05.24.10

Microsoft Connects With Governments as More Vulnerabilities Surface, Microsoft Can Be Sued in the UK for Security Problems

Posted in Courtroom, Europe, Law, Microsoft, Security, Windows at 8:29 am by Dr. Roy Schestowitz

The White House

Summary: Microsoft faces new challenges as security problems continue to be found even in the latest version of Windows and a UK High Court ruling indicates that Microsoft is now liable

NOW that one in two Windows PCs is believed to be a zombie PC Microsoft becomes a national and international problem. The latest Vista 7 vulnerability is a sign that things are not improving and Microsoft will start working privately/secretly with government in its disclosure of vulnerabilities [1, 2, 3, 4]. Will hidden/silent patches also be shared with governments? Last week there was an erroneous suspicion in Slashdot citing a blog with a semi-false alarm about a new security hole.

If you’re relying on the password encryption in Microsoft Dynamics GP — formerly Great Plains — to meet your PCI requirements, stop what you’re doing and listen up. It’s been revealed that its encryption algorithm is about as simple as it can be: a substitution cypher.

Look at the original source to see how Microsoft responded to the blogger by spinning and having the blogger state: “I must correct this and clarify. By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager. Here’s what happened: I reset the LESSONUSER’s passwords with SQL Enterprise Manager and afterward I was able to login to SQL Enterprise Manager with the LESSONUSER’s credentials. Some flag most have been updated when I reset the password – I need to investigate this further (this was all done in a Test environment). This was a BIG oversight on my part and I apologize for this. I really should have tested this out more before posting that statement. (Thank you Mark and others that pointed this out to me).”

Other known flaws are being addressed.

Microsoft, the software giant based in Redmond (USA), released two critical security updates on May 11, 2010, patching vulnerabilities within its e-mail applications as well as the Visual Basic for Applications designed to implement software programming language built into Microsoft Office.

“New Exploit Resists Windows Security Software,” reports IDG:

“This is definitely very serious,” said Alfred Huger, vice president of engineering at Immunet, a Palo Alto, Calif.-based antivirus company. “Probably any security product running on Windows XP can be exploited this way.” Huger added that Immunet’s desktop client is not vulnerable to the argument-switch attacks because the company’s software uses a different method to hook into the Windows kernel.

According to Matousec, nearly three-dozen Windows desktop security titles, including ones from Symantec, McAfee, Trend Micro, BitDefender, Sophos and others, can be exploited using the argument-switch tactic. Matousec said it had tested the technique on Windows XP SP3 and Vista SP1 on 32-bit machines.

Here is security guru Bruce Schneier commenting on the news that Microsoft’s EULA is no longer an excuse for security flaws [1, 2], at least in the UK where Schneier’s employer is based.

The British High Court ruled that a software vendor’s EULA — which denied all liability for poor software — was not reasonable.

Microsoft claims no liability [1, 2, 3, 4] in its EULA and other places. From now on it may be possible to sue Microsoft UK when its inherently-flawed software leads to big damages (as it does all the time).

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Needs Sunlight said,

    May 24, 2010 at 2:01 pm

    Gravatar

    Liability lies with the jerks who knowingly deploy Microsoft products, not with Microsoft. The company has made poor products for many years, and those that haven’t learned or act like they haven’t are a real problem. The issue of manslaughter needs to be brought up with them in mind.

    The burden of software liability is something that M$ wants. It’s a variation of the usual extortion or ‘indemnification’ marketing. Like any other tool, the burden is on the user. Or in this case, the user is not the end-user who sits at the screen trying to get some other job done but the IT departments or consulting.

    Few other tools require liability worries by the maker — except in the case of standards. The failure with standards is also small part of the failure with security. However, there is a model already for regular tools to have liability requirements to comply with specific industry standards.

    Forget suing Microsoft for these security failures. It’s products acting as they have been designed: buggy, bloated, and fatally insecure. Sue the socks off of the managers that signed off on the Microsoft roll outs and the ‘IT’ staff that went along with it.

What Else is New


  1. Links 28/10/2020: Torvalds on Succession, PyTorch 1.7.0

    Links for the day



  2. [Meme] Stealing the Competition

    After the fall (and fail) of CodePlex Microsoft decided to grab the Linux Foundation and most Git-based projects (through GitHub) — a strategy even Microsoft can learn to love



  3. IRC Proceedings: Tuesday, October 27, 2020

    IRC logs for Tuesday, October 27, 2020



  4. Links 28/10/2020: FreeBSD 12.2, NixOS 20.09 and WordPress 5.6 Beta 2

    Links for the day



  5. Taking Our Efforts to the Next Level in an Increasingly Proprietary and Hostile Web

    Web users are being repressed by mechanisms of mass manipulation, control and restrictions; the Web may not be going away any time soon, but architectural and topological issues need to be overcome (the sooner, the better)



  6. Read Techrights Without a Web Browser

    Any text editor can now be used to read Techrights, owing to a daily bulletin we've set up and will maintain every day



  7. [Meme] Torvalds Assimilated

    People belatedly realise that Microsoft’s plan for Git (and for Linux) isn't for the betterment of those projects but for Microsoft monopoly



  8. Links 27/10/2020: FuguIta 6.8, Fedora 33, Red Hat Satellite 6.8, KDE Plasma 5.20.2 and GStreamer 1.18.1

    Links for the day



  9. Site Changes Ahead of Anniversary

    We’re making some changes to the presentation and function of the site — changes that will become more prominent over the coming days



  10. IRC Proceedings: Monday, October 26, 2020

    IRC logs for Monday, October 26, 2020



  11. Links 26/10/2020: rpminspect 1.2, Open Source Hardware Certification and LibreOffice Conference

    Links for the day



  12. Links 26/10/2020: Debian "Bullseye" Artwork, Fwupd 1.5 Released

    Links for the day



  13. [Meme] Satya Na-DL

    Microsoft has shown its real priorities (just before the weekend when many people might not notice)



  14. Jonathan Wiltshire and Debian, Falsified Harassment Claims, Tiger Computing and GCHQ

    Reprinted with permission from Debian Community News



  15. Links 26/10/2020: Linux 5.10 RC1 and Loongsoon Laptops

    Links for the day



  16. The Downfall of Free Software Leaders (and Their Projects or Missions)

    "Cancel George Orwell, and happy hacking."



  17. IRC Proceedings: Sunday, October 25, 2020

    IRC logs for Sunday, October 25, 2020



  18. Links 25/10/2020: Kodi 18.9, ScummVM Android Love, Cutelyst 2.13

    Links for the day



  19. [Meme] Captain Zemlin and Neil McGovern's Ugly Legacy in GNOME (His Predecessors Work for Microsoft Directly Now)

    The Linux Foundation is already ‘sold’ and Microsoft Tim‘s interview with Neil McGovern, published a few days ago, was rather revealing (comments on the article/interview were also harsh)



  20. How Microsoft is Still Worse Than Google

    "I have decided that we should not publish these extensions. We should wait until we have a way to do a high level of integration that will be harder for the likes of Notes, Wordperfect to achieve, and which will give Office a real advantage."



  21. 'President Bill Gates' Wants to Punish Not Only Google After Using “Extensions” to the Web to Reinforce Microsoft's Monopoly (Antitrust Violations Are a Microsoft Thing)

    In gross distortion of facts and of history and in a rather incredible fashion (very shameless and insulting) the corporate media tries to paint Bill Gates as an antitrust hero that will save the world from monopolies



  22. Donald Trump Helped Bill Gates Increase His Wealth by More Than 50%, Especially During the Pandemic

    Contrary to ridiculous narratives disseminated by nutty accounts all around the Web, Gates and Trump are no foes but 'partners in crime'



  23. Our 14th Birthday is Coming

    We're turning 14 shortly and we need ideas from readers (things that can be done to mark the event and celebrate 'on-line')



  24. In Spite of IBM's Difficult Past and Particularly Dark History, Under Arvind Krishna’s Leadership It Has Only Shown Signs of Improving

    This winter, 6 months after Arvind Krishna’s tenure as CEO began, we can generally say that things seem to have improved and we look forward to further improvements



  25. Links 25/10/2020: GNU Taler's IETF Milestone, RISC OS 5.28 and New Ubuntu Community Council

    Links for the day



  26. IRC Proceedings: Saturday, October 24, 2020

    IRC logs for Saturday, October 24, 2020



  27. Links 24/10/2020: GDB 10.1, Kodachi 7.4, Wine 5.20

    Links for the day



  28. Celebrating Code of Conduct Violations

    Reprinted with permission from Daniel Pocock



  29. The Militarised Elephant in the Room Still Commands a Lot of Free Software Development

    We take a difficult (albeit in-depth and perfectly factual) look at IBM's past and present; considering this is the company that controls Red Hat (which in turn controls many key projects in GNU/Linux) we need a better understanding of the real context, not PR fluff and marketing



  30. Juve Patent's Love of Patent Trolls and Their Misinformation

    The press 'gutter' known as Juve (basically propaganda disguised as 'news' since years ago) has gotten to the point where the publisher is just an extension of lawyers and liars


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts