"Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system..."

--Dennis Fisher, August 7th, 2008

LAST WEEK it was DNS and this time around it's an entire nation that's brought down thanks to the hundreds of millions of Windows zombies out there. When will people learn?

The central Asian republic of Kyrgyzstan was effectively knocked offline for more than a week by a Russian cybermilitia that continues to flood the country's internet providers with crippling data attacks, a security expert said.

This has nothing to do with patching. Bad engineering has led to cyberstorms of biblical proportions and not only personal computers are participants (with mortal cost on occasions). Even telephones (running Windows) are heading down the same route, based on reports like this new one:

Windows Mobile Bluetooth vulnerability allows access to any files

A directory traversing vulnerability in the Bluetooth OBEX-FTP server of Windows Mobile 6 allows attackers to access files outside of the permitted list. According to the report, using "../" or "..\\" as part of the path name, is sufficient to traverse to other directories. An attacker could use the technique to copy files from a device, or to install their own software, such as a key logger, or other spyware.

It is almost amusing that only a week or so ago it was reported that Microsoft had lobbied Obama to move to Windows Mobile for "security". Other people advise Microsoft to just drop Windows Mobile altogether. Several years ago this division was losing a fortune and it's unlikely that anything has changed since. Microsoft combined this division with another in order to conceal the losses. ⬆