Wednesday, May 6, 2015

Welcome to Disclosure Wars

Nobody likes to be pointed out by their flaws. And if these defects can make you lose your reputation or your programmer's working hours to solve it, even less. Disclosure of computer failures has always been tinged with controversy, but when it seemed it has reached to terms of consensual responsibility, the discussion has been enlivened. Today it is CriptoLock against IOActive. And others have been in conflict about this same issue for years: Microsoft and Google.

CryptoLock is an Oregon-located electronic locks company. The IOActive consulting company discovered various flaws in their products and warned CryptoLock, following the protocols of "responsible disclosure" and allowing CryptoLock to fix them. But just the day before the one they had agreed, a CryptoLock lawyer sent a letter to IOActive threatening to report them for having "cracked" their products.
It looks like a film plot. Like the one starred by Google and Microsoft since the former launched its Project Zero troubleshooting service, which gives 90 days to the affected companies in order to fix them. After several squabbles, because according to Microsoft it is too short time to create patches, eventually the Redmond company has refused to solve one of the failures discovered by Google.

Certainly Microsoft abandons the practice of publishing their patches every Tuesday, and for Windows 10 it would be done when needed. The company is now also on news by another issue: They records the IP address of any computer with a Windows copy activated, in order to detect operating system's pirated copies. An example of the use given by Microsoft to these records is the sue presented against Verizon this week, due to massively use of Windows illegal copies. They are presenting an IP address from this company as evidence.

And just a curious story which we would love to happen in many countries around the World: the Prime Minister of Singapore, Lee Hsien Loong, 63 years old, shared on Facebook a Sudoku game code, written by himself, causing their compatriots admiration. But that's not the whole thing: the person behind the Twitter profile @hackerfantastic discovered several errors in the game and warned the Prime Minister, who kindly announced that it will be solved at a forthcoming installment, causing then the admiration beyond his country borders.

There are some stormy paths on disclosure and it tells a lot about people and companies just looking at how they react to it.


Post a Comment