Re: Google bashing, now smearing...
"You could say the same for MS..."
... and I have, when I believe they've deserved it. In fact, I made the same point about the race to the bottom some time ago, around the time Microsoft unveiled the telemetry in Win10, if memory serves.
The point here is - and I quote the article: "... a Microsoft spokesperson said the company is working on a fix... " So before Google blew the whistle on this, Microsoft were aware of the issue - and probably that it was being actively exploited - and were working on a patch in order limit the damage.
And then - like the Daily Mail and the leaked information on UK Lockdown V2.0 this weekend gone - Google decide to go public. And - here's the important thing - with only a seven day disclosure period. Why is this important? Because had they waited the standard 90-day period, the fix would have gone out on November 10th. So instead of playing by their own rules, Google chose to rank this issue on a par with the MD5 collision attack I brought up in my previous post - so either Google perceive that this issue is as important as a vulnerability in SSL certificates or, more likely I believe, they saw that the window of opportunity to attack was closing.
In many ways, this situation reflects your own post: as I have already mentioned, the article states that Microsoft were working on a fix for this before Google blew the whistle. Similarly, I have just re-read the article and I cannot find any mention of this blame you bring up, much less Microsoft blaming others. What I do see from your postscript though is your extolling of Linux at the expense of Microsoft; similarly, your second paragraph reads pretty much as if there was some conspiracy within Microsoft and their associates to hush up the existance of this bug. And - quite frankly - your implication of businesses being constantly under attack due to choosing Microsoft's tooling is nothing short of absurd: yes, Microsoft may have more vulnerabilities, but if someone truely wants to attack a particular business, they would. By the same token, as Microsoft's software is still dominant on the office desktop, it is the biggest target, just as Android is the biggest target for phones.
So, just like Google choosing to ignore their own responsible disclosure timings, you - as an obvious supporter of Linux - have taken this as an opportunity to attack Microsoft... unless, of course, you have can provide proof that Microsoft indeed have blamed someone else and/or were trying to cover this up.
Or would you rather they rushed out an untested fix (in the same manner as I linked in my post when Google made a similar disclosure previously)? As I myself would prefer they did not, as rushed fixes tend to cause more bugs than they correct... but then that would probably suit you down to the ground: more bugs to say that Microsoft were conspiring to cover up - right?
Biting the hand that feeds IT
