Summary: Microsoft security news from the past few days
• Microsoft patches huge Windows 7 RC bug (that’s not a bug, it’s just release candidate by Microsoft’s standards)
Just days after it launched Windows 7 Release Candidate (RC), Microsoft has released a fix for a major flaw that slipped through testing.
“The folder that is created as the root folder of the system drive (%SystemDrive%) is missing entries in its security descriptor,” Microsoft acknowledged in the support article. “One effect of this problem is that standard users such as non-administrators cannot perform all operations to subfolders that are created directly under the root. Therefore, applications that reference folders under the root may not install successfully or may not uninstall successfully. Additionally, operations or applications that reference these folders may fail.”
• Pirates on Board the M.S. MoneyTanker!
Microsoft needs to be regulated, forced, coerced, sued and hammered on until they start up a substantial anti-botnet, anti-piracy effort that goes on the offensive against infected systems running their software.
Personally I’m tired of Microsoft’s passive stance on allowing their customer’s computers to be used as Internet versions of Typhoid Mary. They need to be held to account. There are lemon laws for bad cars. Doctors get sued for mal-practice. The EULA only protects Microsoft. Its about time that there was a balance between users as a class or an economic force and Microsoft.
Scare the hell out of the stockholders with a $25 billion fine and maybe Microsoft will move to tighten up OS install security.
Crackers who get caught and prosecuted are fined for their activity. So why can’t Microsoft be fined for their apparent malpractice or indifference in really locking down security around their operating system image?
• Please Join me in welcoming memcpy() to the SDL Rogues Gallery
Because we have seen many security vulnerabilities in products from Microsoft and many others, including ISVs and competitors, and because we have a viable replacement, I am “proud” to announce that we intend to add memcpy() will to the SDL C and C++ banned API list later this year as we make further revisions to the SDL. Right now, memcpy() is on the SDL Recommended banned list, but will soon be added to the SDL banned API requirement list now that we have more feedback from Microsoft product groups.
• Organised crime cops seek international hacking powers
British law enforcement agents are quietly working with European counterparts on changes to national legislation that will allow them to share intelligence gained by hacking into suspects’ PCs.
Sharon Lemon, director of the Serious and Organised Crime Agency’s (SOCA) e-crime unit, told The Register data laws in some EU countries make it impossible for investigators to obtain and pool data covertly.
• Malware infested MPs’ PCs inflate leak risk
“That’s one of those irregular verbs, isn’t it? I give confidential security briefings. You leak. He has been charged under section 2a of the Official Secrets Act.” (Bernard Woolley, Yes Minister)
The ongoing MPs’ expenses row has brought public opinion of politics and politicians in the UK, never very high, towards unplumbed depths.
Embarrassing disclosures about how politicians across the political spectrum subsidised their living expense from the public purse follow hard on the heels of leaked emails regarding a proposed New Labour smear campaign against senior Tories, cobbled together by spin doctors Derek Draper and Brown aide Damian McBride in the style of In the Loop’s Malcolm Tucker.
• Hackers ‘destroy’ flight sim site
Flight simulator site Avsim has been “destroyed” by malicious hackers.
The site, which launched in 1996, covered all aspects of flight simulation, although its main focus was on Microsoft’s Flight Simulator.
• Microsoft update closes fourteen vulnerabilities in PowerPoint (14 “critical”)
Although, as announced, Microsoft is distributing only a single update (MS09-017), it’s a biggie that closes fourteen security vulnerabilities in PowerPoint 2000, 2002, 2003 and 2007, and in PowerPoint Viewer 2003 and 2007.
• IIS 6 + Webdav auth bypass and data upload (more here)
In other words Microsoft, certainly through the late addition of Unicode support to IIS, failed to realise that converting chars to unicode representation should happen before any “security” checks. So the flaw was one of logic, Unicode convertion after the security check.
• Conficker Worm Infects Hospital MRI Machines
The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment that’s connected to the Internet, say security experts who are monitoring the massive computer worm. Security workers at the Internet Storm Center, tracked Conficker to an MRI machine in a hospital when the machine’s computer connected to the worm’s command and control center for instructions.
Send this to a friend
Summary: Gnote makes it into a popular GNU/Linux distribution
Gnote, a Mono-free replacement for Tomboy, has already entered Fedora and Debian. Now it is also in Ubuntu.
Send this to a friend
Summary: Senior Microsoft employees who come to other companies are named
ACCORDING to the following report, Bruce Jaffe, who quit Microsoft not so long ago, brings Microsoft roots to the veins of this startup.
Take a moment to learn about Bruce Jaffe's role in the hijack of OLPC.
A new company called Digiting has done just that. The Seattle-based startup claims from Microsoft acquisitions chief Bruce Jaffe and former Twitter vice president Lee Mighdoll among its new employees.
Microsoft influence can now be found in Bruckheimer as well. From the news:
Jim Veevaert, formerly an executive producer at Microsoft, and Jay Cohen, previously senior vice president of publishing at Ubisoft, will lead Bruckheimer Games as president of production and president of development, respectively.
Most important, however, is the following appointment, which puts a former Microsoft executive in a chairman’s position. That company is DoMedia.
Little more than two months after bringing on a new CEO, online advertising database DoMedia has a new face in the chairman’s seat.
Here is the the corresponding press release.
In order to understand what impact former Microsoft employees can have, taking a look at Ignition and Xen might help. Citrix grabbed XenSource and thus essentially took it from GNU/Linux. Now it’s mostly about Microsoft, Windows, and Hyper-V. Here is a new press release which shows this and also an article. It was a good lesson in Microsoft’s ability to grab competitive threats using its ecosystem that absorbs the threat.
Speaking of ecosystem, here is something to watch out for: Intel, Microsoft, Dell band together for WiGig
Computer and home entertainment industry leaders, including Intel Corp., Microsoft Corp., Dell Inc. and Panasonic Corp., said Wednesday that they’re forming a new association to create an even faster wireless technology for zipping large files around the home.
What about Linux? No word about it. This is a triangle (and sometimes collusion) that we wrote about before [1, 2]. Intel pays Dell billions of dollars in kickbacks to avoid them stocking AMD, Dell and Microsoft share a bed, Intel and Microsoft conspire against consumers and so on and so forth. █
Send this to a friend
Summary: The imbalanced Microsoft redundancies show financial thinking and journals raise questions about future redundancies
MORE LAYOFFS appear to be coming Microsoft's way, but it’s truly revealing that the company strategises in a way that would anger senator Grassley. It favours inexpensive labour. Truth be told, many companies including Novell do such a thing, but this post is about Microsoft. Having spent some time browsing through the news, one would find that New Zealand’s scale of Microsoft layoffs remains a secret.
Software giant Microsoft has confirmed that jobs will be cut in New Zealand.
The company would not comment on how many people would be made redundant.
Looking further up in Asia, it’s only 1% who get laid off in India (5 times lower than the global estimate), which means that a lot more Microsoft employees will lose their jobs in ‘expensive’ countries:
Software giant Microsoft will lay off about 55 employees in India, which is one per cent of its Indian staff, as slowdown hits the sector, affecting business and profitability.
Here is a report from the Philippines and one from Singapore:
MICROSOFT’S local employees dodged the first bullet but could not escape the next, as the economic downturn continues to crimp technology spending by businesses and consumers.
No numbers are quoted there unfortunately. Compare to: Microsoft’s cuts reach Triangle
Microsoft announced earlier this year that the recession would force its first mass layoffs, about 5,000 jobs. This week, the Redmond, Wash., company notified the N.C. Commerce Department that those cuts will include 55 positions at an outpost in North Raleigh.
Microsoft laid off the same number of people, namely 55 employees, in the huge nation of India (almost a billion citizens) and in one single outpost in North Raleigh. Hello, Red Hat? This is also covered here.
Microsoft cutting 55 jobs in Raleigh; Wells Fargo, American Express also cut jobs in N.C.
Three mass layoffs notices field with the North Carolina Department of Commerce last week show the continuing impact the economic recession is having on the high-tech and financial services sectors across North Carolina.
Over in the UK, Microsoft lays off more than twice as many people as in India and 5 times the rate.
5% of UK staff to go; CEO Steve Ballmer implies further job cuts may be necessary
Microsoft’s special relationship with Ireland [1, 2] is showing:
Microsoft is seeking to cut 60 jobs in its Irish business, but it has also decided to create 40 new jobs here.
Are these layoffs symbolic? Regarding Microsoft’s favours in Ireland (notably tax evasion) here are some new articles:
All the articles above mention Microsoft. More information about Microsoft’s tax evasion can be found in [1, 2, 3].
Here is another new article: “Microsoft dishes out the pink slips. What does it mean for the rest of us?”
More Microsoft layoffs may be coming, according to the following new reports from the Wall Street Journal and Business Mirror:
i. Microsoft CEO: SAP Buy Speculation a Market Rumor
On the company’s move to cut staff numbers, Mr. Ballmer said Microsoft may reevaluate its plans for job cuts, suggesting that more reductions could be in store if the U.S. economic downturn worsens.
ii. US job cuts slow; worst may be over
DuPont Co. and Microsoft Corp. this week said more staff reductions may be necessary. Part of the reduction in job losses in April was due to a jump in government jobs, spurred by the hiring about 60,000 people to help in the 2010 census.
It is very easy to forget that Microsoft did the equivalent of reducing another (additional) 10% in some areas where it cut wages in addition to people. As the Washington Post has just put it:
In March, staffing agencies that work for Microsoft agreed to a 10 percent reduction in their bill rate.
The Seattle press wrote a lot about these pay cuts at the time. There were also protests. If Microsoft is as profitable as it claims to be, then why so many reductions? Both products and employees are being axed. █
Send this to a friend
Summary: More new signs of the rapid self-destruction/implosion at Microsoft
YES, it’s true. Say goodbye to Microsoft’s QnA. It has only a few days left to live.
Yahoo Answers wins: Microsoft to kill QnA on May 21
Microsoft’s QnA website has had a very shaky development, never quite becoming good enough to lose the beta tag, and never quite becoming popular enough for its company to give it the attention it really required. Finally, the long road for QnA is coming to a dead end. On the Live QnA Team Blog this week, Microsoft announced that it would be discontinuing its QnA service.
Since this article mentions Yahoo, here is a noteworthy new report from The Wall Street Journal:
Ad Execs Worry A Microsoft-Yahoo Pact Might Not Make Sense
Microsoft Corp. (MSFT) and Yahoo Inc. (YHOO) may be closer than ever to striking a search and display advertising deal, but many in the ad community are skeptical the two companies can agree to a cohesive structure that makes sense for marketers.
The death of Microsoft’s QnA may actually reduce overlap in the activity of this pair of companies. The news is already covered in:
The Seattle press says that it’s “a sad day in Seattle” as more details surface about Microsoft’s failure in the advertising market.
The company also confirmed that ‘deep cuts’ had been made at Massive, the in-game advertising unit that Microsoft has acquired. Moreover, as a part of its cost-cutting measures, Microsoft is also slashing its expenditure on travel, vendors, and contractors; as well as canceling its once-a-year picnic.
Of the affected products that will reportedly be scaled back, Microsoft will continue to sell and support the first version of the small businesses-specific ResponsePoint, and the traffic and like services-specific MSN Direct. However, in the case of the .Net Micro Framework, the company intends making the project a community source effort, thereby eliminating royalties from the distribution of the product.
Security is already very poor at Microsoft and it is likely to get even worse if the company lays off those who have been responsible for security thus far.
Layoffs hit Microsoft security unit
The latest round of layoffs at Microsoft has taken a toll on Redmond’s security unit.
In addition to Microsoft layoffs there are also voluntary departures that won’t be counted. When major people from acquired companies decide to leave, then it is usually an indication that the acquisition was a failure (see aQuantive/Razorfish for example [1, 2, 3, 4, 5, 6]). Such as the case with Tellme, whose integration with Microsoft has shown little or no fruit so far. Tellme’s co-founder says goodbye:
- Tellme’s Mike McCue leaving Microsoft
- Exclusive: Tellme Founder and GM McCue Departs, as Microsoft Reorganizes Its Speech Recognition Unit
- mocoNews – Microsoft’s Tellme Networks Faces Reorg: Founder To Leave, New Speech Team To Be Created
- TellMe co-founder Mike McCue is leaving Microsoft’s speech-recognition business
Microsoft’s PR person at CNET adds that typical sentimental spin:
With earnings down 32%, Microsoft’s future does not look entirely bright. █
Send this to a friend
Summary: Two entities that Microsoft funds are inflating software counterfeiting figures, which Microsoft can then use for business objectives
FOR THE uninitiated, here is the latest post which explains what IDC, the BSA, and Microsoft are doing. In IRC we are being told that their propaganda is now being shown on TV and heard on radio stations too, not just the Internet press. There are some brand-new rebuttals to this action, 3 of which we present below:
i. BSA Releases BS Numbers Yet Again, Then Says Don’t Pay Attention To The Numbers
Well, it’s the middle of May, and that means (like clockwork) the Business Software Alliance (BSA) and IDC have come out with their annual bogus numbers about software “piracy.” They do this every year, despite the fact that their numbers have been totally and completely debunked for years. Last year, they were kind enough to call to discuss my concerns, but stood by the idea that every unauthorized copy can be reasonably counted as a lost sale.
ii. Aargh! Walk the plank ye scurvy dogs!
According to Channel Insider the Business Software Alliance and IDC report that software piracy in 2008 cost over $50 billion in lost direct sales and $150 to $200 billion in lost service and support.
No analysis is offered as to whether the alleged pirates could have paid for licensed copies of the software in question had they chosen to. Nor is it explained why users of properly licensed software would have required $150 to $200 billion in additional service and support while the pirates manage to do without. Rugged, self-sufficient folks those pirates, I suppose.
iii. Does The WIPO Copyright Treaty Work? The Business Software Association Piracy Data
What does all of this really mean? My take is that where software piracy rates are declining, this is due largely to the increasing use of open source alternatives and tougher enforcement. Notwithstanding the rhetoric that seeks to link the WIPO treaties with addressing infringing activities, anti-circumvention legislation required by the WIPO Internet treaties is largely irrelevant for the purposes of combating commercial piracy.
Around the very same time watch what Microsoft is doing and advertising:
Microsoft:Firms buying into piracy
ANKARA-Recent Microsoft research has revealed that public institutions and big companies, which invest millions of dollars in Turkey, use pirated software.
As we showed some weeks ago, Microsoft is dumping on them anyway to prevent strong competition from GNU/Linux in Turkey. So why even whine about it?
More importantly, watch this from the news:
Microsoft to Invest In Hangzhou Following Antipiracy Pledge
Microsoft Corp. has reached an agreement with the city of Hangzhou to build two new technology centers and make other investments in the wealthy city on China’s east coast, following a pledge for protection against software piracy there.
The aim is to establish a model city where intellectual property rights have greater protections than elsewhere in China. Microsoft executives say they may adopt a similar model elsewhere in the country to reward those that clamp down on piracy with greater investment.
It is a form of extortion, which we wrote about before. It happens to be similar to the sort of Microsoft blackmail we found in Kenya and in OLPC. “Do as we say or no gift.” In some cases it’s “do as we say or we take away the gift we gave you so as to have power over your actions.” This whole “piracy” thing is very often exploited as a political manipulation card. █
Send this to a friend
Summary: News about Microsoft marketing, which has become rather shameful
Microsoft maintains prominent presence in Twitter using not only its employees but using agencies that it hires, too [1, 2]. We are fortunate to have a reader whose hobby is exposing those people and now he is having a go at a user called Officethemovie. Surely not the surname of a Microsoft employee, right?
Having looked at the account, IMO theres certainly room for suspicion and the account may be of interest to people who dont like the idea of FUD being spread at the expense of alternative to Microsoft products.
What makes me suspicious is the fact that at the time of writing this they follow no people.
Joe Wilcox (whom Microsoft Watch recently let go, much to Andre Da Costa’s dismay) plays along and defends Microsoft by listing Microsoft bloggers, but who has the last laugh? According to CRN, it is just another Microsoft AstroTurfer in Twitter:
Microsoft is hinting that a new Zune offering could be coming next month.
Through a new Twitter account, @officethemovie, the company said Monday afternoon that “June 2009 will be an important month for Zune users.” Microsoft’s Zune MP3 player is the vendor’s answer to the Apple iPod.
These pseudo-users can come via marketing agencies. This was covered in some Microsoft blogs but hardly by the press. This one particular user account seems related to this report (“Coming soon to a desktop near you: Microsoft’s Office The Movie”).
In other news, Microsoft is again recruiting celebrities to advertise its products.
Microsoft Teams Up With Celebrity Athletes
Launched in beta late last year, BAT has already assembled a network of about 1,400 pro athletes available to advertisers for far less than typical celebrity endorsers. ”
Remember Seinfeld and Vista? How about Indian equivalents [1, 2]? Microsoft’s marketing strategy has fallen pretty low. █
Send this to a friend
Summary: FOSS gets ‘extended’ by Microsoft to make it hook up with Microsoft’s software that harms FOSS
AS PART of the assimilation strategy, Microsoft carries on blurring the difference between open source and proprietary software. In essence, every now and then it merely uses open source as a latch with which to impose proprietary software and dependence on a single vendor. Guess which vendor?
On many occasions in the past we warned about Microsoft’s influence on Apache [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17]. Now we find this:
The Apache Stonehenge project is evolving toward what Microsoft referred to as the first key milestone. Milestone 1 is synonymous with sample applications built with different languages, and designed for specific platforms, being deployed together in an effort to drive interoperability. Microsoft is a participant in the Apache Stonehenge project, a move from the company underscoring its commitment to making its proprietary technologies interoperable with open-source solutions, according to Kamaljit Bath, a principal program manager on the Interoperability Technical Strategy Team at Microsoft.
When Microsoft speaks about “open source”, then it would rather speak about incorporating BSD code into its proprietary products. Also from the news:
Sidekick retains its own OS – the question is whether Microsoft will start to run WinMo or Windows CE on the product in order to get even better feedback on users’ behaviour and acceptance. It may, however, be wanting intelligence in another area, open source operating systems. LX will run open source NetBSD OS, and Microsoft was recently advertising for people with NetBSD skills to help launch the new Sidekick, pointed out PCWorld. Perhaps a tiny step towards open source acceptance for the Windows giant?
Microsoft is fine with BSD because it turns it to proprietary code and even uses in it Windows.
Then there is Microsoft's relationship with Zend. Microsoft is now bringing the GNU/Linux- and Free software-hostile Silverlight via PHP.
PHP for Silverlight is a code sample and tutorial on Microsoft’ codeplex site which explains and gives examples of how to integrate Silverlight controls in PHP.
In essence, what Microsoft does here is it uses FOSS to spread anti-FOSS software. And at the same time Microsoft is spreading its gratis (limited time) competitor to FOSS (libre). This is a press release about BizSpark/DreamSpark (Silverlight involved), but there is also some PR for Microsoft from the Seattle press. They use HSBC’s name to make some more noise.
HSBC Commercial Banking (LON:HSBA) has today announced that it has joined the Microsoft BizSpark Programme as a Network Partner and becomes the first UK bank to become part of the network.
This makes HSBC somewhat of a ‘drug dealer’ in the sense that it makes people dependent on something that cannot (or can hardly) afford. Then again, it fits HSBC’s model quite well because it also sells mortgages. We wrote about the *Spark programmes in:
Over it the Philippines there is something similar going on, but this time under the heading/banner of Live@edu (details already leaked).
Steve Haite, Live@edu, Information Worker Director, Microsoft Asia Pacific, said Microsoft Live@edu addresses common teaching and administrative problems that schools encounter in today’s digital age.
He recently engaged in a roundtable discussion with a select group of journalists about the trend toward university use of hosted Web services, and how university learnings and experience translate for the business world of IT.
It all looks like a form of commercial in the press, masqueraded as an article (maybe ghostwritten). But anyway, what all reporters neglect to say or refuse to say is that the tobacco companies used similar techniques to deprive people, under the disguise of offering them something. Critique is absent. █
Send this to a friend
« Previous entries Next Page » Next Page »