05.24.10

Gemini version available ♊︎

Microsoft Connects With Governments as More Vulnerabilities Surface, Microsoft Can Be Sued in the UK for Security Problems

Posted in Courtroom, Europe, Law, Microsoft, Security, Windows at 8:29 am by Dr. Roy Schestowitz

The White House

Summary: Microsoft faces new challenges as security problems continue to be found even in the latest version of Windows and a UK High Court ruling indicates that Microsoft is now liable

NOW that one in two Windows PCs is believed to be a zombie PC Microsoft becomes a national and international problem. The latest Vista 7 vulnerability is a sign that things are not improving and Microsoft will start working privately/secretly with government in its disclosure of vulnerabilities [1, 2, 3, 4]. Will hidden/silent patches also be shared with governments? Last week there was an erroneous suspicion in Slashdot citing a blog with a semi-false alarm about a new security hole.

If you’re relying on the password encryption in Microsoft Dynamics GP — formerly Great Plains — to meet your PCI requirements, stop what you’re doing and listen up. It’s been revealed that its encryption algorithm is about as simple as it can be: a substitution cypher.

Look at the original source to see how Microsoft responded to the blogger by spinning and having the blogger state: “I must correct this and clarify. By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager. Here’s what happened: I reset the LESSONUSER’s passwords with SQL Enterprise Manager and afterward I was able to login to SQL Enterprise Manager with the LESSONUSER’s credentials. Some flag most have been updated when I reset the password – I need to investigate this further (this was all done in a Test environment). This was a BIG oversight on my part and I apologize for this. I really should have tested this out more before posting that statement. (Thank you Mark and others that pointed this out to me).”

Other known flaws are being addressed.

Microsoft, the software giant based in Redmond (USA), released two critical security updates on May 11, 2010, patching vulnerabilities within its e-mail applications as well as the Visual Basic for Applications designed to implement software programming language built into Microsoft Office.

“New Exploit Resists Windows Security Software,” reports IDG:

“This is definitely very serious,” said Alfred Huger, vice president of engineering at Immunet, a Palo Alto, Calif.-based antivirus company. “Probably any security product running on Windows XP can be exploited this way.” Huger added that Immunet’s desktop client is not vulnerable to the argument-switch attacks because the company’s software uses a different method to hook into the Windows kernel.

According to Matousec, nearly three-dozen Windows desktop security titles, including ones from Symantec, McAfee, Trend Micro, BitDefender, Sophos and others, can be exploited using the argument-switch tactic. Matousec said it had tested the technique on Windows XP SP3 and Vista SP1 on 32-bit machines.

Here is security guru Bruce Schneier commenting on the news that Microsoft’s EULA is no longer an excuse for security flaws [1, 2], at least in the UK where Schneier’s employer is based.

The British High Court ruled that a software vendor’s EULA — which denied all liability for poor software — was not reasonable.

Microsoft claims no liability [1, 2, 3, 4] in its EULA and other places. From now on it may be possible to sue Microsoft UK when its inherently-flawed software leads to big damages (as it does all the time).

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. Needs Sunlight said,

    May 24, 2010 at 2:01 pm

    Gravatar

    Liability lies with the jerks who knowingly deploy Microsoft products, not with Microsoft. The company has made poor products for many years, and those that haven’t learned or act like they haven’t are a real problem. The issue of manslaughter needs to be brought up with them in mind.

    The burden of software liability is something that M$ wants. It’s a variation of the usual extortion or ‘indemnification’ marketing. Like any other tool, the burden is on the user. Or in this case, the user is not the end-user who sits at the screen trying to get some other job done but the IT departments or consulting.

    Few other tools require liability worries by the maker — except in the case of standards. The failure with standards is also small part of the failure with security. However, there is a model already for regular tools to have liability requirements to comply with specific industry standards.

    Forget suing Microsoft for these security failures. It’s products acting as they have been designed: buggy, bloated, and fatally insecure. Sue the socks off of the managers that signed off on the Microsoft roll outs and the ‘IT’ staff that went along with it.

DecorWhat Else is New


  1. Links 28/1/2022: GStreamer 1.20 RC1 and DXVK-NVAPI 0.5.2

    Links for the day



  2. Microsoft Staff Trying to Subvert the Freedom of Gemini (Without Disclosure of the Paymaster)

    Looking back at the past couple of years, it seems like Microsoft staff and boosters were more than eager to steer developers away from freedom and into Microsoft's cage



  3. Gemini Gone Mainstream: German Media Now in Geminispace

    With the likes of TAZ embracing Geminispace/Gemini Protocol we seem to have reached some sort of inflection point; taz.de did in fact add official presence to Geminispace



  4. Links 28/1/2022: LSFMM 2022 and 2021 UI Study Results From Elementary's Distro

    Links for the day



  5. IRC Proceedings: Thursday, January 27, 2022

    IRC logs for Thursday, January 27, 2022



  6. Links 28/1/2022: GNU Poke 2.0 and OPNsense 22.1 Released

    Links for the day



  7. Links 27/1/2022: Archinstall 2.3.1 and Nix 2.6.0

    Links for the day



  8. On the Internet, Trust Should Not Become Centralised

    “Trust” is a word that lost its meaning in the era of “TPM” and fancier names for 'Palladium'; we need to reject this idea that computers need to check with Microsoft if the operating system is trusted (not just Windows!), check with Gulag/Chrome if a Web site is trusted, and whether it's OK to run some application/s on one's own computer (as if Jim Zemlin et al get to decide what is trusted)



  9. Microsoft-Connected Publishers Suffer and Perish With Microsoft (While Peddling 'Fake News' for Their Beloved Sponsor)

    IDG and other fake news outlets/networks/sites (selling to companies flattering articles about themselves or renting out 'news space' to them, not just ad space) want us to think Microsoft is doing very well, but it's just that same old Ponzi scheme



  10. Links 27/1/2022: Mabox Linux 21.11 Herbolth and PipeWire 0.3.44

    Links for the day



  11. IRC Proceedings: Wednesday, January 26, 2022

    IRC logs for Wednesday, January 26, 2022



  12. [Meme] EPO: Pursuing an Eastern and Western District of Europe (for Patent Trolls and Software Patents)

    With the EPO so flagrantly lying and paying for misinformation maybe we should expect Benoît Battistelli and António Campinos to have delusions of grandeur… such as presiding over the Eastern and Western District of Europe, just like Mr. Gilstrap and Mr. Albright (political appointment by Donald Trump, ushering in “the swamp”)



  13. Gemini at 2,000: 86% of Capsules Use Self-Signed Certificate, Just Like the Techrights Web Site (WWW)

    As shown in the charts above (updated an hour ago), the relative share of ‘Linux’ Foundation (LE/LF; same thing, same office) in the capsules’ certificates has decreased over time; more and more (in terms of proportion) capsules choose to sign their own certificate/s; the concept of ‘fake security’ (centralisation and consolidation) should be rejected universally because it leaves nobody safe except plutocrats



  14. [Meme] UPC: Many Lies as Headlines, Almost Exclusively in Publishers Sponsored by EPO and Team UPC to Produce Fake News (Lobbying Through Misinformation)

    Lest we forget that EPO dictators, like Pinky and the Brainless Benoît Battistelli and António Campinos, have long littered the EPO's official Web site as well as publishers not directly connected to the EPO (but funded by it) with disinformation about the UPC



  15. EPO as the 'Ministry of Truth' of Team UPC and Special Interests

    The 'Ministry of Truth' of the patent world is turning the EPO's Web site into a propaganda mill, a misinformation farm, and a laughing stock with stock photography



  16. Microsoft 'Delighted' by Windows 11 (Vista 11) Usage, Which is Only 1% Three Months After Official Launch and Six Months After Release Online

    Microsoft boosters such as Bogdan Popa and Mark Hachman work overtime on distraction from the failure Vista 11 has been (the share of Windows continues to fall relative to other platforms)



  17. Links 27/1/2022: Preinstalled GNU/Linux (Ubuntu) and Arch Linux-Powered Steam Deck 30 Days Away

    Links for the day



  18. Don't Fall for Microsoft's Spin That Says Everything is Not Secure and Cannot be Secured

    Microsoft keeps promoting the utterly false concept that everything is not secure and there's nothing that can be done about it (hence, might as well stay with Windows, whose insecurity is even intentional)



  19. At Long Last: 2,000 Known Gemini Capsules!

    The corporate media, looking to appease its major sponsors (such as Web/advertising giants), won't tell you that Gemini Protocol is rising very rapidly; its userbase and the tools available for users are rapidly improving while more and more groups, institutions and individuals set up their own capsule (equivalent of a Web site)



  20. Links 26/1/2022: Gamebuntu 1.0, PiGear Nano, and Much More

    Links for the day



  21. IRC Proceedings: Tuesday, January 25, 2022

    IRC logs for Tuesday, January 25, 2022



  22. Links 26/1/2022: No ARM for Nvidia, End of EasyArch, and WordPress 5.9 is Out

    Links for the day



  23. Why the Unified Patent Court (UPC) is Still Just a Fantasy and the UPC's Fake News Mill Merely Discredits the Whole Patent 'Profession'

    Patents and science used to be connected; but now that the patent litigation 'sector' is hijacking patent offices (and even courts in places like Texas) it's trying to shove a Unified Patent Court (UPC) down the EU's throat under the disingenuous cover of "community" or "unity"



  24. Links 25/1/2022: Vulkan 1.3 Released, Kiwi TCMS 11.0, and antiX 19.5

    Links for the day



  25. Gemini Milestones and Growth (Almost 2,000 Known Gemini Servers Now, 39,000 Pages in Ours)

    The diaspora to Gemini Protocol or the transition to alternative 'webs' is underway; a linearly growing curve suggests that inertia/momentum is still there and we reap the benefits of early adoption of Gemini



  26. [Meme] Get Ready for Unified Patent Court (UPC) to be Taken to Court

    The Unified Patent Court (UPC) and Unitary Patent system that’s crafted to empower EPO thugs isn’t legal and isn’t constitutional either; even a thousand fake news 'articles' (deliberate misinformation or disinformation) cannot change the simple facts because CJEU isn’t “trial by media”



  27. The EPO Needs High-Calibre Examiners, Not Politicians Who Pretend to Understand Patents and Science

    Examiners are meant to obstruct fake patents or reject meritless patent applications; why is it that working conditions deteriorate for those who are intellectually equipped to do the job?



  28. Free Software is Greener

    Software Freedom is the only way to properly tackle environmental perils through reuse and recycling; the mainstream media never talks about it because it wants people to "consume" more and more products



  29. Links 25/1/2022: Git 2.35 and New openSUSE Hardware

    Links for the day



  30. IRC Proceedings: Monday, January 24, 2022

    IRC logs for Monday, January 24, 2022


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts