Tuesday, May 8, 2012

Microsoft Boots Chinese firm for leaking sensitive info‏



Exactly what I have been saying for years…..

Microsoft hands over highly sensitive Windows information to Communist Red China.  China uses that information for hacking.

Microsoft on Thursday identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.

"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member ... Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement



DPTech is based in Hangzhou, a major city in eastern China southwest of Shanghai. According to the company's website, it develops and sells network security products that include UTM (unified threat management) systems, IPS (intrusion prevention systems) appliances, application firewalls and vulnerability scanning software.
Andrew Storms, director of security operations at nCircle Security, was stunned that Microsoft named DPTech.  STUNNED…..He was stunned.  He had no idea Microsoft handing over Windows info to China was a problem.  Who could have known that….
Auriemma had uncovered aS vulnerability in Windows' Remote Desktop Protocol (RDP) in May 2011, then reported it to TippingPoint. His code was used by the Zero Day Initiative to create a working exploit as part of the bounty program's bug verification work. ZDI passed along the exploit and other information about the RDP vulnerability to Microsoft.
Microsoft patched the RDP vulnerability in its March Patch Tuesday update, and rated the fix "critical," the highest threat ranking in its four-step system.
Later on the same day that Auriemma claimed the leak had given hackers a head start on a worm, Microsoft confirmed that the leak had likely originated with MAPP.
Under MAPP, Microsoft provides select security vendors with technical information and a proof-of-concept exploit before patches go public. MAPP is meant to give the security companies time to craft detection signatures.
MAPP counts 73 companies as members, including several other vendors based in China. Six weeks ago, MAPP's rolls listed 78 firms.


0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home