05.05.10

Eye on Security: Windows 2003 Web Sites Defaced, SharePoint 2007 Suffers Zero-Day Vulnerability

Posted in Australia, Finance, Microsoft, Security, Vista, Vista 7, Windows at 2:22 pm by Dr. Roy Schestowitz

Secure OS

Summary: IDG report about mass defacements of Windows sites in Australia and other security problems that are new

HAVING just taken a glance at the past week’s news from IDG*, we found:

i. Australian Cereal Hacker on Defacement Rampage

The ANZAC Day attacks were conducted by a single hacker, or hacking group, and affected Windows 2003 operating systems.

ii. Microsoft Investigates SharePoint 2007 Zero Day

Microsoft is scrambling to fix a bug in its SharePoint 2007 groupware after a Swiss firm abruptly released code that could be used in an attack.

The proof-of-concept code was released Wednesday, just over two weeks after security consultancy High-Tech Bridge says it disclosed the issue to Microsoft on April 12.

iii. Texas Man to Plead Guilty to Building Botnet-for-hire

A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP — just to show off its firepower to a potential customer.

The third article ought to call out Windows, which is responsible for hundreds of millions of zombie PCs

Microsoft views vulnerabilities also as an opportunity. Here is the latest propaganda whose purpose is apparently to sell Vista 7 using ‘security’ as an excuse (Microsoft is hiding flaws without ever reporting them, probably in order to distort statistics). As we showed before, Vista 7 is not secure. To name some older posts on the subject:

Ian Paul from IDG has just written about Vista 7′s “worst features”:

Windows 7 fixed many of Vista’s ills, but it also introduced a few of its own.

IDG also has this new article about the LoveBug worm, which is estimated to have cost $5-8 billion in damages (for one worm alone). Needless to say, Microsoft did not carry the burden of these damages.

When the LoveBug worm hit 10 years ago, it was a different time when people believed admirers were really reaching out to say “I love you”, personal firewalls were turned off by default and executable attachments weren’t blocked at e-mail gateways.

Those circumstances allowed the Love Letter worm — the first Visual Basic script worm — to infect more than 50 million computers worldwide within a week, causing estimated $5 billion to $8 billion in damages, bringing down networks by maxing out their ability to fire off e-mails and causing painstaking disinfection of affected machines.

Here we are a decade later and Microsoft never resolved those issues which it continually promises to address.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

___
* We chose IDG so as not to be accused of choosing a Microsoft-hostile source.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2010/05/05/mass-defacements-windows/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. IRC Proceedings: Wednesday, March 03, 2021

    IRC logs for Wednesday, March 03, 2021



  2. The Free Software Foundation Should Re-add Richard Stallman to the Board

    Dr. Richard Stallman is missed by many who perceive him to have been wrongly treated; putting Stallman back in the Board (at the very least) would help the image of the Free Software Foundation more than the newly-announced work with Community Consulting Teams of Boston



  3. Free Software Calling

    Fewer people are willing to "put up with the shit" given by so-called 'Big Tech', seeing that it's mostly about social control rather than enablement or emancipation



  4. Meme: EPO Management Totally Gets 'Tehc'

    The bestest patent office in the whole wide world is besting the “hey hi” (AI) cutting edge; don't worry about exam and certification integrity



  5. The EPO's Software Blunders Are Inevitable Outcome of Technically Clueless Management Which Grants Illegal Patents on Software

    The "clusterfuck" which the EPO has become is negatively affecting not only EPO staff but also stakeholders, who sink into depression and sometimes anger, even fury, at great expense to their health; this is how institutions die (for a quick but short money grab, a culmination of corruption which piggybacks half a century of goodwill gestures)



  6. Links 3/3/2021: OpenSUSE Leap 15.3 Beta, GNU Denemo 2.5, and NomadBSD 1.4

    Links for the day



  7. What Free Software Organisations Can Learn From Australia's Rape Crisis

    Reprinted with permission from Daniel Pocock



  8. Microsoft Weaponises (and Further Spreads) Racism to Distract From Its Own Incompetence (and 'Five Eyes' Collusion for Back Door Access)

    Racist Microsoft is at it again; we're meant to think that China is evil for doing exactly what the United States has been doing but more importantly we're told not to blame Microsoft for shoddy code and back doors (classic blame-shifting tactics and overt distortion of facts, as we saw in the wake of SolarWinds backdoors)



  9. GNU/Linux News Sites Need to Promote Software Freedom, Not Binary and Proprietary Blobs Merely Compiled for GNU/Linux

    There has been lots of proprietary fluff in GNU/Linux 'news' sites so far this week; it merits an explanation or clarification, e.g. why we should generally reject proprietary stuff and instead promote Free/libre alternatives



  10. Links 3/3/2021: OpenSSH 8.5 and Absolute64 20210302 Released

    Links for the day



  11. IRC Proceedings: Tuesday, March 02, 2021

    IRC logs for Tuesday, March 02, 2021



  12. Links 3/3/2021: IPFire 2.25 Core Update 154, Red Hat Satellite 6.8.4, Kiwi TCMS 10.0

    Links for the day



  13. Links 2/3/2021: KDE Plasma 5.21.2, Qt 6.1 Beta, Refund of Pre-installed Windows

    Links for the day



  14. 'GatoKeeper'/IP Kat (AstraZeneca) Still Suppressing and Censoring the Public Views or Internal EPO Talks About EPO Corruption

    The suppression of comments critical of the EPO‘s administration (especially corruption scandals surrounding António Campinos and Benoît Battistelli) is a real problem; those ought not be a taboo subject in comments (where bloggers used to speak about those issues openly and regularly)



  15. Pocock on Removing Cognitive Bias Around Consent

    Reprinted with permission from Daniel Pocock



  16. IRC Proceedings: Monday, March 01, 2021

    IRC logs for Monday, March 01, 2021



  17. Links 2/3/2021: Maui 1.2.1, RSS Guard 3.9.0

    Links for the day



  18. ZDNet Really Hates Golang (Maybe Because Microsoft Does)

    The Golang programming language seems to be the target of intense FUD campaigns from sites connected to Microsoft, so it’s likely a bit of a Nemesis/endgame to Microsoft monoculture (unlike Rust, which Microsoft has already pocketed and is actively besieging to promote Microsoft monopoly and hardware monoculture)



  19. Links 1/3/2021: KStars 3.5.2, ET: Legacy 2.77, Flameshot 0.9

    Links for the day



  20. Five Years of António Campinos Coverage in Techrights (We Correctly Predicted His Presidency in March 2016)

    We've warned about António Campinos since March of 2016; well, António Campinos isn't just EPO President right now but he's also an oppressor who demonises the union of the EPO's staff



  21. In 2021 the EPO Works for Parasites Instead of Scientists (and It Cannot Even Hide That Anymore)

    Europe's second-largest institution is working for those who attack instead of create (or those who attack actual creators, with lousy and sketchy patents as ammunition)



  22. Links 1/3/2021: Manjaro ARM 21.02 and First Linux 5.12 RC Released

    Links for the day



  23. IRC Proceedings: Sunday, February 28, 2021

    IRC logs for Sunday, February 28, 2021



  24. On Gangstalking and Victim-Blaming

    Reprinted with permission from Daniel Pocock



  25. If the Web Can Be Increasingly Replaced (or Complemented) by Gemini and IPFS Etc., Then Large Monopolists Will Try to Dominate Those

    Monopolists and sociopaths won't be clapping and cheering for whatever stands a chance of replacing the Web (or Big Banks); if they ever embrace those replacements, it'll be to dominate and in turn undermine these



  26. Links 28/2/2021: Nitrux 1.3.8 and Kraft 0.96

    Links for the day



  27. Techrights Over 3 Internet Protocols and From the Command Line, Using Either Curl/Wget/Text Editor (Over WWW) or IPFS or Gemini

    A quick demo of how Techrights can be accessed without a browser, either over gemini:// or over http://



  28. The Command Line for Weather and Football Scores, Among Other Stuff

    A lot of stuff can be done from the command line and productivity (not to mention privacy) enhanced by automation and scripting over the Web (or even Gemini, as we shall show in a future video)



  29. You Know Gemini Space is Getting a Lot Bigger When You Need to Implement DDOS Protection

    Techrights is currently working on tools or programs that help detect and respond to DDOS attacks (or abusive over-consumption of pages) over gemini://



  30. The Fall of The Register

    A word of caution about The Register, a British publisher that nowadays does a lot of reputation laundering for Microsoft and Bill Gates (instead of news about actual technology, as opposed to clown computing, big brands, and oligarchs)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts