EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.12.10

Microsoft’s Latest Harms to the Web and Shallow Press Coverage That Neglects to Name Culprits

Posted in Microsoft, Security, Windows at 3:40 pm by Dr. Roy Schestowitz

Duck gossip

Summary: Coverage about security issues is abundant, but the cause of many of these issues is simply not named

MANY companies in the West had their security measures superseded and breached due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft is now warning that Internet Explorer is under another attack:

In an advisory, the company warned that a new vulnerability was being targeted in attacks against Internet Explorer 6 and 7. IE 8 is not believed to be affected. According to Microsoft, the vulnerability is due to an invalid pointer reference being used within IE and can be exploited by tricking users into visiting a malicious or compromised Web page.

This is a Windows problem because Internet Explorer is a part of Windows, which therefore inherits all the weaknesses of one piece of software that ought to have been isolated. The consequences of Windows’ insecurity can also be seen in the following news:

1. Vodafone ships malware infested mobiles

Upon further investigation, the phone was found to be infected with not one but three nasties, including the Conficker worm, a Mariposa bot client and a Lineage password divulger. The firm found that the Mariposa bot client was calling home to receive further instructions.

With a “password divulger”, banks are at risk:

2. Online banking fraud losses rise 14%”

Number of ‘phishing’ attacks have risen to 51,000 from just 1,700 five years ago, according to the UK Cards Association

Also:

3. Twitter Fights Phishing, Malware with Link Scanning Service

Twitter has announced it will begin scanning links posted by users to thwart phishing attacks and the spread of malware on the site.

Notice how the articles typically neglect to say that such malware only affects Windows users. On we move to:

4. 10 Reasons Why Security Problems Persist at Microsoft

News Analysis: As much as Microsoft would like security problems to just go away, they won’t. The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil. But there are many things that Microsoft should do to improve the situation. We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it.

[...]

2. Windows is an easy target

Windows is a nightmare when it comes to security. The operating system is filled with holes that, over the years, have been patched with varying degrees of success. Windows 7 is the most secure operating system Microsoft has released to date, but it’s probably rife with flaws that Microsoft hasn’t heard of yet. And no doubt hackers are ceaselessly searching for them. Unless Microsoft does something drastic with the next iteration of Windows, its operating system woes will likely continue.

We do not agree with the article as a whole, but it does raise some important points. The security weaknesses of Windows produce botnets rather easily:

5. Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world’s most nefarious cyber operations.

This is a Windows botnet (but it doesn’t even say “Windows botnet”). What’s sickening is that Microsoft is only mentioned in this article where it’s given credit. It says: “Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace.”

Giving Microsoft credit for the Waledac takedown [1, 2, 3, 4] is like giving DuPont credit for some minimal cleanup after the Bhopal disaster. Microsoft employees are given credit for fighting a problem that they themselves created. It’s truly amazing, especially given that those Windows botnets are costing huge amounts of money that is hard to estimate (dependent upon definitions and methods).

Here is the EFF discussing Microsoft’s takedown of an important Web site, not a Windows botnet.

We often criticize DMCA takedown abuse here at EFF, but last week’s Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft’s practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome.

We have already covered this in another post. Microsoft can stop people who leak evidence of its warrantless spying, whereas those who empty bank accounts through compromised Windows PCs are not a priority. There are hundreds of millions of them.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    March 13, 2010 at 4:02 pm

    Gravatar

    Reporters should not let Microsoft and banks get away with blaming the victim. I’ve been hearing this kind of thing for about a decade.

    “Fraudsters are now relying on the weakest link in the chain, and that is online banking customers themselves,” a spokesman for the UK Cards Association said. “Banks would never approach customers by email asking for their bank details, but people still fall for this scam.”

    Banks like to blame their customers so that they can make customers eat losses. People familiar with bank transactions know that the system is easy to defraud. People familiar with Windows know that half of Windows PCs are part of a botnet which all have the ability to log passwords. It would be surprising if a majority of credit fraud was the result of anything customers did, other than bank and use Windows.

What Else is New


  1. Hey, Where's Red Hat (IBM)?

    Red Hat is conspicuously silent at these critical times (in its home country); Must be too busy hailing and cashing in on Trump's military (state) while dishing out shallow and self-contradictory diversity PR/fluff…



  2. Microsoft's Latest Vapourware About Supercomputers

    Microsoft has spent almost two decades dropping supercomputers vapourware on the media, but those misinformation dumps always turn out to be 100% hot air, no substance



  3. 2020: A Time for Resolutions or Revolutions?

    There are nonviolent means by which the current system can be corrected; we need to convince peers and relatives to change the way they behave and not cooperate with unjust elements of the system



  4. IRC Proceedings: Tuesday, June 02, 2020

    IRC logs for Tuesday, June 02, 2020



  5. The Gates Press (GatesGate) -- Part I: Lost the Job After Writing an Article Critical of Bill Gates for Attacking Some Actual, Legitimate Charities (Because They Had Spread GNU/Linux)

    The sociopaths from the fake 'charity' of Bill Gates would go to great lengths to squash criticism and also to eliminate critics; this series tells the story of some of those personally affected



  6. Don't Fall for the Spin, Microsoft is Laying Off Workers and It's Not Just Because of the Pandemic





  7. All They Want is Litigation, Not Innovation

    It's getting difficult to ignore or to overlook the fact that the 'litigation lobby' (the likes of Team UPC and today's EPO management, guided by groups like the Licensing Executives Society International) doesn't care about innovation and is in fact looking to profit by crushing innovation



  8. Reminder: Microsoft Profits From Crushing Protesters for Donald Trump

    Don't lose sight of the fact that what's going on in the United States right now is very profitable to Microsoft



  9. No, GNU/Linux Isn't at 3% and Windows Isn't at Over 90%, Either

    This ludicrous idea that "Linux" (however one defines it) enjoys just 3% of the "market" is false and it should be treated as laughable spin (it is being widely promoted this week, often by Microsoft boosters looking to make charts where Windows stays at above 90% and Vista 10 is 'gaining'... at the expense of Windows)



  10. Links 3/6/2020: Devuan Beowulf 3.0.0 and Tails 4.7 Released

    Links for the day



  11. Links 2/6/2020: New Firefox Release (77), Debian-based MX Linux 19.2, KDevelop 5.5.2, GNU/Linux Growth on Desktops/Laptops

    Links for the day



  12. Techrights Can Figure Out Source Protection/Anonymisation Whilst Operating Very Transparently

    We're still quite radically transparent whilst at the same time enjoying 100% source protection record; we're also improving the software we use to publish more quickly and efficiently



  13. IRC Proceedings: Monday, June 01, 2020

    IRC logs for Monday, June 01, 2020



  14. This is How GNU Finally Dies

    "Brace for when GNU falls the way that OSI, FSF, FSFE, Mozilla, and the Linux Foundation did."



  15. Latest Microsoft Layoffs Spun as 'Innovation' (There's Always a Positive PR Angle)

    The public is expected to simply ignore the fact that Microsoft is laying off employees (again); instead we're expected to think it's all about Microsoft being very brilliant and innovative



  16. Microsoft Playing the Victim, Irrationally 'Hated' by Victims of Its Abuse

    We're meant to believe that those whom Microsoft bribes against are the opinionated 'haters' and Microsoft is a victim of 'hate'



  17. Links 1/6/2020: Linux 5.7, FOSSlife Born, LibreOffice 7.0 Beta1, Linux Mint 20 Making Early Promises

    Links for the day



  18. Linux Without Linus

    The Linux Foundation seems to be acting like Linus (Linux founder) is somewhat of a liability (forcing him to take a ‘break’ from his own project) while taking even the most notorious proposals from corporations, including those that called Linux a “cancer”



  19. What It Would Take for Linus Torvalds to Leave Linux Foundation Without the Linux Trademark and Without Linux

    It's nice to think that the founder of Linux can just take his project and walk away, moving elsewhere, i.e. away from the Microsoft-employed executives who now "boss" him; but it's not that simple anymore



  20. The Past Does Not Go Away, Except From Short-Term Memories

    People who are drunk on power and money (sometimes not even their own money) like to portray themselves as the very opposite of what they are; but in the age of the Internet it's difficult to make the general public simply forget the past and "move on..."



  21. IRC Proceedings: Sunday, May 31, 2020

    IRC logs for Sunday, May 31, 2020



  22. Links 1/6/2020: OpenMandriva Lx 4.1 2020.05, Linux Lite 5.0 Release, FreeBSD 11.4 RC2

    Links for the day



  23. It's a Common Mistake and Common Misconception/Error to Treat Microsoft as Just Another 'Large Company' (or 'Big Tech')

    What's wrong about Microsoft isn't its size; what's wrong with Microsoft is its behaviour, which isn't just illegal (crimes are the norm) but also hugely unethical



  24. Lessons of Michael Arrington (About Microsoft)

    Microsoft and Bill Gates have a long history bullying their critics; the quote above (or below) shows how even people who advertise with Microsoft are becoming the target of abuse



  25. 'Best' of Both Worlds: GNU/Linux Freedom + Malware With Keyloggers and DRM

    Running a Microsoft-controlled GNU/Linux instance under Vista 10 ("Windows Subsystem for Linux") in the age of virtual machines, dual boot and containers makes as much sense as chopping some carrots to go with the veal meal to appease vegetarian diners



  26. First They Bribe the Employer, Media Lynch Mobs May Follow

    The 'cancel culture' lynch mobs, which leverage social causes (or marginalised groups), remain a convenient means by which to oust one's political/business opposition; but money too is a massive contributing factor and the more one has of it, the easier it is to control media narrative and subversive focus



  27. Upcoming Series Teaser: The Bribery Operation of William Henry Gates III

    Bribery goes a very long way when it comes to the megalomaniac who pays the media to portray him as the world's most generous person



  28. Windows Ransomware Must Not be Unspeakable When People Die in Large Numbers Due to That (and Windows Has Intentional Back Doors)

    Loss of electronic patient records, ransom and downtime among the severe consequences of deploying Microsoft inside hospitals; yet the media rarely names the real culprit (manslaughter charges theoretically possible) and nobody gets punished except those who offer real solutions



  29. IRC Proceedings: Saturday, May 30, 2020

    IRC logs for Saturday, May 30, 2020



  30. Burning the House That Richard Stallman (RMS) Built: An Open Letter to GNU Maintainers Who Opposed RMS

    An open letter to people who petitioned RMS to step down and who outsource GNU projects to Microsoft (GitHub)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts