Linked by Thom Holwerda on Fri 14th Jun 2013 17:32 UTC
Microsoft From Bloomberg: "Microsoft, the world's largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes." The lid has officially been blown off.
Thread beginning with comment 564740
To view parent comment, click here.
To read all comments associated with this story, please click here.
WereCatf
Member since:
2006-02-15

also don't see the problem with it.


You don't see the problem with deliberately delaying fixing security issues with a very widely-used OS?

Reply Parent Score: 8

UltraZelda64 Member since:
2006-12-05

And even ignoring that little security fact, it also raises the question: "If the company is willing to go that far to appease the government, then what else might they be doing for them?"

Reply Parent Score: 2

bentoo Member since:
2012-09-21

And even ignoring that little security fact, it also raises the question: "If the company is willing to go that far to appease the government, then what else might they be doing for them?"


The security fact is that government has a lot more to loose than you do if they are caught with an un-patched but exploited vulnerability. I don't see this as "appeas[ing] the government" but common sense.

Reply Parent Score: 1

BallmerKnowsBest Member since:
2008-06-02

And even ignoring that little security fact


...which isn't actually a fact, or even remotely accurate for that mater...

it also raises the question: "If the company is willing to go that far to appease the government, then what else might they be doing for them?"


ZOMG, those hypothetical bastards!!!

Reply Parent Score: 1

moondevil Member since:
2005-07-08

Instead of focusing only on Microsoft I would like to know what the other commercial OS vendors do.

Reply Parent Score: 4

darknexus Member since:
2008-07-15

Instead of focusing only on Microsoft I would like to know what the other commercial OS vendors do.

Agree! And I'd also like to know what major open source vendors do. In a situation like this, one is no less vulnerable than the other and, as no one reviews the code of a full distribution in its entirety (that's far too much code for one person), slipping a back door in would be child's play for agents especially if said distribution (as most do) uses many custom patches.

Reply Parent Score: 3

subsider34 Member since:
2010-11-08

You don't see the problem with deliberately delaying fixing security issues with a very widely-used OS?

Are they actaully delaying fixing the security issues, or are they just informing intelligence agencies of the exploits while they work to fix them?

If it is the former, shame on them, if the latter...well I suppose it would motivate the more privacy conscientious Microsoft employees to work hard to fix the problem faster.

EDIT: I would like to clarify that I frown on both behaviors. I just think that delaying fixing security exploits is the worse of the two options.

Edited 2013-06-14 20:52 UTC

Reply Parent Score: 3

bentoo Member since:
2012-09-21

"also don't see the problem with it.


You don't see the problem with deliberately delaying fixing security issues with a very widely-used OS?
"

How does advanced notification equate to delaying fixing?

Reply Parent Score: 4

cdude Member since:
2008-09-21

How does advanced notification equate to delaying fixing?

The information is only something worth if it can be used. Flame and Stuxnet, both NSA products but sure there are many more, where using plenty Windows zero-day exploits for years. Now we know the story behind.

Edited 2013-06-15 12:07 UTC

Reply Parent Score: 4

BallmerKnowsBest Member since:
2008-06-02

"[q]also don't see the problem with it.


You don't see the problem with deliberately delaying fixing security issues with a very widely-used OS?
"

How does advanced notification equate to delaying fixing? [/q]

In the same way that "trolling" equates to expressing any strong opinion, or in the same way that "patent trolling" equates to any litigation related to patents, or in the same way that "shill" equates to making any statement in defense of an unpopular company, etc etc etc....

This is what online debate has become: the dilution of the meaning of well-defined terms, due to deliberate "linguistic escalation." Someone calls you a fanboy? Then you call them a troll... then they retaliate by calling you a a shill, so you call them an astroturfer, ad infinitum.

The object is to find the most damning label you can think of, and to hell with accuracy!

Reply Parent Score: 4

BallmerKnowsBest Member since:
2008-06-02

"also don't see the problem with it.


You don't see the problem with deliberately delaying fixing security issues with a very widely-used OS?
"

And where does the article say anything about Microsoft delaying the public release of security fixes? Hint: it doesn't, you're just conflating "early alert" with deliberate delays in providing security fixes.

Reply Parent Score: 3