09.01.09

Eye on Microsoft: More Security Catastrophes

Posted in Microsoft, Security, Windows at 3:41 am by Dr. Roy Schestowitz

Summary: Security-related items from the news (highlights in red are ours)

• Conficker, back with a vengeance as top worm

The infamous Conficker worm first spread its malicious infection across the Internet more than eight years ago and just last month it shot back into prominence, infecting 43 percent of machines in use worldwide in the space of four weeks and, for good measure, it now installs rogue security software on compromised machines.

• Skype snooping trojan detected

“What this threat is doing is actually grabbing the sound coming from the audio devices plugged into the computer,” Selvaraj wrote. “It does this by hooking various Windows API calls that are used in audio input and output.”

• Skype Trojan can log VoIP conversations

Symantec claims to have found the public release of source code for a Trojan that targets Skype users..

Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users.

• Microsoft ATL/MFC ActiveX Type Confusion Vulnerability

Remote exploitation of a type confusion vulnerability in Microsoft Corp.’s ATL/MFC ActiveX code as included in various vendors’ ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). Microsoft’s Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the programming dilemmas involved in object oriented programming, distributed transactions, and inter-language communications. Microsoft’s Active Template Library (ATL) is a set of C++ templates that simplify developing COM objects.

Related posts:

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

Links 12/11/2019: Plasma 5.17.3, More Intel Defects, Bytecode Alliance

Links for the day
You've Gotta Go When You've Gotta Go

How most staff of the European Patent Office (EPO) feels these days
Teaser: Thierry Breton and His Disquieting Past

"The company attracted notoriety and loathing in the UK for its role in assessing disability benefit eligibility."
EPO and EU: People Behind the Faces

It’s no secret that the EPO breaks the law and European officials have taken no concrete steps to intervene; to make matters worse, potentially new EPO allies may soon be put in charge of the EU Commission
Maintaining the 'Delete Github' page

"This list really is a starting point, which can hopefully increase awareness about the issue of concern."
Linux Foundation Picking Money

The dating standards of the Linux Foundation
Microsoft 'Borrows' the Linux Brand

With help from the likes of the Linux Foundation Microsoft continues to misuse and ‘dilute’ the Linux brand (and registered trademark)
EPO Corruption Compared to Cocaine Scandals in Antwerp

Days after the Dutch protest discussion is sort of 'uncorked' regarding EPO corruption (published, as usual, in the form of anonymous comments)
SUEPO Showed That the Media Won't Cover EPO Corruption Until Half the Workers March in the Streets

What ought to have been a central (if not 'the' central) issue of debate in Europe is still being treated as borderline irrelevant or marginal
Meanwhile in California

News from California is being spun by Microsoft this week, owing to weak journalism that's more like PR than journalism
Privacy-Centric Services and Even Drupal/Acquia Defect to the Camp of Mass Surveillance

In search of money [pun intended] companies and services that are supposed to respect their customers and users turn out to be doing the opposite; this merits research and public discussions
IRC Proceedings: Monday, November 11, 2019

IRC logs for Monday, November 11, 2019
Links 12/11/2019: Sparky 2019.11 Special Editions and Twisted 19.10.0 Released

Links for the day
Microsoft's Abduction of the Voice of Its Opposition Highlights the Urgency of the Movement/Campaign to Delete GitHub

Microsoft understands that by entrapping FOSS and GNU/Linux inside proprietary software platforms like GitHub and Azure it can utilise the false perception that it somehow speaks on behalf of both (whilst attacking both)
IRC Proceedings: Sunday, November 10, 2019

IRC logs for Sunday, November 10, 2019
SUEPO Protests Against Management of the European Patent Office Brought Back Discussions About Corruption

The atmosphere at the second-largest institution in Europe has long been toxic; now it is becoming a lot more visible again and comments highlight the reasons for the cover-up (gross misuse of billions of euros)
Links 11/11/2019: Linux 5.4 RC7, HandBrake 1.3.0 and Analysis of XFCE

Links for the day
Links 10/11/2019: digiKam 6.4.0, OpenMandriva Lx 4.1 Alpha and OpenZFS Plans

Links for the day
Video: Dutch Media on EPO Protest

The new video added by SUEPO on Saturday in order to show Dutch media coverage of last week's protest in The Hague
Politics in the Workplace Are Not Paradoxical and Outside the Workplace They Are Free Speech

The safest space is one in which no other human (or creature) exists, but in reality we must make compromises and accept that not everyone will agree with us 100% of the time (so we must learn to live with that)
IRC Proceedings: Saturday, November 09, 2019

IRC logs for Saturday, November 09, 2019
Thick Skin Makes Strong Communities

Learning to coexist with people who don't agree on everything is a strength and successful societies encourage that (the alternative is blind conformity on all matters)
Training (Proprietary Software) Versus Teaching (Free Software)

Education necessitates software freedom — a fact that companies like Adobe, Apple and Microsoft try hard to distract from
The Linux Foundation Brought as Keynote Speakers People Vastly Worse Than Those Whom It Now 'Cancels' for Purely Political Reasons

A lot of people are very upset about the Linux Foundation's alleged 'witch-hunt' and even press coverage has caught up with the outrage; but our position is that it distracts from vastly bigger Linux Foundation scandals
An Open Letter to Richard Stallman

"It's past the time for the official cornerstones of the Free software movement to return to their full operational capacity, and to take the gear out of neutral."
Links 9/11/2019: Linux Journal Goes Dark (Offline), KStars 3.3.7, OpenSUSE Name Change Aborted

Links for the day
Think Tanks, Bristows, 'Simmons' and 'Birds' Can Only Ever Lie to Us About the Dead Unified Patent Court (UPC)

The UPC is a dead bird, but lobbyists of the litigation giants would have us believe otherwise, in “In-depth Analysis” which is anything but (it's just propaganda with the veneer of officialism)
The EPO's Management is Trying Really Hard to Distract the Media From EPO Unrest (and It Has Been Partly Successful)

We take a look at the profoundly bad situation at the EPO (examiners unable to do their job properly because of rogue leadership); we also reexamine how media covered — or rather refused to cover — this urgent issue
Microsoft's 'Safe Spaces'

The 'new' and 'ethical' Microsoft that offers us all a 'safe space'
'Artificial Intelligence' (AI) Will Only Doom Patent Offices If It's Used to Stamp Millions of Invalid Patents (IPs)

The Artificial Intelligence (AI) craze is being used as an excuse or as a pretext for granting loads of patents on mathematics and statistics (maths and stats aren't permissible or eligible for patent coverage); by calling just about everything "Artificial Intelligence" (or AI, or "hey hi!") they hope to mislead examiners, who are also being presented with new guidelines full of these buzzwords