EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.12.10

Microsoft’s Latest Harms to the Web and Shallow Press Coverage That Neglects to Name Culprits

Posted in Microsoft, Security, Windows at 3:40 pm by Dr. Roy Schestowitz

Duck gossip

Summary: Coverage about security issues is abundant, but the cause of many of these issues is simply not named

MANY companies in the West had their security measures superseded and breached due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft is now warning that Internet Explorer is under another attack:

In an advisory, the company warned that a new vulnerability was being targeted in attacks against Internet Explorer 6 and 7. IE 8 is not believed to be affected. According to Microsoft, the vulnerability is due to an invalid pointer reference being used within IE and can be exploited by tricking users into visiting a malicious or compromised Web page.

This is a Windows problem because Internet Explorer is a part of Windows, which therefore inherits all the weaknesses of one piece of software that ought to have been isolated. The consequences of Windows’ insecurity can also be seen in the following news:

1. Vodafone ships malware infested mobiles

Upon further investigation, the phone was found to be infected with not one but three nasties, including the Conficker worm, a Mariposa bot client and a Lineage password divulger. The firm found that the Mariposa bot client was calling home to receive further instructions.

With a “password divulger”, banks are at risk:

2. Online banking fraud losses rise 14%”

Number of ‘phishing’ attacks have risen to 51,000 from just 1,700 five years ago, according to the UK Cards Association

Also:

3. Twitter Fights Phishing, Malware with Link Scanning Service

Twitter has announced it will begin scanning links posted by users to thwart phishing attacks and the spread of malware on the site.

Notice how the articles typically neglect to say that such malware only affects Windows users. On we move to:

4. 10 Reasons Why Security Problems Persist at Microsoft

News Analysis: As much as Microsoft would like security problems to just go away, they won’t. The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil. But there are many things that Microsoft should do to improve the situation. We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it.

[...]

2. Windows is an easy target

Windows is a nightmare when it comes to security. The operating system is filled with holes that, over the years, have been patched with varying degrees of success. Windows 7 is the most secure operating system Microsoft has released to date, but it’s probably rife with flaws that Microsoft hasn’t heard of yet. And no doubt hackers are ceaselessly searching for them. Unless Microsoft does something drastic with the next iteration of Windows, its operating system woes will likely continue.

We do not agree with the article as a whole, but it does raise some important points. The security weaknesses of Windows produce botnets rather easily:

5. Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world’s most nefarious cyber operations.

This is a Windows botnet (but it doesn’t even say “Windows botnet”). What’s sickening is that Microsoft is only mentioned in this article where it’s given credit. It says: “Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace.”

Giving Microsoft credit for the Waledac takedown [1, 2, 3, 4] is like giving DuPont credit for some minimal cleanup after the Bhopal disaster. Microsoft employees are given credit for fighting a problem that they themselves created. It’s truly amazing, especially given that those Windows botnets are costing huge amounts of money that is hard to estimate (dependent upon definitions and methods).

Here is the EFF discussing Microsoft’s takedown of an important Web site, not a Windows botnet.

We often criticize DMCA takedown abuse here at EFF, but last week’s Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft’s practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome.

We have already covered this in another post. Microsoft can stop people who leak evidence of its warrantless spying, whereas those who empty bank accounts through compromised Windows PCs are not a priority. There are hundreds of millions of them.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    March 13, 2010 at 4:02 pm

    Gravatar

    Reporters should not let Microsoft and banks get away with blaming the victim. I’ve been hearing this kind of thing for about a decade.

    “Fraudsters are now relying on the weakest link in the chain, and that is online banking customers themselves,” a spokesman for the UK Cards Association said. “Banks would never approach customers by email asking for their bank details, but people still fall for this scam.”

    Banks like to blame their customers so that they can make customers eat losses. People familiar with bank transactions know that the system is easy to defraud. People familiar with Windows know that half of Windows PCs are part of a botnet which all have the ability to log passwords. It would be surprising if a majority of credit fraud was the result of anything customers did, other than bank and use Windows.

What Else is New


  1. Links 5/12/2019: qBittorrent 4.2.0, Expensive Librem 5 and OpenBSD Bugs

    Links for the day



  2. Microsoft Staff Repeatedly Refuses to Tell How Many People Use WSL, Defends Patent Extortion and Blackmail of Linux Instead

    The people who develop WSL (mostly Microsoft employees) get easily irritated when asked how many people actually use this thing; but more interestingly, however, they reveal their disdain for GNU/Linux and support for Microsoft blackmail (for 'Linux patent tax')



  3. IRC Proceedings: Wednesday, December 04, 2019

    IRC logs for Wednesday, December 04, 2019



  4. Links 4/12/2019: Tails 4.1, UCS 4.4-3 and Proxmox VE 6.1

    Links for the day



  5. Google Tightens Its Noose

    Now it’s official! Google is just a bunch of shareholders looking to appease the Pentagon at all costs



  6. Europeans Still Need to Save the European Patent Office From Those Who Attack Its Patent Quality

    Patent quality is of utmost interest; without it, as we're seeing at the EPO and have already seen at the USPTO for a number of years, legal disputes will arise where neither side wins (only the lawyers win) and small, impoverished inventors or businesses will be forced to settle outside the courts over baseless allegations, often made by parasitic patent trolls (possessing low-quality patents they don't want scrutinised by courts)



  7. We Never Accepted and Will Never Accept Corporate Money

    Corporate money is a unique problem because of its magnitude and the fact that it's impersonal; shareholders can only ever accept its supposed justifications if they're receiving something in return (of proportional worth to the payment/transaction)



  8. IRC Proceedings: Tuesday, December 03, 2019

    IRC logs for Tuesday, December 03, 2019



  9. Links 3/12/2019: elementary OS 5.1 Hera, Plasma 5.17.4, Firefox 71

    Links for the day



  10. Laundering the Reputation of Criminals: That's an Actual Job

    An important reminder that the manufactured, paid-for (media is being bribed) image of Bill Gates is the product of the PR industry he enlisted to distract from his endless crimes



  11. 'Priceless' Tickets to the EPO's Back End and Team UPC

    CIPA's and the EPO's event (later this week) is more of the same; the EPO exists not to serve European businesses but a bunch of law firms and their biggest clients (which usually aren't even European)



  12. IRC Proceedings: Monday, December 02, 2019

    IRC logs for Monday, December 02, 2019



  13. New EPO Leak Shows That the Rumours and Jokes Are Partly True and We Know Who 'Runs the Show'

    Europe’s second-largest institution is so profoundly dysfunctional, a reprehensible kakistocracy of tribalism, money-grabbing career-climbing autocrats and possibly major fraud; today’s leak looks at what motivated and enabled the formation and latest incarnation of “Team Campinos”



  14. Links 2/12/2019: Linux Mint 19.3 Beta, DPL Sam Hartman Talks About SystemD

    Links for the day



  15. What Former Debian Project Leader (Second to the Late Ian Murdock) Thinks About SystemD in Debian GNU/Linux

    Now that Debian is debating and voting on diversity in the technical sense the thoughts of Bruce Perens merit broader audience/reach



  16. Free/Libre Software Will Eventually Become the Norm, 'Open Source' is Just Proprietary Software Trying to 'Buy Time'

    More people are starting to ask questions about Free software while “Open Source” languishes (people can see it’s just a mask for proprietary software); it was a two-decade delaying tactic that’s wearing off (people see GitHub and the OSI/Linux Foundation for what they really are)



  17. IRC Proceedings: Sunday, December 01, 2019

    IRC logs for Sunday, December 01, 2019



  18. Richard Stallman is Active and Doing Well

    The rumour mill may still be humming along; but against all odds — as Chief GNUisance of the GNU Project — Stallman keeps fighting the good fight (in the face of growing resistance)



  19. Banning Former Microsoft Employees Who Complain About Microsoft Lies, Abuses and Crimes

    The official account of Windows Insider is banning people whom it never even spoke to; this seems like a way of 'punishing' people who are not 'true believers' in Microsoft



  20. Wikileaks: Thierry Breton May Have Misused Regulatory/Government Positions to Attack His Competition (in the Market)

    Thierry 'revolving doors' Breton as seen by the United States government



  21. 13 Years of UPC Promises

    The anatomy of UPC 'fake news' or lobbying tactics along the lines of self-fulfilling prophecies and false predictions



  22. Is Water Wet?

    The criteria for patent eligibility reduced only to this question: will allowing these patents increase ‘production’ (number of patent grants)?



  23. The EPO's President Admits He's Illegally Granting Software Patents (CII, 4IR, IoT, AI and Blockchain Mean Software Patents at the EPO)

    The EPO's chief liar is openly and proudly promoting software patents using buzzwords and hype waves (and mysterious acronyms that are rather meaningless but spread by the media in exchange for money received from the EPO)



  24. Tone Policing and the Linux Foundation

    A timely example of situations where the Linux Foundation can seemingly 'cancel' people (using the Code of Conduct) for political opinions



  25. It EEEsn't Just a Microsoft Thing Anymore

    The EEErosion of Python's independence is a known problem and Microsoft is not the sole culprit



  26. Links 1/12/2019: KDE's GTK CSD Support, Skrooge 2.21.0

    Links for the day



  27. Links 1/12/2019: Genode OS 19.11 Release, Sam Hartman (DPL) Speaks Out on SystemD

    Links for the day



  28. Maximalists Cherry-Picking the So-Called 'Corbyn' 'Leak' for Their Patent Agenda While the US Lobbies Britain for Software Patents and Worse

    A quick look at what last week's media coverage may have missed and what patent maximalists don't want to tell us about confidential trade-related documents



  29. IRC Proceedings: Saturday, November 30, 2019

    IRC logs for Saturday, November 30, 2019



  30. Microsoft Loves Linux Because It Pays for It

    Microsoft cannot ‘buy’ Linux itself, so it has been buying (bribing) all the ‘right’ people while telling them (and then they tell us, too!) they “love Linux” (which they don’t even use!)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts