Bonum Certa Men Certa

Microsoft's Latest Harms to the Web and Shallow Press Coverage That Neglects to Name Culprits

Duck gossip



Summary: Coverage about security issues is abundant, but the cause of many of these issues is simply not named

MANY companies in the West had their security measures superseded and breached due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft is now warning that Internet Explorer is under another attack:



In an advisory, the company warned that a new vulnerability was being targeted in attacks against Internet Explorer 6 and 7. IE 8 is not believed to be affected. According to Microsoft, the vulnerability is due to an invalid pointer reference being used within IE and can be exploited by tricking users into visiting a malicious or compromised Web page.


This is a Windows problem because Internet Explorer is a part of Windows, which therefore inherits all the weaknesses of one piece of software that ought to have been isolated. The consequences of Windows' insecurity can also be seen in the following news:

1. Vodafone ships malware infested mobiles

Upon further investigation, the phone was found to be infected with not one but three nasties, including the Conficker worm, a Mariposa bot client and a Lineage password divulger. The firm found that the Mariposa bot client was calling home to receive further instructions.


With a "password divulger", banks are at risk:

2. Online banking fraud losses rise 14%"

Number of 'phishing' attacks have risen to 51,000 from just 1,700 five years ago, according to the UK Cards Association


Also:

3. Twitter Fights Phishing, Malware with Link Scanning Service

Twitter has announced it will begin scanning links posted by users to thwart phishing attacks and the spread of malware on the site.


Notice how the articles typically neglect to say that such malware only affects Windows users. On we move to:

4. 10 Reasons Why Security Problems Persist at Microsoft

News Analysis: As much as Microsoft would like security problems to just go away, they won't. The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil. But there are many things that Microsoft should do to improve the situation. We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it.

[...]

2. Windows is an easy target

Windows is a nightmare when it comes to security. The operating system is filled with holes that, over the years, have been patched with varying degrees of success. Windows 7 is the most secure operating system Microsoft has released to date, but it's probably rife with flaws that Microsoft hasn't heard of yet. And no doubt hackers are ceaselessly searching for them. Unless Microsoft does something drastic with the next iteration of Windows, its operating system woes will likely continue.


We do not agree with the article as a whole, but it does raise some important points. The security weaknesses of Windows produce botnets rather easily:

5. Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations.


This is a Windows botnet (but it doesn't even say "Windows botnet"). What's sickening is that Microsoft is only mentioned in this article where it's given credit. It says: "Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace."

Giving Microsoft credit for the Waledac takedown [1, 2, 3, 4] is like giving DuPont credit for some minimal cleanup after the Bhopal disaster. Microsoft employees are given credit for fighting a problem that they themselves created. It's truly amazing, especially given that those Windows botnets are costing huge amounts of money that is hard to estimate (dependent upon definitions and methods).

Here is the EFF discussing Microsoft's takedown of an important Web site, not a Windows botnet.

We often criticize DMCA takedown abuse here at EFF, but last week's Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft's practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome.


We have already covered this in another post. Microsoft can stop people who leak evidence of its warrantless spying, whereas those who empty bank accounts through compromised Windows PCs are not a priority. There are hundreds of millions of them.

Comments

Recent Techrights' Posts

Microsoft Windows is No Longer an Operating System, It's Surveillance Project
Why is this even legal to preload on PCs outside the US?
Qualcomm Arduino Takes Aim at Raspberry Pi
Qualcomm is a Microsoft partner
Arduino is Now a Patent Bully (Qualcomm)
Qualcomm has just bought Arduino
Many Years of Microsoft Cancellations and Faked (Acquired) Revenue "Growth"
XBox is basically the "next Skype"
 
Links 08/10/2025: ‘Death to Spotify’ and Law to Ban Loud Commercials on Streaming (Dis)Services
Links for the day
Links 08/10/2025: Real Innovation and Nina.chat is Dead
Links for the day
Links 08/10/2025: Y2K38 Bug is a Vulnerability, Chat Control in Europe a Threat
Links for the day
How and Why Once-Legitimate Sites Turn Into Slopfarms
Many sites will go offline and many social control networks will shut down once they realise or even openly admit they spend money and time gardening a bunch of bots and slop
UbuntuPIT Became a Slopfarm and Gnoppix Tarnishes Its Own Brand With Slop
It fits all the characteristics of mildly-edited (if at all) slop
Slopwatch: Linux Journal and Other Slopfarms
GAFAM needs to go the way of the dodo
Gemini Links 08/10/2025: "Seek Seek Revolution" and Gradient Backgrounds
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 07, 2025
IRC logs for Tuesday, October 07, 2025
Stagnation of the Economy and What Free Software Can (or Could) Do For It
If your economic model is based on a pyramid of lies, it won't last very long
Social Control Media is Sinking
it would rightly seem like the era of centralised "social" sites (they're not social, they're about controlling the users) is ending, not overnight but gradually
Participation in Cancel Culture Detrimental to One's Career
A cautionary tale
Passion Wins
we've increased the number of birds we feed to 100+
How Solderpunk and Sean Conner Started Gemini Protocol (and, Collectively, Geminispace) Back in 2019
Based on the "official" history
The Comment TheLayoff.com Has Just Censored for Criticising a Ridiculous Puff Piece of IBM Management
If comments get censored for their "style" rather than their substance, then society will be worse off
The Power of Writing Down Facts
The more we write and publish, the more people will know what happened
Microsoft's Non-Denying Denial About XBox's Death is Already Being Shattered to Pieces
Like Microsoft's 'open' 'hey hi', heralding meaningless non-committing agreements with AMD is little more than vapourware
Slopwatch: UbuntuPIT Joins the Slopfarms Club
Slopfarms gonna slop
Links 07/10/2025: Privacy at Risk, GAFAM Remains Off the Hook
Links for the day
Gemini Links 07/10/2025: Modern Retro Console Idea and Batch vs Bash
Links for the day
Links 07/10/2025: International Criminal Court (ICC) Convicts Ali Kushayb; Moroccan Imprisoned for 'Offensive' Shirt
Links for the day
Links 07/10/2025: EU' Chat Control is Back, US Cracks Down on Democracy
Links for the day
Techrights Pursues Justice and Truth Because, Without Those, Society Descends Into Chaos
most people reject dogma and pseudoscience
Upcoming Talks by Richard Stallman in Helsinki, Göteborg, and Rome
Join with him and share the software
Something Bad is Happening in the Open Source Initiative (OSI)
The latest OSI blog post is from a Microsoft operative and a few weeks ago the Executive Director left
TLS 1.3 Dominates Geminispace (99% of Known Capsules)
it's nowadays safe to assume almost every capsule can handle TLS 1.3
Why soylentnews.org Has Been Having Technical Difficulties Lately
The network has been going up and down quite a lot this past week
A Statement Against Violence
The facts are on our side
They've Run Out of Things to Rebrand or Label as "AI"
The next few years will be interesting because if Microsoft lays off tens of thousands of workers each year, there won't be much left except mountains of debt and dying brands
The Register MS is Still Being Paid to Participate in the "AI" Ponzi Scheme Which Will Crash the Economy
The Register MS is hoping to get lucky by tricking people into a scam
Richard Stallman Confirms His Talk in Göteborg This Coming Friday
"The hosts say that the list will not be given to the state"
Most of the "Linux" Results This Morning in Google News Are LLM Slop From the Same Slopfarm, Plagiarising Phoronix
The main question is, does Google even care at this point?
Gemini Links 07/10/2025: Civil War and "Goodbye Web"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 06, 2025
IRC logs for Monday, October 06, 2025
Evidence Contradicting Microsoft's Non-Denying Denials and Expectation of Many Layoffs Soon
"Microsoft has had this constant drip of layoffs for months."
The "AI Revolution" is Going Very Well, Right?
money that does not exist and alleged potential that is pure fiction
Links 06/10/2025: Scam Altman Himself Admits He Runs a Scam Based on a Bubble, US Administration Adopts “War From Within” Narrative to Crush Opposition/Dissent
Links for the day
Slopwatch: Fake Ubuntu 'Articles' and Google News Helps People Who Plagiarise Phoronix Using LLMs
Michael Larabel can't possibly be happy about that
6,000 Pages/Articles a Year
Today in one month from now the site turns 19
When Things Become So Ubiquitous That They're Almost Nameless
The notion or the concept of software freedom isn't tied to any particular brand or project, so it should still resonate
At Least 3 Richard Stallman Talks in Europe Confirmed So Far, Next Week in Rome There's Another
Dr. Stallman has not announced this yet
IDG Seems to Have Abandoned Sandra Henry Stocker's UNIX/Linux Column
Unless we hear otherwise or see some update/s, this may mark another death blow from IDG
Gemini Links 06/10/2025: Winter Nights and "Virtue Signaling"
Links for the day
Links 06/10/2025: Scientific Awards and Typhoon Matmo
Links for the day
IP Kat Gone Bonkers, Pushing Slop in Patents (Likely Illegal, With Severe Consequences)
AstraZenecaKat: "Last time, this Kat covered some practical steps on how to ensure client confidentiality when using AI tools (IPKat)."
Links 06/10/2025: Grokipedia as Malicious Slop, US 'Martial Law' a "New Normal"
Links for the day
Fake Economics and Clown Computing Circuses
who's gonna pay for these scams?
Nobel Prize in Economics Does Not Exist, It's Propaganda From Sveriges Riksbank
"It is that time of the year when it is important to remind people that there are no Nobel Prizes for professional wrestling, astrology, or economics"
Rust is Eating Linux
That's a recipe for problems
Cindy Cohn (Executive Director of EFF) is a Millionaire, Earned Almost $30,000 Per Month Before Departing While the EFF Lost Money
EFF is "Big Business"
Non-Denying Denial From Microsoft (Again) Regarding the End of XBox Consoles
It's kind of hilarious that even the site chosen by Microsoft to relay its BS, based on past loyalty, isn't quite buying it
Bringing Back Lost Articles From the 1990s: Microsoft Products Leave Door Open to NSA
Nothing has changed since then
When the Slop Bubble Pops People Will Say Richard Stallman Was Right (Again)
What was once known as Computer Science turned into "IT"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 05, 2025
IRC logs for Sunday, October 05, 2025
Links 06/10/2025: Science, Hardware, and Andrej Babis Making a Comeback
Links for the day