by Mike Masnick
Tue, Oct 28th 2008 6:56pm
There was plenty of news over the weekend about a security flaw found in Google's Android mobile operating system that could allow certain websites to run attack code and access sensitive data. The security researchers have said they won't reveal the details of the flaw, even though it's apparently a known flaw that is in some of the open source code in Android that Google did not update. However, that didn't stop Google from attacking the messenger, claiming that the security researcher who discovered the flaw broke some "unwritten rules" concerning disclosure. First of all, there is no widespread agreement on any such "unwritten rules" and many security researchers believe that revealing such flaws is an effective means of getting companies to patch software. Considering that Android's source code was revealed last week, it's quite reasonable to assume that many malicious hackers had already figured out this vulnerability, and making that news public seems to serve a valuable purpose. It's unfortunate that Google chose to point fingers, rather than thanking the researcher and focus on patching the security hole.
If you liked this post, you may also be interested in...
- Akamai: 12-Year-Old SSH Vulnerability Fueling Internet-Of-Broken-Things DDoS Attacks, And Worse
- FBI Lifts Gag Order On NSL Issued To Google... Which Doesn't Have Much To Say About It
- Verizon Wants $1 Billion Discount After Yahoo Scandals, Still Fancies Itself The New Google
- Argentina Not Only Wants To Bring In E-Voting, It Will Make It Illegal To Check The System For Electoral Fraud
- Charter Joins AT&T In Using Lawsuits To Try And Slow Down Google Fiber