Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Expands MAPP, Shares Attack Data With Incident Responders

Unknown Lamer posted about a year ago | from the negative-three-day-vulnerability dept.

Microsoft 18

Trailrunner7 writes "Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats. Now, Microsoft is expanding and changing the MAPP program so that more people will have access to some of the data and the information will be available earlier. Until now, MAPP members get access to patch data 24 hours before the release. Microsoft will be giving that information to MAPP companies three business days before Patch Tuesday going forward. The new MAPP for Responders program is an extension of the existing system and is designed to allow incident response teams to share information among themselves and to benefit from the threat intelligence that Microsoft has, as well."

Sorry! There are no comments related to the filter you selected.

Shill Story (-1, Offtopic)

Anonymous Coward | about a year ago | (#44420577)

Don't they already share it with the NSA?

No matter how many shill stories hit the headlines about something "good" these big corporations are doing now, it won't make us forget the fact that they're perpetuating pervasive monitoring of their customers.

Microsoft et al won't ever get their rep back. They'll all, always, be the companies that installed backdoors and aiding spying on their customers in _foreign_ countries. Good riddance.

Re:Shill Story (5, Insightful)

Anonymous Coward | about a year ago | (#44420683)

..shill..

Sigh.. The Godwin's law of Slashdot now moving up to first post. The mark of a closed zealot mind is calling everything you don't like the work of shills.

This summary is not praising anyone, it is a factual story about MS changing their MAPP program. As someone working in security I find it interesting. We don't like facts now?

If you have a relevant argument about NSA in this context it would be much helped by non ad hominem arguments.

Re:Shill Story (-1)

Anonymous Coward | about a year ago | (#44420713)

I guess you work for Microsoft/NSA/Samething.

MAPP program and security? (0)

dgharmon (2564621) | about a year ago | (#44421113)

"This summary is not praising anyone, it is a factual story about MS changing their MAPP program. As someone working in security I find it interesting. We don't like facts now?"

I don't like this fact, in order to protect *MY* documents from hackers, I must upload them to a VM in the Azure cloud ...

MAPP isn't nearly enough... (-1, Troll)

Freshly Exhumed (105597) | about a year ago | (#44420691)

Microsoft Security wants to make sure that anyone discussing such an issue as this is firmly, completely part of the hive-mind: https://www.microsoft.com/security/msrc/collaboration/mapp/criteria.aspx [microsoft.com]

Microsoft whistles past the graveyard once again.

Re:MAPP isn't nearly enough... (1)

mwvdlee (775178) | about a year ago | (#44420773)

Given the nature of the information and intended purpose, I don't see much wrong here.

The only thing slightly unreasonable to me is the "Are you willing to have your company name and URL displayed on our MAPP website?" question, but only because it has nothing to do with security and it probably the result of having to please the marketing department. In itself the question is harmless and most companies would probably prefer to have their name associated with MAPP.

Which questions do you think should be changed, removed or added and why?

Re:MAPP isn't nearly enough... (3, Interesting)

benjymouse (756774) | about a year ago | (#44421165)

The only thing slightly unreasonable to me is the "Are you willing to have your company name and URL displayed on our MAPP website?" question, but only because it has nothing to do with security and it probably the result of having to please the marketing department.

In the interest of public disclosure of *who* has access to advance information about vulnerabilities before they are patched, I actually find it highly relevant. I can see good coming from giving truly security minded companies a head start. But I would like to know *who* gets this head start.

A few years back a rogue Chinese security company (or just a rogue employee?) leaked proof-of-concept exploit code to Chinese hacker websites. The security company had received the PoC code from Microsoft as part of the MAPP program. The intention was that security companies (AV vendors) could use the PoC code to create heuristics/signatures to scan for exploit attempts.

Of course the spin on slashdot was that Microsoft had "leaked" exploit information. Go figure.

It is also in this light we have to view the "Microsoft shares vulnerability information with the fr***** NSA!!! OMG! Conspiracy!!!" debacle.

Problems with NSA overreaching notwithstanding, I for one believe that NSA should receive vulnerability information at about the same time as it is made public to the other MAPP partners. This news is just that similar agencies of other countries now will receive the information at the same time as NSA and other MAPP partners.

Which is 1-3 days in advance.

Blackhat goldmine (1)

GameboyRMH (1153867) | about a year ago | (#44422555)

1. Set up multiple front companies and get them in the MAPP program
2. Use byzantine fault tolerance to thwart canary traps
3. Become a top "cyber-weapons" dealer
4. PROFIT!

show us your code - show us your code (-1)

Anonymous Coward | about a year ago | (#44420695)

you want to show the world you care, MS? Windows 9 or whatever dick name you call it should be open source.

put up or stfu

New $$$ (0)

Anonymous Coward | about a year ago | (#44420705)

New way to make more bucks - by faster access to patch

Fuck These Daily Microsoft Parroted News Stories (-1)

Anonymous Coward | about a year ago | (#44420753)

fuck them all!

gtfo shills and go polish knobs on some other site, try kuro5hin, i hear they like a bunch of circle jerk articles

Re:Fuck These Daily Microsoft Parroted News Storie (0)

Anonymous Coward | about a year ago | (#44420777)

Love the "use Linux or GTFO" mentality...

Re:Fuck These Daily Microsoft Parroted News Storie (4, Insightful)

Anonymous Coward | about a year ago | (#44420793)

Waah waah, my open source religion does not allow me to read Microsoft news.

Re:Fuck These Daily Microsoft Parroted News Storie (0)

Anonymous Coward | about a year ago | (#44425687)

Why do you assume he's an OSS guy and not, say, a Mac guy?

Re:Fuck These Daily Microsoft Parroted News Storie (0)

Anonymous Coward | about a year ago | (#44427303)

Apple's fanboys usually have at least a 3rd grade understanding of grammar.

microsoft, do the nsa give good binary head? (-1)

Anonymous Coward | about a year ago | (#44420783)

tell us which chair leg you like up your ass greased and ready

desperation.. (0)

Anonymous Coward | about a year ago | (#44421031)

Looks like I'm going to assist to the huge catastrophic collapse of Microsoft within my timespan afterall. This is great, I already have my popcorn ready!

Microsoft Sandpit of Hell :) (1)

dgharmon (2564621) | about a year ago | (#44421091)

"Microsoft is also putting Azure cloud to work via the MAPP Scanner program, which uses Redmond's servers to scan Office documents, PDF files, flash movies, and URLS for potential malicious content .. The scanner works by spinning up VMs for every supported version of Windows, and opens the content in all supported versions of the appropriate application, then looks for signs of a threat."

Reminds me of that Japanese horror movie where this feller is trapped in a sand pit and has to continually shovel sand into a basket that some unknown entity draws up to the surface with a rope, only the sand is continually falling back into the pit. If he don't keep shoveling then he drowns in sand ..
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?