Disclosure

Microsoft to seek credit for finding vulnerabilities

LAS VEGAS--Microsoft is jumping into the responsible disclosure game.

The company announced at the Black Hat security conference on Thursday that it is formalizing its program of informing third-party software vendors of security problems with products that run on top of Windows.

"We've seen the threat environment change," said Andrew Cushman, who runs the Microsoft Security Response Center.

Vista is more secure than XP and has fewer infections, he said. In addition, there are an increasing number of third-party exploits, and fewer browser-based exploits than in third-party software, he added.

The MSRC already reports vulnerabilities to other … Read more

The ethics of lock picking and telling

In 2004, a video circulated on the Internet showing how a standard Bic pen could be used to open the U-shaped Kryptonite bike lock. The company recalled the locks, replaced newer purchases, and changed the design for new locks. Problem solved, right?

Not exactly. Despite the fact that the problem had been revealed 12 years earlier in a British bike magazine, Kryptonite had continued to sell the locks unchanged. Angry customers filed a class action lawsuit that was settled in 2005, with Kryptonite offering to replace all affected locks or provide vouchers, and compensate people whose bicycles were stolen as a result of the lock being picked.

"If you don't make the problems public, the companies don't fix them and the consumers buy shoddy stuff," said Bruce Schneier, chief security technology officer at BT.

There's been plenty written about breaking into the virtual locks that safeguard sensitive data on the Web. But the picking of real-world physical locks is becoming an increasingly popular pastime for some. Enthusiasts have formed sporting clubs and hold regular competitions. Security researchers write books about how locks can be broken into and show how it's done on blogs and videos and at security conferences.

Naturally, lock manufacturers aren't happy. They argue that publicizing the vulnerabilities causes people to panic unnecessarily and puts the public at risk by giving criminals information they can use to break door locks, safes, and other secured assets.

But, just like third-party disclosure of vulnerabilities in software forces manufacturers to acknowledge security holes and patch them quickly, lock manufacturers will find they can't escape the scrutiny and will have to be held accountable for their products, experts say. … Read more

BLIP: Blogging Patents - Disclaimer

The materials found in this blog are authored and prepared by Michael Valek, Chris Ryan and Matt Wermager of Vinson & Elkins LLP. This blog is a purely public resource of general information that is intended, but not guaranteed, to be correct and complete. It is not intended to be a source of solicitation or legal advice. Postings are not solicitations or legal advice and are for informational purposes only. You should not rely or act upon any information posted in or in response to this blog without seeking professional legal counsel.

Needless to say you should not post any … Read more

Disclosure

Kevin Ho has no business relations, investments or affiliations with subjects he covers.

Macalope - Disclosure

The Macalope holds an insignificant number of Apple shares. He does not cover companies he has current or prior business relationships with without providing inline disclosure

Web Services - Disclosure

Hoffman is a student at the University of Miami. He owns a small amount of shares in GOOG, YHOO, MSFT, HPQ, EBAY, DIS, and TWX.

Audiophiliac - Disclosure

Steve Guttenberg has worked as a producer and writer for Chesky Records, and as a writer for Chesky subsidiary HD Tracks.

Digital Noise - Disclosure

Matt Rosoff is an analyst for Directions on Microsoft (DoM), an independent IT research and analysis firm specializing in Microsoft technologies and business strategies. Microsoft does not commission DoM research, exercises no editorial control over DoM research, and holds no financial stake in the company. DoM sells some finished reports and other products to Microsoft, and sells these products and provides advisory services to other well-known technology companies. A partial list of clients is available at this URL: http://www.directionsonmicrosoft.com/aboutus/DirectionsClients.pdf.

Rosoff occasionally agrees to be briefed by Microsoft and other clients under non-disclosure agreements, and … Read more

Disclosure

Don Reisinger has no business relations, investments or affiliations with subjects he covers.

Disclosure

Gordon Haff is a Principal IT Advisor for Illuminata, Inc. which has business relationships with many systems and software vendors, some of which he may write about. However, Illuminata requires that judgments and opinions of its Advisors are their own. The company does not solicit or accept payments to endorse either products or vendors, nor does it serve on the boards of directors of vendors, or accept equity payments. Gordon has no personal business relations, investments, or affiliations with companies he covers.