EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.22.09

Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day

Posted in Microsoft, Security, Vista 7, Windows at 9:53 pm by Dr. Roy Schestowitz

Nine O Nine

Summary: Vista 7 as exposed as the naked emperor; Internet Explorer received similar treatment as users are under attack and no remedy is available

OVER the past week and a half we wrote several posts about the illusion of security in Vista 7. Among those posts:

  1. Vista 7 Exploit is Out (Zero-Day Vulnerability)
  2. If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?
  3. Microsoft Won’t Secure Firefox/Chrome Users, Shows More Negligence

Reports about this subject continued to come and only an advisory (not a patch) came from Microsoft. Regarding another serious crack that led to security issues in vista 7, reports suggest that it “comes as no surprise,” proving yet again that Microsoft does not give a damn about security.

There is now the following serious incident which leads to invaluable harm. No report seems to say which platform is to blame, but the University of East Anglia is not necessarily a docile Windows shop, not based on its Web site anyway. It actually abandoned Solaris for GNU/Linux when Sun began roaming the streets looking for love. Does anyone know what mail systems are used at the University of East Anglia?

A 61MB ZIP file was posted on a Russian FTP server late last night, local time. It contains over a thousand emails, and around three thousand other items including source code and data files. Emails are peppered with disparaging remarks and a crude cartoon of sceptical scientists is also included in the archive – suggesting the hacker roamed wide across the University’s servers.

More at The Guardian.

A spokesperson for the University of East Anglia said: “We are aware that information from a server used for research information in one area of the university has been made available on public websites. Because of the volume of this information we cannot currently confirm that all this material is genuine. This information has been obtained and published without our permission and we took immediate action to remove the server in question from operation. We are undertaking a thorough internal investigation and have involved the police in this inquiry.”

Regardless of what this “server in question” actually runs, Microsoft is taking a weird approach to security, suggesting/recommending a different architecture (not platform) as a cure for executables that exploit Windows by design, not just by compilation.

Meanwhile we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco]

According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.

More information at IDG:

The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim’s computer.

No fix is available yet, except a download that’s called Firefox or Fedora. But Microsoft does not want people to say the “F” word, so it will probably deliver a patch very soon.

To Free software’s credit, it rarely waits for attacks to occur before addressing security vulnerabilities.

More on Vista 7 insecurity:

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links - Anti-Trust Roundups - Yahoo, Nokia, Barns and Nobel



  2. Links - MSNokia Passes Blame, Bill Gates pushes GMOs, Open Access news



  3. Links 7/2/2012: Firefox 11 Enters Beta, Canonical Disappoints KDE

    Links for the day

  4. IRC Proceedings: February 6th, 2012

    IRC logs for February 6th, 2012

  5. IRC Proceedings: February 5th, 2012

    IRC logs for February 5th, 2012

  6. Links 6/2/2012: PCLinuxOS 2012.02 and Mint KDE Reviews

    Links for the day

  7. Bill Gates Indoctrinates Youth in the United States and India, Critics Speak Out

    Backlash against the Gates Crusade to brainwash the young minds all around the world

  8. Bill Gates Uses Symbolic 'Donation' to Force Taxpayers to Pay Microsoft (of Which He Holds Shares)

    The Gates Foundation goes lobbying for Microsoft again, this time in Vietnam

  9. Monopoly as Innovation?

    Challenging the old misconception that patents are beneficial to anything but few multinationals and their patent lawyers

  10. Links 5/2/2012: Lenovo in India, Netrunner 4.1 is Out

    Links for the day

  11. IRC Proceedings: February 4th, 2012

    IRC logs for February 4th, 2012

  12. OpenStack, Microsoft, Junk Patents, Microsoft Copyrights, and Oracle Copyrights

    Another look at the OpenStack situation, why Microsoft should not be allowed to enter, and more about patent and copyright complications

  13. Apple, Which Started Patent Wars, Gets What It Deserves

    Apple products get banned (for the time being) after Apple decided to attack Linux-supporting competitors and then received some blowback

  14. Unitary Patent and the Emergence of More Junk Patents

    The rise of the junk patents and what we are taught about them by the news, including some news about the unitary patent in Europe

  15. Backlash Against Bill Gates' Lobbying for Patented Life

    GMO, a robbery of the right of reproduction (and a potential health hazard), is promoted by Bill Gates for profit, whereupon critics strike back

  16. IRC Proceedings: February 3rd, 2012

    IRC logs for February 3rd, 2012

  17. Links 4/2/2012: Ubuntu 12.04 Alpha 2 Preview, ACTA Backlash in Europe

    Links for the day

  18. A Glimpse at Executives Who Left the Sinking Novell Ship

    A roundup of news about former Novell staff and where that staff is moving these days

  19. Novell Makes New Software for Microsoft Windows and Office

    PR spin from Novell and money-grabbing moves that promote proprietary software rather than Free/Open Source software

  20. Links 3/2/2012: BT Vision Goes for Linux, Linux 3.3 With Android

    Links for the day

  21. Debt in Attachmate

    The company that bought Novell has a poor outlook, financial issues, and little signs of expansion/renaissance

  22. Longtime SUSE Executive Holger Dyroff Moves on, SUSE in a Bad State

    Key people continue to leave SUSE and the distribution is left without a compelling sales pitch

  23. Groklaw Update on Android Patent Cases and Response to FUD From Microsoft Lobbyists

    A few updates of greater importance where the Linux situation is discussed in the context of Android and Novell

  24. IRC Proceedings: February 2nd, 2012

    IRC logs for February 2nd, 2012

  25. Links 2/2/2012: DEFT Linux 7, Mozilla Firefox 10

    Links for the day

  26. IRC Proceedings: February 1st, 2012

    IRC logs for February 1st, 2012

  27. IRC Proceedings: January 31st, 2012

    IRC logs for January 31st, 2012

  28. IRC Proceedings: January 30th, 2012

    IRC logs for January 30th, 2012

  29. Bill Gates is Hijacking Open Source While Attacking It Using Lobbyists, Patents, and Patent Trolls

    Response to reputation laundering from Wired Magazine, the latest nonsense from Microsoft's lobbyist Florian Müller, an update on Microsoft's trolling against Android, and a little more of Apple's

  30. The Gates Foundation is Still Hijacking the Voice of the Poor and Effectively Runs Paid Advertisements Inside 'News'

    Money still the vehicle by which opinions get heard, so Bill Gates exploits this for fame, power, and profit

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts