EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.25.08

The (Microsoft) Nightmare Before Christmas

Posted in Microsoft, Security, Servers, Windows at 11:28 am by Dr. Roy Schestowitz

No, not the film

THIS TYPE OF THING happens almost every year. It’s another familiar ‘emergency Christmas’ that may lead to higher blood pressure.

Data in Microsoft Databases Under Threat

Just before the holiday, Microsoft decided to give people fewer reasons to rest well, having recently patched half a dozen critical flaws.

Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.

They have been negligent enough not to fix this in 8 months. Microsoft keeps known flaws to itself until it's too late and damage is being done.

Microsoft Corp. today confirmed that it has been working on a critical vulnerability in SQL Server for more than eight months, but declined to say whether it has had a patch ready since September, as an Austrian security researcher has alleged.

Another emergency patch (almost the third in a month [1, 2, 3]) is likely on its way. Microsoft Fanalysts [sic] are explaining the severity of this as well.

News Analysis. Microsoft has warned of a zero-day vulnerability affecting SQL Server. Do take Microsoft’s security advisory seriously.

Remember SQL Server slammer, which struck nearly six years ago? IT administrators were lucky the worm spread a month after Christmas. The new SQL Server vulnerability could bring coal to your Christmas stocking, if left untended.

Scareware and Fakes

There are other new attacks that piggyback on Microsoft.com.

Miscreants are exploiting weaknesses in more than one million webpages operated by the federal government, media companies, and even Microsoft to trick unwitting visitors into installing harmful software that takes over their computers.

More here:

Fake Antivirus Peddlers Helped by Microsoft, IRS

Just weeks after the U.S. Federal Trade Commission shut down two companies accused of selling fake antivirus software, a new player has moved into the market, aided by glitches in the Microsoft and U.S. Internal Revenue Service Web sites.

As always, there are fake greeting cards too, whose harm is only Windows compatible (where “clicking” translates to “executing”, frequently with full system privileges).

A new worm has emerged that could be much worse than the notorious Storm worm, which ruled the botnet world for nearly two years.

Zombies on the Cloud

We wrote extensively about the threat of zombie PCs. Botnets seem to have recruited almost one in two Windows PCs although most nodes in this network remain unused, so the seriousness remains mostly uncovered — for now. 98% of the Windows PCs out there are potentially ripe for hijacking, according to Secunia, so it’s down to the mercy — or wrath — of botmasters.

This has serious ramifications when it comes to security and the United States too can be crushed by botnets, according to this new simulated attack.

US cybersecurity defences fail to thwart mock cyberattack

The basic scenario involved exercises in electronic disruption accompanying a national emergency, a sequence of events played out in Estonia last year and more recently in Georgia. Defenders drew on established defence procedures but these turned out to be inadequate, for reasons not explained in any detail by participants.

Speaking of security, problems may also be introduced by Microsoft’s so-called ‘cloud’ (Azure), which we remarked on in [1, 2, 3, 4].

Amitabh: Microsoft provides a computing infrastructure on which developers can build applications. It is the responsibility of the developer to ensure that their applications, content and services comply with applicable laws and do not engage in malicious conduct. For more information refer to http://www.microsoft.com/azure/termswindowsazure.mspx

Looking at that URL:

# Indemnification.

[...]

You agree to indemnify, pay the defense costs of, and hold Microsoft and its successors, officers, directors and employees harmless from and against any and all claims, demands, costs, liabilities, judgments, losses, expenses and damages (including attorneys’ fees)

[...]

# Modifying the Terms.

[...]

Microsoft may at its sole discretion modify this agreement at any time. You can access the most current version of the agreement via the link

That’s not so reassuring. For similar reasons, we constantly warn about Microsoft's so-called "open source" licences. Microsoft totally controls the way they evolve.

International database

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

7 Comments

  1. Bryant said,

    December 25, 2008 at 11:39 am

    Gravatar

    “You agree to indemnify, pay the defense costs of, and hold Microsoft and its successors, officers, directors and employees harmless from and against any and all claims, demands, costs, liabilities, judgments, losses, expenses and damages (including attorneys’ fees)”

    That passage is standard issue in all Terms of Service. The whole point is that if you’re doing something that gets Microsoft sued, Microsoft should have the right to sue you for the legal woes you imposed on them.

    Amazon Web Services has a similar clause:
    http://aws.amazon.com/agreement/#12

  2. Roy Schestowitz said,

    December 25, 2008 at 11:43 am

    Gravatar

    Thank you. I did not know this and it’s valuable to bear in mind.

  3. amd-linux said,

    December 25, 2008 at 12:24 pm

    Gravatar

    Hey Roy,

    guess you are aware that MS is sponsoring your site? :-)

    I get a large banner ad for MS Office when I view this page – and of course, I HAD to check out what MS office has to offer for a Linux user (just to find out that it still is not much, compared to OO.org and the price tag…) and clicked on it….

    Merry Christmas to verybody, and thanks to MS for sponsoring :-)

  4. Roy Schestowitz said,

    December 25, 2008 at 12:36 pm

    Gravatar

    We’re blocking Microsoft and Novell domains, but this doesn’t prevent their channel partners from penetrating through Google. What was the site’s domain? Let us know so that Shane can add it to the blocklist.

  5. Shane Coyle said,

    December 25, 2008 at 12:38 pm

    Gravatar

    Yup, we’re fully aware – we even have reports of Novell ads here from time to time.

    As evidenced by the comments here, we have a regular community of folks from all sides of the Microsoft-Novell deal – supporters, haters, and some who are indifferent or have not yet made up their mind. If Microsoft and Novell wish to try and make their case, they can feel free.

    Please, as always – do not commit click fraud, if you are genuinely interested in an ad, great. If not, (depending on your browser) you may consider an ad blocker or proxy filter setup in order to avoid the ads altogether – that’s what I do.

    Ads are a necessary evil here, we’ve discussed it before and I still can’t see a way around it, we get alot of traffic, and sometimes we melt the servers with some of the stories that get Dugg or Slashdotted.

    Just recently, technocrat.net fell by the wayside due to similar pressures and inviability, and while we are not in danger of that presently, I was close to broke not long ago and may be once again…

  6. Shane Coyle said,

    December 25, 2008 at 12:44 pm

    Gravatar

    For the record, novell.com microsoft.com and moreinterop.com should not come through. After that, it became too tedious to filter in Adsense…

  7. Roy Schestowitz said,

    December 25, 2008 at 12:49 pm

    Gravatar

    I didn’t realise that MoreInterop used to sneak in. Heh. “More Interop”… kind of like “More dead” of “F-” (as though standards are a relative thing)

What Else is New


  1. Links 20/5/2019: Linux 5.2 RC1, LibreOffice 6.3 Alpha, DXVK 1.2.1, Bison 3.4 Released

    Links for the day



  2. South Korea's Government Will Show If Microsoft Loves Linux or Just Attacks It Very Viciously Like It Did in Munich

    Microsoft's hatred of all things GNU/Linux is always put to the test when someone 'dares' use it outside Microsoft's control and cash cows (e.g. Azure and Vista 10/WSL); will Microsoft combat its longstanding urge to corrupt or oust officials with the courage to say "no" to Microsoft?



  3. Links 19/5/2019: KDE Applications 19.04.1 in FlatHub and GNU/Linux Adoption

    Links for the day



  4. The War on Patent Quality

    A look at the EPO's reluctance to admit errors and resistance to the EPC, which is its very founding document



  5. Watchtroll, Composed by Patent Trolls, Calls the American Patent System “Corrupt”

    Another very fine piece from Watchtroll comes from very fine patent trolls who cheer for Donald Trump as if he's the one who tackles corruption rather than spreading it



  6. Unified Patent Court Won't Happen Just Because the Litigation Microcosm Wants It

    Unified Patent Court (UPC) hopefuls are quote-mining and cherry-picking to manufacture the false impression that the UPC is just around the corner when in reality the UPC is pretty much dead (but not buried yet)



  7. Links 17/5/2019: South Korea's GNU/Linux Pivot, Linux 5.1.3

    Links for the day



  8. Q2 Midterm Weather Forecast for EPOnia, Part 4: Happy Birthday to the Kötter Group?

    This year the Kötter Group commemorates the 85th anniversary of its existence. But is it really a cause for celebration or would a less self-congratulatory approach be more fitting? And does it create the risk that a routine tendering exercise at the EPO will turn into Operation Charlie Foxtrot?



  9. Links 16/5/2019: Cockpit 194, VMware Acquires Bitnami, Another Wine Announcement and Krita 4.2.0 Beta

    Links for the day



  10. The EPO's Key Function -- Like the UPC's Vision -- Has Virtually Collapsed

    The EPO no longer issues good patents and staff is extremely unhappy; but the Office tries to create an alternate (false) reality and issues intentionally misleading statements



  11. Stanford's NPE Litigation Database Makes a Nice Addition in the Fight Against Software Patent Trolls

    As the United States of America becomes less trolls- and software patents-friendly (often conflated with plaintiff (un)friendliness) it's important to have accurate data which documents the numbers and motivates better policy; The NPE (troll) Litigation Database is a move towards that and it's free to access/use



  12. Q2 Midterm Weather Forecast for EPOnia, Part 3: “Ein kritikwürdiges Unternehmen”

    A brief account of some further controversies in which the Kötter Group has been involved and its strained relations with German trade unions such as Verdi



  13. EPO Had a Leakage Problem and Privacy of Stakeholders Was Compromised, Affecting at Least 100 Cases

    The confidentiality principle was compromised at the EPO and stakeholders weren't told about it (there was a coverup)



  14. Links 15/5/2019: More Linux Patches and More Known Intel Bugs

    Links for the day



  15. False Hope for Patent Maximalists and Litigation Zealots

    Patent litigation predators in the United States, along with Team UPC in Europe, are trying to manufacture optimistic predictions; a quick and rather shallow critical analysis reveals their lies and distortions



  16. The Race to the Bottom of Patent Quality at the EPO

    The EPO has become more like a rubber-stamper than a patent office — a fact that worries senior staff who witnessed this gradual and troublesome transition (from quality to raw quantity)



  17. Q2 Midterm Weather Forecast for EPOnia, Part 2: Meet the Kötters

    An introduction to the Kötter Group, the private security conglomerate which is lined up for the award of a juicy EUR 30 million contract for the provision of security services at the EPO



  18. Links 14/5/2019: Red Hat Satellite 6.5, NVIDIA 430.14 Linux Driver and New Security Bug (MDS)

    Links for the day



  19. Links 14/5/2019: GNU/Linux in Kerala, DXVK 1.2, KDE Frameworks 5.58.0 Released

    Links for the day



  20. Q2 Midterm Weather Forecast for EPOnia, Part 1: Urgent Shitstorm Alert

    Experts at the European Patent Office's (EPO) weather observation station have just issued an urgent alert warning about a major shitstorm looming on the horizon



  21. Patents That Were Gleefully Granted by the EPO Continue to Perish in Courts

    The decreasing quality of granted European Patents already becomes a growing problem if not a crisis of uncertainty



  22. Links 13/5/2019: ExTiX 19.5 and GNU Radio Conference 2019

    Links for the day



  23. The Microsoft Guide to the Open Source Galaxy

    Thou shalt not...



  24. Microsoft Would Kill the Goose for Money

    Microsoft is just 'monetising' Open Source by using it as 'bait' for Microsoft's proprietary software; those who we might expect to antagonise this have effectively been bribed by Microsoft



  25. Links 13/5/2019: Nanonote 1.2.0, OpenMandriva Lx 4.0 RC, and GNUnet 0.11.4

    Links for the day



  26. Professionally Incompetent EPO Management

    The EPO remains an awful employer, with top-level management largely responsible for the loss of talent and even money



  27. Links 12/5/2019: Linux 5.1.1, GDB 8.3, KStars 3.2.2 Released

    Links for the day



  28. Did Battistelli 'Steal' ~$100,000,000 Euros From the EPO?

    While enjoying diplomatic immunity the thug from CEIPI (who is back at the EPO as a jurist) passed millions if not billions (over the long run) in liabilities; this was done with total and inexcusable impunity, no effective oversight



  29. The Biased EPO Does Not Want to Hear From Anyone Except Those Who Pay the EPO

    The EPO's corruption and violations of the law are a threat to everyone in the world; the EPO only ever listens to those who pay for "access" or those who embrace the "religion" of the EPO



  30. Team UPC Has Run Out of Arguments, So Now It's Just Writing Anti-Brexit Rants With Testicles in the Headlines

    Nothing has worked for firms that crafted and lobbied hard for the Unified Patent Court (UPC); after necrophilia a new low is being reached


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts