Google and Mozilla Encourage Bug Spotting, Microsoft Does Not

Dr. Roy Schestowitz

2010-07-24 08:53:54 UTC
Modified: 2010-07-24 08:53:54 UTC

Summary: Google and Mozilla offer bounties for spotting bugs; Microsoft says no to the idea (proof that proprietary software is embarrassed about showing weaknesses)

THE company that made silent patching (and deceitful security reports) seemingly acceptable is continuing to show why it lags behind in terms of security. While Mozilla offers a $3,000 bug bounty to make Firefox more secure, Microsoft does not, as a matter of principle.

Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft's products.

Only weeks ago Microsoft was criticised for attacking researchers who report bugs in its software. How heart-warming.

For what it's worth, Apple's proprietary software is not secure, either. This time it's Safari with a gaping hole.

Right at the moment a Safari user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address. Safari v4 & v5, with a combined market browser share of 4% (~83 million users), has a feature (Preferences > AutoFill > AutoFill web forms) enabled by default. Essentially we are hacking auto-complete functionality.

Apple with its sheer arrogance will probably try to sweep this one under the carpet, judging by the way it treated major manufacturing/design issues in hypePhone 4. Rather than issue an apology Apple is quietly offering cases (without exactly acknowledging the problem). ⬆

Comments

Needs Sunlight

2010-07-25 13:12:47

Kudos to Google and Mozilla for designing and building so well.

OpenAI: If OpenAI Survives Another 2 Years, It'll be About 30 Billion Dollars in Cumulative Losses/Debt: So if Microsoft cushions those losses (to delay the bubble's implosion; Microsoft uses the bubble to fake its "market cap", as does NVIDIA), its debt will skyrocket
Perils for Patent Eligibility Restoration Act (PERA) and PREVAIL (Efforts by the Litigation 'Industry' to Bring Back Software Patents and Crush Challengers at PTAB): The EFF and FSF seem to have caught up with it
OpenSource.net, Which OpenSource.org (OSI) Said Would Continue OpenSource.com (IBM/Red Hat), Has Been Dead for a Month: Open Source Initiative is not an ally; it's a Microsoft front group
Latest in OSI's Blog Affirms Its Status as Microsoft Front Group, Sponsored by Microsoft to Promote Microsoft Agenda and Lobby for GPL Violations: Even the staff is paid by Microsoft; they hardly hide this anymore
About 80% of Red Hat Blog is the 'Hey Hi' Nonsense (Ponzi Scheme): The official Red Hat RSS feeds have been drowned out by "AI" nonsense
[Meme] If This is How Wall Street Really Works, People Should be Terrified: "OpenAI worth $150 billion with a $15 billion loss"
Red Hat Has Become a Buzzwords Vendor, Not a Linux Company: Red Hat is quickly becoming a joke of a company or "90% marketing"...
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, November 14, 2024: IRC logs for Thursday, November 14, 2024
Phoronix Did Not Cover This...: 1,000 people fired at AMD is not news
Links 15/11/2024: LF Talks About Patent Trolls, Advancing a Warning About "Buy Nothing Day": Links for the day
Alexander Wirt (formorer), Wayward people & Debian censorship: Reprinted with permission from Daniel Pocock
Gemini Links 14/11/2024: Infocalypse and "Multiple Monitorings": Links for the day
Links 14/11/2024: The Web We Lost Coming Back, X/Twitter Crashing: Links for the day
Links 14/11/2024: Politics, Climate, and Instability: Links for the day
Links 14/11/2024: EmacsConf and Flounder: Links for the day
Links 14/11/2024: Science and the Demise of Microsoft-Connected USPTO Director: Links for the day
For "X" to Die the Media and Politicians Will Need to Quit (Then, Advertisers Will Lose Interest, Even for Political Ads): Fewer people are still there anyway
Debian GNU/Linux and Free Software Developer Daniel Pocock in Irish Elections This Month (Dublin Bay South): Polling day in 15 days
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 13, 2024: IRC logs for Wednesday, November 13, 2024
Bob Should Tell Alice About What GitHub (Which Linux Foundation Outsources Code to) Does to Entire Nations, Following Donald Trump's Policies: "What's next, preventing access to Linux from non-NATO countries? Putting NSA backdoors in the kernel?"
Layoffs as Happy Stories in the Corporate Media: It's based on a longstanding pattern
It Took The Guardian More Than 2 Years of Musk to Realise What Twitter Was and It Took Twitter 4 Years of a President Trump to Realise What Trump Was: Trump was deplatformed only a fortnight before Biden became president anyway
[Meme] Google 80%, Windows 2%: "I'm going to f---ing bury that guy, I have done it before, and I will do it again. I'm going to f---ing kill Google."
Microsoft's Market Share Falls to 2% in Haiti: Throw in Android (now 80% of "the market") and Windows is down to 2%
Gemini Links 13/11/2024: Magic of Walking and Lest We Forget: Links for the day
Links 13/11/2024: USPTO Director Kathi Vidal ('Former' Microsoft Rep) Resigning, Censorship After Car Ramming Attack in China: Links for the day
Microsoft: Layoffs, Outsourcing, and R.T.O. as Cover for Mass Layoffs Without Severance Pay: Microsoft had mass layoffs pretty much every month this year
[Meme] The Addicted Lolicon Throwing Stones: "They've found my RMS attack site"
Jonathan Carter & Debian betrayed Joel Espy Klecker: Reprinted with permission from Daniel Pocock
Links 13/11/2024: Red Tape War and Programming Experiences: Links for the day
Links 13/11/2024: "Make Your Laptop Last FOREVER" With GNU/Linux, 23andMe Mass Layoffs, Intel 'Resignations' Layoffs Loophole: Links for the day
In Switzerland, GNU/Linux Reaches Record Highs, But What About the Corruption?: Pocock is a disappointed citizen of Switzerland
More Than 3 Years After Vista 11's Release More Chinese Computer Users Still Use Vista 7 (Than "11"): it was "officially" released October 5, 2021
At BetaNews, "Most Commented Story" Is Not a Story But LLM Slop! (Readers Talking to Bots): They make fake stories with provocative headlines and then boast that these get many comments
[Meme] Swiss Lawyers/Attorneys Who Fake Qualifications and Rob People: Switzerland mostly guards its reputation by censorship of media
Just How Slow Has the News Industry Become?: We're drowning in garbage from fake publishers
Things That Still Work OK (But We're Being Shamed for Using): Using old stuff is nothing to be shamed of (or afraid to do)
Free Software is About Collaboration: WordPress limits it
Even the Managing Editor of BetaNews is Doing Slop and Spam: A Fish Rots From The Head Down
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 12, 2024: IRC logs for Tuesday, November 12, 2024
PERA Bill in US Senate Strives to Crush Caselaw, Making Patents on Mathematics and Algorithms 'Great Again': Follow the money
BetaNews is Beta-Testing the Site as LLM Slop With Microsoft Propaganda Thrown In: Many of the people there are Microsoft boosters and they use slop as "filler" (for marketing)
Evolution of euthanasia & WIPO UDRP similarities exposed by W. Scott Blackmer: Reprinted with permission from Daniel Pocock
Gemini Links 13/11/2024: Phasing Out 3G, Brian Kernighan Books, Tcl/Tk, Time to Ditch x86: Links for the day

Google and Mozilla Encourage Bug Spotting, Microsoft Does Not

Comments

Recent Techrights' Posts