08.28.08

He Who Imitates Microsoft Will Suffer from Its Flaw

Posted in GNU/Linux, Microsoft, Mono, Novell, Security at 8:32 am by Dr. Roy Schestowitz

We have warned before that any imitation of .NET is likely to inherit its problems and the same goes for OOXML. Some of the more severe problems pertain to security.

A new vulnerability has just been found in Mono. This one is funny:

Vulnerability reported by Redhat.

Is that a technical vulnerability only, or also a legal one? Either way, Fedora 10 has no Mono in the Live CD. It’s not there anymore.

Early in the week, we also remarked on Novell's support of ActiveX from Microsoft. Carla Schroder is far from impressed.

Nominum Solves Kaminsky Attack, and Novell’s iPrint Open to Attack, Say Researchers. What do these stories have in common? I was thinking perhaps institutionalized delusional thinking and incompetence, but maybe I’m being too harsh.

[...]

Lest anyone think I am being too mean to poor old defenseless Novell and Microsoft, I recall ActiveX security advisories almost from its inception back in 1996 or so. What has changed since then, twelve years later? Nothing, as this random recent security bulletin shows:

“Microsoft has released Security Advisory (955179) to describe attacks on a vulnerability in the Microsoft Office Snapshot Viewer ActiveX control. Because no fix is currently available for this vulnerability, please see the Security Advisory and US-CERT Vulnerability Note VU#837785 for workarounds.”

So we need to revise the popular “fool me once” saying:

Fool me once, shame on you
Fool me twice, shame on me
Fool me thousands of times over many years…let’s get married!”

Now why is it again that corporate participation is important to FOSS?

When will Novell finally start thinking for itself? It already supports Windows Vista , Internet Explorer, ActiveX, .NET, and XAML (Silverlight). It only helps in spreading the problems and everyone suffers as a result, except Microsoft. █

“Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system…”

–Dennis Fisher, August 7th, 2008

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

CAFC Decision Still Overridden by Overzealous Patent Lawyers in the Press, The Guardian and Other Corporate Press (CBS and AFP Included) Still Guard the Establishment

Analysis of a sceptical kind of corporate press coverage regarding software patents in the US; great examples of how Microsoft- and Gates-funded press outlets tend to get it all wrong on the facts, smearing digital freedom fighters
Software Patents Debate Still Open in New Zealand and the US

In spite of distraction attempts, the debate over software patents continues to stress that there is a real danger
WebM is No Ogg, It is Not Freedom-Respecting Anymore, Even in Countries That Have No Software Patents

Why Google needs to fix the licence of VP9, or simply stop pretending that it should be the only de facto standard for multimedia
Microsoft Violates Google Licences

The champion of 'IP' and licensing (extortion) is not much of a champion after all, based on new reports, not just a lot of old ones
Skype Teaches Us That All Microsoft Software Should be Assumed Spyware Unless Proven Otherwise

The broader implications of Microsoft adding spying 'features' to Skype
Links 23/5/2013: Threat to Civil Rights in UK, KDE 4.11 LTS

Links for the day
Links 22/5/2013: Debian GNU/Hurd, New Go Language Release

Links for the day
The FRAND Apple-Microsoft Conspiracy Attempts to Destroy Android/Linux, Ban Imports

How Microsoft and Apple are using patents in bulk (sometimes acquired in unison, e.g. from Novell and Nortel) to artificially lower market saturation of the Android operating system or drive costs up
Gates Foundation: Buying Influence for Bill's Ego and Bill's Profit

New examples of power being acquired and investments (i.e. for profit) being funnelled into the beneficiaries
Bill Gates Enters Financial Centres With His Goons Becoming US Budget Chief, Top Bankers

How Bill Gates' staff is entering positions of financial power, indirectly giving Gates power over US (national and international) finance
IBM Ignores Small Companies' Interests, Denies Patent Scope is a Problem, Focusing on Its Own Problems (Trolls) Instead

How David Kappos and IBM (his longtime employer) continue to ignore the obvious problem which kills small businesses and everyone is complaining about
The New York Times Publishes Factually-Flawed Patent Propaganda Benefiting Microsoft and Apple

Eamonn Fingleton is rewriting history in the US' top newspaper, insinuating that patents contributed to the rise of software duopolists
Software Patents Eligibility Likely to be Decided by SCOTUS

Analyses suggest that an escalation by appeal to SCOTUS is likely to be the next stage in 'Bilski 2.0'
Does Bill Gates Try to Flush GNU/Linux Down the Toilet in Kerala?

Renting Microsoft software rather than using Free (as in freedom, or libre) software?
Links 21/5/2013: Handbrake Turns 0.9.9, NetBSD 6.1

Links for the day
Links 20/5/2013: First Salifish Smartphone, Mageia 3 Released

Links for the day
Microsoft Corruption (Illegal Tenders) Stopped by European Court

Microsoft cannot bypass public tenders, based on a ruling from a court of law in Europe
Not Satire: Microsoft Wants to Show the World How Security is Done

Software security 'standard' to be led by the company which made insecurity an acceptable engineering practice?
Microsoft is Struggling to Maintain Industry 'Standards'

With Microsoft's common carrier and browser share down considerably Microsoft finds itself increasingly irrelevant and it tries subversive means of making another comeback
Microsoft Entryism and Bribery Get the Microsoft Way Implemented

A recollection of very dirty tactics from Microsoft, which uses money to oppress, overthrow, and even hijack its opposition
Patent Policy Laundering in the European Union and New Zealand

How the so-called 'free' trade agreements help spread patent policy which favours software patents
Ongoing Focus on Patent Litigation and Patent Trolls Reduces Focus on Software Patents

The problem with increased focus on the players that use software patents litigiously and the litigation itself
Andrew Y. Schroeder Shows That Patent Lawyers Are Sociopaths

Bully and law misuser is trying to get his way with foul language, intimidation, and sheer lack of professionalism
IBM-backed Book on 'Open Innovation'

OpenForum Europe (OFE), which helps IBM's turf wars in Europe, releases a new book filled with its talking point
Joseph E. Stiglitz Criticises the Patent System

More critical words about the patent system and the way it is harming lives
Senator Schumer Should Focus on Software Patents, Leaving Patent Trolls (Side Effect) Aside

Reform in the USPTO and the US courts should focus on patent scope and not patent holders
Links 20/5/2013: Plenty of Linux News, Google/Android Announcements

Links for the day
IRC Proceedings: May 12th, 2013-May 18th, 2013

IRC logs for May 12th, 2013 (and subsequent days until May 18th, 2013)
Microsoft Spin Regarding Skype Spying Does Not Withstand Scrutiny

Microsoft's response to allegations that Skype is spying on all users is full of holes
MPEG-LA Ruined the Licence of WebM, Made it Less Freedom-Respecting

The Microsoft-, Nokia-, and Apple-backed patent troll appears to have ruined the freedom assured by Google's multimedia format, which was previously made free only after public pressure