Faceoff Between Microsoft And Google
In its very first year of the Talk Security podcast edition, Brian Donohue and Chris Brook who are reporters of the Threatpost discussed the upcoming tiff between Microsoft and Google. Apart from this tiff, they also speak of the Lizard Squad hacker collective, the $10 USB homemade charger which logs stroked from wireless keyboards and more.
Earlier this month, the tech giant Microsoft wrote a letter to Google which was seen to be a strongly worded one which was on the topic of Google’s decision to publish an elevation of the privilege security vulnerability found in Microsoft only days before the company was set to fix it. In response to this letter by Microsoft, Google went ahead and published another bug in the company’s product a few days later.
The bug which they revealed was one in the login function of Windows 8.1 which could allow attackers to gain control of the system if they wished. This reveal on Google’s part is also seen to be part of their Project Zero which is an initiative by the company to identify security holes in companies and which calls on them to publicly disclose and patch bugs within the 90 days of their discovery. When posting about the bug found in Microsoft’s product, Google wrote in their blog post that this bug is also subject to the 90 day disclosure deadline. If the company is unable to fix the problem within the time given, the report of the bug would become public knowledge and visible for all to know.
Microsoft however asked Google to hold off for beyond the 90 day deadline for them to work on the matter. The senior director of Microsoft’s Security Response Center also made Google aware that such stringent deadlines would ultimately cause consumers to get hurt.
This is seen to be the second time that Google has revealed a bug in Microsoft’s products through their Project Zero. According to the senior director, the fixing of security vulnerabilities is a time consuming, complex and an extensive process because all vulnerabilities are not created in an equal manner and thus can take more than 90 days to fix.
Considering the issue of the $10 USB charger which was homemade came from Samy Kamkar who came up with the hack of the year. The charger when plugged in works as a key logger and can steal and decrypt any keystrokes from wireless keyboards by Microsoft. Thus, this was an additional topic which was spoken about by the reporters.
Lastly, they also spoke of the Lizard Squad which is toting its DDoS for hire service. One of their alleged members was also found to be arrested in England and announced that the Squad will no longer be providing patches for WebView which will cause 900 million devices to be left vulnerable to attack which can seriously cause damage to them.
Thus, these were the topics which the reporters Brian Donohue and Chris Brook thought important enough to talk on in the very first edition of the podcast and brought extensive knowledge to the listeners regarding these matters.