Tavis Ormandy

(get it in RSS or Atom)

Monday review: the hot 20 stories of the week

Monday review: the hot 20 stories of the week

It's weekly roundup time - here's everything we published in the last seven days.

Sophos products and Tavis Ormandy

Sophos products and Tavis Ormandy

As a security company, keeping customers safe is Sophos's primary responsibility.

Find out more, and how Sophos has updated its products.

Tavis Ormandy and Sophos

tavis-thumb

Researcher Tavis Ormandy has examined Sophos's anti-virus product - not in terms of possible vulnerabilities - but instead looking at how various components of were implemented.

Having assessed Tavis's report, Sophos can assure customers that their protection is not compromised.

Google versus Microsoft - handbags at dawn

Google versus Microsoft - handbags at dawn

By some accounts, Microsoft and Google are at each other's throats over the disclosure of vulnerabilities.

What went wrong?

Patch Tavis Day

Patch Tavis Day

Yesterday was Patch Tuesday, or as I like to call it (hopefully for the last time) "Patch Tavis Day". Amongst the other vulnerabilities that Microsoft published in its regular round-up of security patches was a fix for the zero day Read more…

Full Disclosure? 10,000 PCs infected and counting

Screenshot of Windows Help Center in Windows XP

Microsoft reported yesterday that the flaw disclosed by Tavis Ormandy in the Windows Help Center has been used to infect more than 10,000 PCs in less than one month. Update: Chris Kozlowski pointed out that these were attempts at infecting Read more…

Tavis Ormandy - are you pleased with yourself? Website exploits Microsoft zero-day

Tavis Ormandy - are you pleased with yourself? Website exploits Microsoft zero-day

Updated Last week I railed against the irresponsible disclosure by a Google engineer of a zero-day vulnerability in Microsoft's code. Tavis Ormandy, a security researcher employed by Google, found a vulnerability in Windows XP's Help and Support Center, but only Read more…

Did Google engineer act irresponsibly over Microsoft zero-day disclosure?

Did Google engineer act irresponsibly over Microsoft zero-day disclosure?

If I were responsible for security at Microsoft I would be less than pleased with Google right now. Here's the story. A Google security engineer, Tavis Ormandy, sent details of a zero-day vulnerability he had discovered in Windows XP to Read more…