03.08.10
Gemini version available ♊︎Apache Shows Why GNU/Linux is Safer Than Microsoft Windows; Microsoft Makes Batteries Dangerous
Summary: Windows shows that it not only brings security problems to Apache but also to battery chargers
THE thing about Windows is, the underlying operating system is less secure than UNIX and Linux. Here is nice new proof of this, straight from the news. Our reader renamed it (the headline) “Windows bug prompts Apache update advice”
“The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows,” Edelstein told ZDNet.com.au. “An attacker could gain access to, modify and take away data.”
Edelstein advised users running Apache on Windows platforms to upgrade immediately as users have no way of knowing if their web servers have been compromised. The company’s security advisory can be accessed here.
[...]
“A proof of concept remote exploit has been written by Sense of Security, and it is feasible that others could write a similar exploit to completely compromise a Windows system,” said Brett Gervasoni.
As most Apache users run it on UNIX and Linux, the above is probably nothing to panic or worry about.
Charged With Malware
“Microsoft, the company that made battery chargers dangerous,” called it the reader who sent this next item from the news:
The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.
In an advisory, the US-CERT warned that he installer for the Energizer DUO software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory.
When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.
“The danger of Open Source software is that you don’t know if it contains malware,” jokingly said our reader. █
ᶃ Gemini Space
This post is also available in 
Content is available under CC-BY-SA
your_friend said,
March 8, 2010 at 9:55 pm
Ha ha, it went undetected for three years. The Windows version of that Energizer Bunny has been pulled from the market.
It’s amazing how popular the wipe and reload becomes when Microsoft needs to sell a new version of Windows. Thanks for all the nice links.
Needs Sunlight said,
March 9, 2010 at 5:53 am
@your_friend : it did not go undetected for three years, Microsoft did not publicly acknowledge it for three years, or more. There is a lot of difference there.
Wipe and reload becomes popular when Microsoft needs to sell new versions of Windows or when third party packages, of any kind, become too popular. Wipe and reload ensures that the 3rd party packages are knocked down at least a couple points in marketshare. It is to Microsoft’s advantage that they are so many decades behind Linux, OS X or even Solaris in regards to package management.
uberVU - social comments said,
March 11, 2010 at 5:51 pm
Social comments and analytics for this post…
This post was mentioned on Identica by schestowitz: #Apache Shows Why #GNU #Linux is Safer Than #Microsoft #Windows http://boycottnovell.com/2010/03/08/battery-chargers-and-malware/…