it.
The initiative of Google is going against the rule – not written -in the area which is to act in a coordinated way when it comes to addressing the problems of computer security.
In this area, the giant of the Web in fact of the recurrence. In early 2015, he had twice warned the public about the existence of vulnerabilities in Windows, if drawing already at that time the anger of his rival. For what is the last date, Google considers it has done its job in reporting the problem to Microsoft as early as 21 October. The same flaw had been identified in Adobe on its Flash software ; it was corrected five days later.
” there is no code of ethics engraved in stone, but traditionally the actors are consulted before making this type of revelation, confirms an expert in cyber security. in After, there are obviously commercial issues, including in this specific case, which may undermine the respect for these rules. ”
in Addition to the bickering between the two giants of the tech, the revelation of this new vulnerability and its exploitation can legitimately worry about. According to researchers from Microsoft, it is the collective of hackeurs Strontium that would be behind these attacks. This group, also known under the name of ” Fancy Bear “, is not attracted by the lure of gain, but more so by the quest of sensitive information. It focuses particularly of the diplomatic institutions and of the States, and is suspected of being in the pay of Russia.
The United States estimates that the collective would be at the origin of the data theft suffered by the us democratic Party and the revelation on WikiLeaks of e-mails from the campaign teams of Hillary Clinton. In the Face of accusations of Washington, which denounced an attempt by Moscow to interfere in the presidential election, the Kremlin had called these insinuations ” bullshit “.
Roman Gueugneau, Les Echos
No comments:
Post a Comment