EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.24.10

Microsoft Connects With Governments as More Vulnerabilities Surface, Microsoft Can Be Sued in the UK for Security Problems

Posted in Courtroom, Europe, Law, Microsoft, Security, Windows at 8:29 am by Dr. Roy Schestowitz

The White House

Summary: Microsoft faces new challenges as security problems continue to be found even in the latest version of Windows and a UK High Court ruling indicates that Microsoft is now liable

NOW that one in two Windows PCs is believed to be a zombie PC Microsoft becomes a national and international problem. The latest Vista 7 vulnerability is a sign that things are not improving and Microsoft will start working privately/secretly with government in its disclosure of vulnerabilities [1, 2, 3, 4]. Will hidden/silent patches also be shared with governments? Last week there was an erroneous suspicion in Slashdot citing a blog with a semi-false alarm about a new security hole.

If you’re relying on the password encryption in Microsoft Dynamics GP — formerly Great Plains — to meet your PCI requirements, stop what you’re doing and listen up. It’s been revealed that its encryption algorithm is about as simple as it can be: a substitution cypher.

Look at the original source to see how Microsoft responded to the blogger by spinning and having the blogger state: “I must correct this and clarify. By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager. Here’s what happened: I reset the LESSONUSER’s passwords with SQL Enterprise Manager and afterward I was able to login to SQL Enterprise Manager with the LESSONUSER’s credentials. Some flag most have been updated when I reset the password – I need to investigate this further (this was all done in a Test environment). This was a BIG oversight on my part and I apologize for this. I really should have tested this out more before posting that statement. (Thank you Mark and others that pointed this out to me).”

Other known flaws are being addressed.

Microsoft, the software giant based in Redmond (USA), released two critical security updates on May 11, 2010, patching vulnerabilities within its e-mail applications as well as the Visual Basic for Applications designed to implement software programming language built into Microsoft Office.

“New Exploit Resists Windows Security Software,” reports IDG:

“This is definitely very serious,” said Alfred Huger, vice president of engineering at Immunet, a Palo Alto, Calif.-based antivirus company. “Probably any security product running on Windows XP can be exploited this way.” Huger added that Immunet’s desktop client is not vulnerable to the argument-switch attacks because the company’s software uses a different method to hook into the Windows kernel.

According to Matousec, nearly three-dozen Windows desktop security titles, including ones from Symantec, McAfee, Trend Micro, BitDefender, Sophos and others, can be exploited using the argument-switch tactic. Matousec said it had tested the technique on Windows XP SP3 and Vista SP1 on 32-bit machines.

Here is security guru Bruce Schneier commenting on the news that Microsoft’s EULA is no longer an excuse for security flaws [1, 2], at least in the UK where Schneier’s employer is based.

The British High Court ruled that a software vendor’s EULA — which denied all liability for poor software — was not reasonable.

Microsoft claims no liability [1, 2, 3, 4] in its EULA and other places. From now on it may be possible to sue Microsoft UK when its inherently-flawed software leads to big damages (as it does all the time).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Needs Sunlight said,

    May 24, 2010 at 2:01 pm

    Gravatar

    Liability lies with the jerks who knowingly deploy Microsoft products, not with Microsoft. The company has made poor products for many years, and those that haven’t learned or act like they haven’t are a real problem. The issue of manslaughter needs to be brought up with them in mind.

    The burden of software liability is something that M$ wants. It’s a variation of the usual extortion or ‘indemnification’ marketing. Like any other tool, the burden is on the user. Or in this case, the user is not the end-user who sits at the screen trying to get some other job done but the IT departments or consulting.

    Few other tools require liability worries by the maker — except in the case of standards. The failure with standards is also small part of the failure with security. However, there is a model already for regular tools to have liability requirements to comply with specific industry standards.

    Forget suing Microsoft for these security failures. It’s products acting as they have been designed: buggy, bloated, and fatally insecure. Sue the socks off of the managers that signed off on the Microsoft roll outs and the ‘IT’ staff that went along with it.

What Else is New


  1. Links 18/9/2019: Fedora Linux 31 Beta, PCLinuxOS 2019.09 Update

    Links for the day



  2. Links 17/9/2019: CentOS 7.7 and Funtoo Linux 1.4 Released

    Links for the day



  3. EPO is Not European

    Internationalists and patent trolls are those who stand to benefit from the 'globalisation' of low-quality and law-breaking patents such as patents on algorithms, nature and life itself; the EPO isn't equipped to serve its original goals anymore



  4. The EPO's Central Staff Committee and SUEPO (Staff Union) Respond to “Fascist Bills” Supported by EPO President António Campinos

    Raw material pertaining to the latest Campinos "scandal"; what Campinos said, what the Central Staff Committee (CSC) said, and what SUEPO said



  5. Storm Brewing in the European Patent Office After a Hot Summer

    Things aren't rosy in EPOnia (to say the least); in fact, things have been getting a lot worse lately, but the public wouldn't know judging by what media tells the public (almost nothing)



  6. Why I Once Called for Richard Stallman to Step Down

    Guest post from the developer who recently authored "Getting Stallman Wrong Means Getting The 21st Century Wrong"



  7. As Richard Stallman Resigns Let's Consider Why GNU/Linux Without Stallman and Torvalds Would be a Victory to Microsoft

    Stallman has been ejected after a lot of intentionally misleading press coverage; this is a dark day for Software Freedom



  8. Links 16/9/2019: GNU Linux-libre 5.3, GNU World Order 13×38, Vista 10 Breaks Itself Again

    Links for the day



  9. Links 16/9/2019: Qt Quick on Vulkan, Metal, and Direct3D; BlackWeb 1.2 Reviewed

    Links for the day



  10. Richard Stallman's Controversial Views Are Nothing New and They Distract From Bill Gates' Vastly Worse Role

    It's easier to attack Richard Stallman (RMS) using politics (than using his views on software) and media focus on Stallman's personal views on sexuality bears some resemblance to the push against Linus Torvalds, which leans largely on the false perception that he is sexist, rude and intolerant



  11. Links 16/9/2019: Linux 5.3, EasyOS Releases, Media Backlash Against RMS

    Links for the day



  12. Openwashing Report on Open Networking Foundation (ONF): When Open Source Means Collaboration Among Giant Spying Companies

    Massive telecommunications oligopolies (telecoms) are being described as ethical and responsible by means of openwashing; they even have their own front groups for that obscene mischaracterisation and ONF is one of those



  13. 'Open Source' You Cannot Run Without Renting or 'Licensing' Windows From Microsoft

    When so-called ‘open source’ programs strictly require Vista 10 (or similar) to run, how open are they really and does that not redefine the nature of Open Source while betraying everything Free/libre software stands for?



  14. All About Control: Microsoft is Not Open Source But an Open Source Censor/Spy and GitHub/LinkedIn/Skype Are Its Proprietary Censorship/Surveillance Tools

    All the big companies which Microsoft bought in recent years are proprietary software and all of the company’s big products remain proprietary software; all that “Open Source” is to Microsoft is “something to control and censor“



  15. The Sad State of GNU/Linux News Sites

    The ‘media coup’ of corporate giants (that claim to be 'friends') means that history of GNU/Linux is being distorted and lied about; it also explains prevalent lies such as "Microsoft loves Linux" and denial of GNU/Free software



  16. EPO President Along With Bristows, Managing IP and Other Team UPC Boosters Are Lobbying for Software Patents in Clear and Direct Violation of the EPC

    A calm interpretation of the latest wave of lobbying from litigation professionals, i.e. people who profit when there are lots of patent disputes and even expensive lawsuits which may be totally frivolous (for example, based upon fake patents that aren't EPC-compliant)



  17. Links 15/9/2019: Radeon ROCm 2.7.2, KDE Frameworks 5.62.0, PineTime and Bison 3.4.2

    Links for the day



  18. Illegal/Invalid Patents (IPs) Have Become the 'Norm' in Europe

    Normalisation of invalid patents (granted by the EPO in defiance of the EPC) is a serious problem, but patent law firms continue to exploit that while this whole 'patent bubble' lasts (apparently the number of applications will continue to decrease because the perceived value of European Patents diminishes)



  19. Patent Maximalists, Orbiting the European Patent Office, Work to 'Globalise' a System of Monopolies on Everything

    Monopolies on just about everything are being granted in defiance of the EPC and there are those looking to make this violation ‘unitary’, even worldwide if not just EU-wide



  20. Unitary Patent (UPC) Promotion by Team Battistelli 'Metastasising' in Private Law Firms

    The EPO's Albert Keyack (Team Battistelli) is now in Team UPC as Vice President of Kilburn & Strode LLP; he already fills the media with lies about the UPC, as one can expect



  21. Microsoft Targets GNU/Linux Advocates With Phony Charm Offensives and Fake 'Love'

    The ways Microsoft depresses GNU/Linux advocacy and discourages enthusiasm for Software Freedom is not hard to see; it's worth considering and understanding some of these tactics (mostly assimilation-centric and love-themed), which can otherwise go unnoticed



  22. Proprietary Software Giants Tell Open Source 'Communities' That Proprietary Software Giants Are 'Friends'

    The openwashing services of the so-called 'Linux' Foundation are working; companies that are inherently against Open Source are being called "Open" and some people are willing to swallow this bait (so-called 'compromise' which is actually surrender to proprietary software regimes)



  23. Microsoft Pays the Linux Foundation for Academy Software Foundation, Which the Linux Foundation is Outsourcing to Microsoft

    Microsoft has just bought some more seats and more control over Free/Open Source software; all it had to do was shell out some 'slush funds'



  24. Links 14/9/2019: SUSE CaaS Platform, Huawei Laptops With GNU/Linux

    Links for the day



  25. Links 13/9/2019: Catfish 1.4.10, GNOME Firmware 3.34.0 Release

    Links for the day



  26. Links 12/9/2019: GNU/Linux at Huawei, GNOME 3.34 Released

    Links for the day



  27. Links 12/9/2019: Manjaro 18.1 and KaOS 2019.09 Releases

    Links for the day



  28. EPO: Give Us Low-Quality Patent Applications, Patent Trolls Have Use for Those

    What good is the EPC when the EPO feels free to ignore it and nobody holds the EPO accountable for it? At the moment we're living in a post-EPC Europe where the only thing that counts is co-called 'products' (i.e. quantity, not quality).



  29. Coverage for Sponsors: What the Linux Foundation Does is Indistinguishable From Marketing Agencies' Functions

    The marketing agency that controls the name "Linux" is hardly showing any interest in technology or in journalism; it's just buying media coverage for sponsors and this is what it boils down to for the most part (at great expense)



  30. Watch Out, Linus Torvalds: Microsoft Bought Tons of Git Repositories and Now It Goes After Linux

    Microsoft reminds us how E.E.E. tactics work; Microsoft is just hijacking its competition and misleading the market (claiming the competition to be its own, having "extended" it Microsoft's way with proprietary code)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts