02.18.10

Gemini version available ♊︎

Here Come Many More Microsoft Windows Attacks

Posted in Microsoft, Security, Windows at 6:01 pm by Dr. Roy Schestowitz

Computer danger

Summary: A lot of security headaches caused to lot of people, all due to Microsoft Windows being so vulnerable

Yesterday we wrote about Microsoft's risk that impacts people's lives. Blame Microsoft’s utter negligence [1, 2, 3] for it. Where there is deliberate negligence there is also liability and responsibility.

It has been surprising to some network experts that the Internet has yet not come under an attack that fragments or altogether suspends it at root level [1, 2]. It’s not as though it is impossible; it’s just that nobody has dared to trigger it just yet and the United States considers bombing (in the physical sense) any botmaster who may attempt this. According to this latest report, the United States is not prepared for an attack from Windows botnets.

During the simulated cyber attack that took place yesterday in Washington and was recorded by the CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens.

Already, there are some notable attacks that show up in the news. Here is an article that will appear in the New York Times tomorrow:

A malicious software program has infected the computers of more than 2,500 corporations around the world, according to NetWitness, a computer network security firm.

It’s a John Markoff article, so neither Microsoft nor Windows are mentioned, as usual. Under some pressure he once made an exception. Here is a similar report from Reuters:

Virus has breached 75,000 computers: study

A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness.

Here is another Windows disaster unfolding:

City of Norfolk hit with code that takes out nearly 800 PCs

Malicious code that mysteriously found its way onto an internal virtual print server took out nearly 800 computers used by the city of Norfolk, Virginia, last week.

The code apparently was activated when workers shut down their computers, said Hap Cluff, IT director for the city of Norfolk. “It was triggered by the action of logging off,” he said. ”

The code nearly wiped out the C drives of the 784 affected computers and essentially deleted the Windows operating system. The contents of the system folders on those machines, normally about 1.5GB in size, shrunk to 500 MB, he said.

Yes, all the above indicates that it’s a Windows problem. More here:

Hap Cluff, director of the information technology department for the City of Norfolk, said the incident began on Feb. 9, and that the city has been working ever since to rebuild 784 PCs and laptops that were hit (the city manages roughly 4,500 systems total).

Wonderful, eh? Here is an article about source of vulnerabilities, based on data that we mentioned in yesterday's post about security.

Just as they did last year, over thirty international security organisations have come together, to publish a list of the 25 most dangerous programming errors leading to vulnerabilities that can be exploited for cybercrime and espionage. The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors has been updated with a number of improvements to how the errors are graded, prioritised and categorised. For example, new “Focus Profiles” allow readers to quickly see the listed errors sorted for particular professionals’ interests.

As we pointed out yesterday, Microsoft is not well positioned here and its general programming practices and use cases (e.g. clicking attachment to execute) are part of the problem. One might add to this the fact that Microsoft’s patches vulnerabilities poorly and sloppily, often hiding known flaws until they are actively exploited.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

3 Comments

  1. Needs Sunlight said,

    February 19, 2010 at 2:13 am

    Gravatar

    Hmm “Blame Microsoft’s utter negligence”? It’s no longer MIcrosoft’s fault at this point. The company’s complete product line is well known. Now it is the fault of the managers who allow Microsoft product in their work environment and the fault of the employees that roll out Microsoft products.

    Look at it this way. It’s perfectly fine to manufacture and sell lead salts. It’s not fine to use them as artificial sweeteners.

    Roy Schestowitz Reply:

    Blame false advertising then. I am going to have some posts on the subject shortly.

    Robotron 2084 Reply:

    It’s not the fault of any one group. Everyone is to blame to some extent, including users and the computer experts who try to help them. This article from Reuters talks about users who become so baffled by computer jargon that they become completely turned off to learning about security.

    http://www.reuters.com/article/idUSTRE61I2OB20100219

DecorWhat Else is New


  1. 38+ Years of GNU and 19+ Years of FSF Associate Membership

    “On November 25, 2002,” Wikipedia notes, “the FSF launched the FSF Associate Membership program for individuals.” As the above video points out, it all started almost 40 years ago.



  2. Gemini as a Platform for Gamers

    Contrary to what people often assume (or are led to assume), even without client-side scripting Gemini can accomplish a great deal; early adopters, many of whom are technical, test the limits of the very minimalistic (by design and intention) specification



  3. Improved Workflows: Achievement Unlocked

    Today we've completed a bunch of small projects that can make us more efficient (e.g. more Daily Links per day, more articles); the above video was recorded many hours ago to accompany the outline below



  4. Links 26/11/2021: New Complaint About Microsoft Competition Crimes in Europe, EuroLinux 8.5, GhostBSD 21.11.24, and Kiwi TCMS 10.5 Released

    Links for the day



  5. Links 26/11/2021: F35 Elections, Whonix 16.0.3.7, OSMC's November Refresh With Kodi 19.3

    Links for the day



  6. IRC Proceedings: Thursday, November 25, 2021

    IRC logs for Thursday, November 25, 2021



  7. IRC Proceedings: Wednesday, November 24, 2021

    IRC logs for Wednesday, November 24, 2021



  8. Links 25/11/2021: PHP 8.1.0 Released and Linux 5.15.5

    Links for the day



  9. IBM as Master of Hypocrisy

    Free software projects and Free software developers have long been humiliated by corporations of Western misogynists, falsely claiming that the Free software community isn’t inclusive enough (these are shameless projection tactics; as a matter of public record, the exact opposite is true) and even the eradication of supposedly offensive language isn’t something IBM takes seriously



  10. Links 25/11/2021: LibreOffice 7.2.3 and Mesa 21.2.6 Released

    Links for the day



  11. [Meme] So Desperate That Edge Cannot Even Exceed 4% That They Block Rival Web Browsers

    Linux/Android/Free Software/GNU (they go by very many names/brands) may continue to grow to the point where Windows is as irrelevant as Blackberry; this means that Microsoft’s grip on the Web too has slipped — to the point where Microsoft frantically uses 'bailout' money to hijack LinkedIn, GitHub, etc. (it also rebrands almost everything as "Azure" or clown to fake a perception of growth)



  12. Windows Vista Service Pack 11 (Vista 11) Has Failed to Curb the Growth of GNU/Linux

    Windows market share continues to decrease in spite of billions of dollars spent bribing the media for fake hype, especially in light of a new Windows Service Pack (SP), Vista SP 11



  13. Links 25/11/2021: Proton 6.3-8 and Linux Mint Compared to Ubuntu

    Links for the day



  14. 3.5 Years Later the 'Master' of Fedora is Still Microsoft and IBM Cannot Be Bothered to Alter Git Branch Names (Refuting or Ignoring Its Very Own Directive About Supposedly Racially-Insensitive Terms)

    Today we demonstrate the hypocrisy of IBM; years after telling us that we should shun the term "master" and repeatedly insisting it had a racist connotation at least 65 Fedora repositories, still controlled by Microsoft, still use "master"



  15. Changing the Arrangement While News is a Bit Slow(er)

    I've made it easier for myself to keep abreast of things like IRC channels and networks (incidentally, a day ago Freenode reopened to anonymous logins) and I've improved monitoring of the Web sites, Gemini capsule etc. (this video is unplanned and improvised)



  16. Links 24/11/2021: Alpine Linux 3.15 and Endless OS 4.0 Released

    Links for the day



  17. [Meme] Jimmy Zemlin Loves Microsoft

    It’s funny, isn’t it? Lying for a living and sucking up to the liars pays off; you get to plunder actual Linux users while leaving Linux morally and financially bankrupt



  18. Links 24/11/2021: PHP Foundation and Flatpak Criticisms

    Links for the day



  19. IRC Proceedings: Tuesday, November 23, 2021

    IRC logs for Tuesday, November 23, 2021



  20. Links 24/11/2021: Rust Crisis and Team UPC Still Faking 'Progress'

    Links for the day



  21. Links 23/11/2021: New GNU Parallel and Memories of David H. Adler (Perl, Raku)

    Links for the day



  22. In Light of Fast-Accelerating Deterioration -- Sometimes Weaponisation -- Getting Off the World Wide Web (to the Extent Feasible) Makes You Saner and Less Susceptible to Manipulation, Lies

    Almost no sites are speaking about it (probably because they have no presence on the Internet except on the Web), but it's time to motivate more people to get off the Web, for their own good and for society's sake...



  23. Black Friday SPAM on the World Wide Web: A Reminder That the Web is a Dying Platform, Languishing Due to Marketing and Misinformation

    The junk that overruns the Web this 'Black Friday' week (consumerism 'on steroids') is a good reminder that the Web isn't healthy for the mind anymore; it's mostly spying on people, trying to compel them to buy particular things or vote a certain way



  24. Microsoft-Led Misinformation Campaign About Germany and Munich Reminds Us That Microsoft Hates and Actively Undermines GNU/Linux Adoption

    Regarding the latest moves to GNU/Linux in Germany we have 3 points to make



  25. Links 23/11/2021: Libreboot 20211122, Deepin Linux 20.3, Amazon Linux 2022, and Mabox Linux 21.11 Released

    Links for the day



  26. IRC Proceedings: Monday, November 22, 2021

    IRC logs for Monday, November 22, 2021



  27. Links 22/11/2021: EasyOS Dunfell 3.1.11, Microsoft 'Extends' Mesa for Windows

    Links for the day



  28. Microsoft's GitHub is Hugely Toxic and It Censors Critics of Corporations or People Sceptical of Those in Power

    Sociopaths have taken over GitHub and control over GitHub (by Microsoft) is being shamelessly misused, just as we’ve warned all along; GitHub is social control media/network for code, asserting control over projects and developers by means of censorship and other sanctions



  29. EPO Staff Engagement Survey Predates the Pandemic and Provides False Assumptions for EPO Policies or Policy-Setting

    The EPO ticks a box for "surveying the staff", but is it actually listening? Is that done often enough? It was last done almost 3 years ago...



  30. Links 22/11/2021: Claws Mail 4 Enters Debian and Catch-up With Legal Matters

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts