06.13.09
Even Microsoft Can’t Secure Its Windows-based Web Sites (MSN Canada Cracked)
Summary: MSN Canada the latest to be compromised, Windows botnet tools put up for display
SOME weeks ago we learned that even 'amateur' users like the FBI are unable to dodge Windows viruses. Just a few weeks ago we also saw a Microsoft Web site (MSN New Zealand) falling victim to crackers and it has just happened again, proving that even Microsoft cannot secure its servers. How do they expect others like their clients to succeed?
MSN Canada Website Compromised by Hackers
[...]
Researchers from net security company Websense warn that a particular section of the MSN Canada website has fallen victim to hackers who injected rogue code into a page used for redirection.
In other news, CNET shows that even kids can now create their own Windows botnet.
The abstract concepts of “botnet” and “Trojan” just became a lot more concrete for me.
In less than an hour on Thursday, I was able to use programs readily available on the Internet underground for as little as $300 to infect several Windows clients and take complete control of them in a test environment.
No wonder so many teenagers are wreaking havoc across the Internet (some are too young to be held accountable by national law) and ~320,000,000 computers are estimated to be zombies. Some researchers are rather astounded by the fact that the Web keeps standing at all. But at what cost? Damages are huge. We too are among the victims. █
Chips B Malroy said,
June 14, 2009 at 2:35 am
I have to comment on this part:
“Microsoft Announces It Will Ship Without IE in Europe – Reactions – Updated”
So Roy,
MS is taking a slightly different tack in strategy here with the EU, is what I noticed. It stopped with the endless delaying strategy, most likely only because it is ready to release Windows Seven soon Now it is looking to repeat the N strategy from previous EU decisions.
At first look I think we agree that the decision, or rather the offer, to not include/bundle IE with Seven sounds great, but we just know that MS will strong arm the OEM’s to include a IE disk, or to install IE themselves, making it about the same tactic as the N without WMP case.
The “strong arming” of OEM’s by MS in the past,has some documentation. Best example of this type of illegal behavior is MS charging IBM an extra $10 per OEM install because IBM was installing OS/2 on some of their systems for sale. If any company should have sued MS, it was IBM.
Roy Schestowitz Reply:
June 14th, 2009 at 2:42 am
Dell was preinstalling Firefox on machines in the UK for a while (maybe it still does).
Chips B Malroy said,
June 14, 2009 at 2:45 am
Also, as I was saying for a long time over on MS Watch, removing IE completely from XP, actually improved XP, and there was only a few programs that had to have it. Removing IE completely, improved the security of XP by a good factor as well, but it was still basically unsound. Removing the other windows malware targets of WMP, Outlook (2nd biggest malware target), windows messenger, in addition to IE, also helped. Setting up a limited user account in XP also helped, sadly it was nowhere as easy as Linux or Mac which came that way out of the box, so to say. While you could get XP a lot better secured, it will still be untrustworthy in the long run. Just too many pieces of malware, and malware also written to elevate the user privileges, out their on the web waiting to attack it.
Chips B Malroy said,
June 14, 2009 at 5:47 pm
One more comment, removing IE, Outlook, WMP, and Windows Messenger from XP Pro, completely, seem to make XP a whole lot more stable. Some of these middleware apps, like IE and Messenger, were doing things like spying on windows users. It could that and ActiveX (a part of IE mostly) be the reasons why these middleware apps, caused stability problems in XP and other windows versions? While windows will never be as stable as Linux (in my opinion), it can be better by getting rid of these very bad apps completely. I had never bought into the story by softies that IE still installed, but not the default and/or used browser, is not doing things behind the windows user’s back.