12.15.08

Gemini version available ♊︎

Microsoft™ Windows™ Zombies®

Posted in GNU/Linux, Microsoft, Security, Windows at 5:53 am by Dr. Roy Schestowitz

Do something good for yourself: spread GNU/Linux

This month was a particularly bad one for Microsoft security, but it’s getting worse. It’s easy to see why Microsoft has become so paranoid when it comes to perceptions of Windows security (insecurity). It even twists the arms of journalists now.

There are several important reports that we have not included here yet, so here is a quick rundown.

Internet Explorer Under Fire

This is pretty serious. Here is coverage of the key point:

1. IE zero day bites broader group of users

Secunia goes on to revise what it says is the cause of the vulnerability. Contrary to earlier reports that pinned the blame on the way IE handles certain types of data that use the extensible markup language, or XML, format, the true cause is faulty data binding, meaning exploit code need not use XML.

2. Microsoft: IE5, IE6 Also Affected by Browser Vulnerability

An unpatched vulnerability found in Internet Explorer 7 also affects older versions of the browser as well as the latest beta version, Microsoft warned Thursday.

The new information widens the pool of users who could be at risk of inadvertently becoming infected with malicious software installed on their PC, as Microsoft does not yet have a patch ready.

In an advisory updated on Thursday, Microsoft confirmed that IE 5.01 with Service Pack 4, IE6 with and without Service Pack 1 and IE8 Beta 2 on all versions of the Windows operating system are potentially vulnerable.

3. All Internet Explorer Versions Have Hole?

The unpatched bug in Internet Explorer 7 (IE7) that hackers are now exploiting also exists in older versions of the browser, including the still-widely-used IE6, Microsoft Corp. said.

Friday, a Danish security researcher added that Microsoft’s original countermeasure advice was insufficient, and recommended users take one of the new steps the company spelled out.

There is an early fix for this flaw. It’s called Mozilla Firefox, but there are other fixes available.

Having Only Oneself to Blame

Would it be considered acceptable that Microsoft is patching a known security hole 7 years late?

Microsoft recently released two new patches, one of which fixes a security hole that the company has been trying to plug since 2001.

It was only days ago that Microsoft patched no less than six “critical” flaws.

Palo Alto Networks today announced that its Threat Research Team discovered one of the six critical vulnerabilities communicated in Microsoft’s Patch Tuesday security bulletin this week.

The Future

With so many holes that are most severe, no wonder virtually every Windows box is open to hijackers and almost half of them are already hijacked. The press is rightly preoccupied with stories about the global financial crisis, but one security vendor believes that cybercrime has become an even greater problem.

You might have noticed that the economy is in the tank. Something about this “credit crunch” and “recession” and whatnot. But the amount of attention governments around the world are paying to these issues is giving cybercrime a foothold, according to a new study from a — yep, you guessed it — security vendor…

As the economy declines, this is bound to get worse.

Desperate IT workers who have been laid off will go rogue in 2009, selling corporate data and using crimeware, reports have predicted.

The credit crunch will drive some IT workers to use their skills to steal credit-card data using phishing attacks, and abuse their privileged corporate computer access to sell off valuable financial and intellectual information, forensic experts have warned.

How did we get here and how will we get out of this? Download a fix now.

Ogg Theora

Direct link

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Proprietary Software is Pollution

    "My daughter asked me about why are we throwing away some bits of technology," Dr. Andy Farnell says. "This is my attempt to put into words for "ordinary" people what I tried to explain to a 6 year old."



  2. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation

    Defamation of one’s victims might be another offence to add to the long list of offences committed by Microsoft’s Chief Architect of GitHub Copilot, Balabhadra (Alex) Graveley; attempting to discredit the police report is a new low and can get Mr. Graveley even deeper in trouble (Microsoft protecting him only makes matters worse)



  3. [Meme] Alexander Ramsay and Team UPC Inciting Politicians to Break the Law and Violate Constitutions, Based on Misinformation, Fake News, and Deliberate Lies Wrapped up as 'Studies'

    The EPO‘s law-breaking leadership (Benoît Battistelli, António Campinos and their corrupt cronies), helped by liars who don't enjoy diplomatic immunity, are cooperating to undermine courts across the EU, in effect replacing them with EPO puppets who are patent maximalists (Europe’s equivalents of James Rodney Gilstrap and Alan D Albright, a Donald Trump appointee, in the Eastern and Western Districts of Texas, respectively)



  4. Has the Administrative Council Belatedly Realised What Its Job in the European Patent Organisation Really Is?

    The "Mafia" which took over the EPO (the EPO's own workers call it "Mafia") isn't getting its way with a proposal, so it's preventing the states from even voting on it!



  5. [Meme] Team UPC is Celebrating a Pyrrhic Victory

    Pyrrhic victory best describes what's happening at the moment (it’s a lobbying tactic, faking/staging things to help false prophecies be fulfilled, based on hopes and wishes alone), for faking something without bothering to explain the legal basis is going to lead to further escalations and complaints (already impending)



  6. Links 24/1/2022: Scribus 1.5.8 and LXLE Reviewed

    Links for the day



  7. IRC Proceedings: Sunday, January 23, 2022

    IRC logs for Sunday, January 23, 2022



  8. [Meme] Team UPC Congratulating Itself

    The barrage of fake news and misinformation about the UPC deliberately leaves out all the obvious and very important facts; even the EPO‘s António Campinos and Breton (Benoît Battistelli‘s buddy) participated in the lying



  9. Links 24/1/2022: pgBadger 11.7 Released, Catch-up With Patents

    Links for the day



  10. The Demonisation and Stereotyping of Coders Not Working for Big Corporations (or 'The System')

    The war on encrypted communication (or secure communications) carries on despite a lack of evidence that encryption stands in the way of crime investigations (most criminals use none of it)



  11. On the 'Peak Hacker' Series

    Hacker culture, unlike Ludditism, is ultimately a movement for justice, for equality, and for human rights through personal and collective emancipation; Dr. Farnell has done a good job explaining where we stand and his splendid series has come to a close



  12. Links 23/1/2022: First RC of Linux 5.17 and Sway 1.7 Released

    Links for the day



  13. Peak Code — Part III: After Code

    "Surveillance perimeters, smart TVs (Telescreens built to Orwell's original blueprint) watched over our living rooms. Mandatory smart everything kept us 'trustless'. Safe search, safe thoughts. We withdrew. Inside, we went quietly mad."



  14. IRC Proceedings: Saturday, January 22, 2022

    IRC logs for Saturday, January 22, 2022



  15. Links 23/1/2022: MongoDB 5.2, BuddyPress 10.0.0, and GNU Parallel 20220122

    Links for the day



  16. A Parade of Fake News About the UPC Does Not Change the General Consensus or the Simple Facts

    European Patents (EPs) from the EPO are granted in violation of the EPC; Courts are now targeted by António Campinos and the minions he associates with (mostly parasitic litigation firms and monopolists), for they want puppets for “judges” and for invalid patents to be magically rendered “valid” and “enforceable”



  17. Welcome to 2022: Intentional Lies Are 'Benefits' and 'Alternative Facts'

    A crooks-run EPO, together with the patent litigation cabal that we’ve dubbed ‘Team UPC’ (it has nothing to do with science or with innovation), is spreading tons of misinformation; the lies are designed to make the law-breaking seem OK, knowing that Benoît Battistelli and António Campinos are practically above the law, so perjury as well as gross violations of the EPC and constitutions won’t scare them (prosecution as deterrence just isn’t there, which is another inherent problem with the UPC)



  18. From Software Eating the World to the Pentagon Eating All the Software

    “Software is eating the world,” according to Marc Andreessen (co-founder of Netscape), but the Empire Strikes Back (not the movie, the actual empire) by hijacking all code by proxy, via Microsoft, just as it grabbed a lot of the world’s communications via Skype, bypassing the world's many national telecoms; coders need to fight back rather than participate in racist (imperial) shams such as GitHub



  19. Links 22/1/2022: Skrooge 2.27.0 and Ray-Tracing Stuff

    Links for the day



  20. IRC Proceedings: Friday, January 21, 2022

    IRC logs for Friday, January 21, 2022



  21. Peak Code — Part II: Lost Source

    "Debian and Mozilla played along. They were made “Yeoman Freeholders” in return for rewriting their charters to “work closely with the new Ministry in the interests of all stakeholders” – or some-such vacuous spout… because no one remembers… after that it started."



  22. Links 22/1/2022: Ubuntu MATE 21.10 for GPD Pocket 3, MINISFORUM Preloads GNU/Linux

    Links for the day



  23. Computer Users Should be Operators, But Instead They're Being Operated by Vendors and Governments

    Computers have been turned into hostile black boxes (unlike Blackbox) that distrust the person who purchased them; moreover, from a legislative point of view, encryption (i.e. computer security) is perceived and treated by governments like a threat instead of something imperative — a necessity for society’s empowerment (privacy is about control and people in positions of unjust power want total and complete control)



  24. Peak Code — Part I: Before the Wars

    Article/series by Dr. Andy Farnell: "in the period between 1960 and 2060 people had mistaken what they called "The Internet" for a communications system, when it had in fact been an Ideal and a Battleground all along - the site of the 100 years info-war."



  25. Links 21/1/2022: RISC-V Development Board and Rust 1.58.1

    Links for the day



  26. IRC Proceedings: Thursday, January 20, 2022

    IRC logs for Thursday, January 20, 2022



  27. Gemini Lets You Control the Presentation Layer to Suit Your Own Needs

    In Gemini (or the Web as seen through Gemini clients such as Kristall) the user comes first; it's not sites/capsules that tell the user how pages are presented/rendered, as they decide only on structural/semantic aspects



  28. The Future of Techrights

    Futures are difficult to predict, but our general vision for the years ahead revolves around more community involvement and less (none or decreased) reliance on third parties, especially monopolistic corporations, mostly because they oppress the population via the network and via electronic devices



  29. [Meme] UPC for CJEU

    When you do illegal things and knowingly break the law to get started with a “legal” system you know it’ll end up in tears… or the CJEU



  30. Links 20/1/2022: 'Pluton' Pushback and Red Hat Satellite 6.10.2

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts