Microsoft under fire for threatening security researcher with criminal investigation
Microsoft is facing backlash after threatening a security researcher with legal action for disclosing unpatched vulnerabilities in its products. The company argues that the researcher, known as Nightmare Eclipse, should have reported the bugs privately instead of making them public. This incident has reignited a debate about the responsibilities of security researchers and the treatment they receive from tech companies.
- ▪Microsoft threatened legal action against a researcher for publicly disclosing unpatched bugs in its products.
- ▪The vulnerabilities affected critical tools like Windows Defender and BitLocker, and some have been exploited by hackers.
- ▪The incident has sparked discussions about the responsibilities of security researchers and their treatment by large tech companies.
Opening excerpt (first ~120 words) tap to expand
After a security researcher published a series of unpatched bugs in Microsoft products, along with code to exploit them, the company is now threatening to take legal action and call the cops on them. Microsoft’s veiled threat reignites a long-running argument over what responsibility, if any, security researchers have to disclose vulnerabilities affecting large and wealthy tech giants. On Wednesday, Microsoft published a blog post criticizing the researcher, who goes by the handle “Nightmare Eclipse,” for publicly disclosing a series of bugs, including BlueHammer, RedSun UnDefend, and YellowKey. The flaws affected products such as the Windows built-in antivirus engine Defender, and the disk-encryption tool BitLocker.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechCrunch.
Discussion
0 commentsMore from TechCrunch
