EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.10.10

Microsoft Leaves Windows XP SP2 Users Open to Attacks, ZeuS Exploits Windows Flaws, and 4Chan Becomes Unsafe to Windows Users

Posted in Apple, GNU/Linux, Microsoft, Security, Windows at 7:27 pm by Dr. Roy Schestowitz

4chan front page in 2009

Summary: Grouping of security news from this week

“Has anybody seen the news about Microsoft not supporting the link vulnerability patch in XP SP2?”

That question was asked by Chips B Malroy earlier today. He cited the following two posts:

i. Registry hack used by gamers allows security for Windows XP SP2

If you use Windows XP SP2, then by now you are well aware that it has come to its end of life. This means no security updates, no software updates, no support. However, an interesting blog post from F-Secure explains how to install security updates on the aging operating system, if a user is willing to assume the risk.

ii. Windows XP SP2: Hack Allows ‘Shortcut Patch’ To Be Installed

PC users who are still using Windows XP SP2, even after the service pack was retired on July 13 can still receive security updates thanks to a trick found by editing the registry.

Had Windows been Free software, no “hack” around the Registry would be needed.

At the moment, all versions of Windows are still open for attacker to exploit. The press doesn’t call out Windows when it reports on the ZeuS Trojan:

Security vendor M86 Security says it’s discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.

More here:

A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July, according to security researchers.

Web-based malware based on the infamous Zeus cybercrime toolkit is being used to steal money via the unnamed bank’s online banking system. Researchers at the M86′s Security Labs came across the attack after discovering the botnet’s command & control centre, which is hosted in Moldova.

What about Microsoft and Windows? Here is another IDG article whose headline says “Malware Circulating on 4Chan Forums” (it does not say “Windows malware”).

The important point to take away from this is that HTA files are programs, just like EXEs and can do dangerous things.

Here is a funny one:

INSECURITY OUTFIT McAfee has decided it’s time to get tough on cybercrime.

We’re not sure how McAfee was tackling cybercrime before the publication of its report, “Security Takes the Offensive”. Whatever it was doing obviously wasn’t enough, given the malware threats out in the wilds of the Internet.

Security would be simplified if Windows was removed from this equation. Earlier today we posted several links to new articles that claim GNU/Linux/Android superiority over Apple when it comes to security. Apple — like Microsoft — is being negligent again.

Apple sits on a patch for a critical flaw

PEDDLER OF BROKEN DREAMS Apple has apparently come up with a patch for a critical flaw in the Iphone OS that gives a hacker so much control over the device that they might as well be Steve Jobs.

Just because this operating system is proprietary doesn’t mean it’s harder to decipher and thus more secure. Fast patching is key.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Mozilla Will Relay Firefox User Input (Even Keystrokes) to Microsoft and the NSA Through Yahoo in the US

    Mozilla is letting Microsoft manage users' data in Firefox, including keystrokes in the address bar



  2. Microsoft Found to Have Broken the Law in China (Tax Evasion), Just Like Practically Everywhere

    China is reportedly taking action against Microsoft's notorious habit of tax evasion and fining the company well over $100 million



  3. Links 26/11/2014: Docker Patched, New DragonFlyBSD

    Links for the day



  4. Message to the Corporate Media: Bill Gates is Not an Ebola Expert

    Brainwash in the corporate media, including media that the Gates Foundation bribes in exchange for sheer bias, paints the super-rich as the solution rather than the problem



  5. US Government Finally Probes Microsoft Over Financial Fraud, Microsoft Then Bullies the Government With a Lawsuit

    Microsoft is finally being investigated -- perhaps properly too -- for its well-known tax abuses that have so far proved that Microsoft is "too big to jail"; Microsoft is suing the investigator, exerting its abusive power to discourage further investigation



  6. Gagging Critics: Micro Focus-Run SUSE Bribes Journalists in Exchange for Positive Coverage

    Amid the takeover by Micro Focus, SUSE pays journahayess (especially critics) who in turn become some kind of advertisements feed of Novell



  7. Links 25/11/2014: Tizen News, Jolla Tablet Past Million

    Links for the day



  8. Links 24/11/2014: Linux 3.18-rc6, Qualcomm Eyes GNU/Linux Servers

    Links for the day



  9. Boycotting Micro Focus International

    Microsoft's "Partner of the Year" is taking over the patron of SUSE and all of Novell's remains, except the patents (Microsoft has already grabbed those)



  10. Vesna Stilin's Remarks on Željko Topić: Part XI

    Vesna Stilin speaks about her confrontation with EPO Vice-President Željko Topić, who has criminal lawsuits against him in Croatia



  11. Links 22/11/2014: Linux Mint 17.1, Ubuntu MATE

    Links for the day



  12. Links 21/11/2014: Problems at Debian, Jolla Tablet

    Links for the day



  13. Links 18/11/2014: Linux 3.18 RC 5, New DigiKam

    Links for the day



  14. Special Report: Many Criminal Charges Against EPO Vice-President Željko Topić

    The abuses of Željko Topić, who has gained notoriety in his home country, are rapidly becoming public knowledge across all of Europe



  15. Links 16/11/2014: Xfdesktop 4.10.3, GNU Hello 2.10

    Links for the day



  16. Microsoft is Going Into the Anti-Whistleblowing Business, Dodges Criticism Over 19-Year Bug Door in Windows

    With Aorato acquisition Microsoft helps protect the criminals (from whistleblowers) and with lies about .NET Microsoft distracts from a bug that has facilitated remote access into Windows (by those in the know) for nearly two decades



  17. Reaffirming Microsoft's Long-Known Hostility Towards Net Neutrality, Microsoft Crashed Juniper

    Steve Ballmer is ranting against net neutrality and Juniper's business is in trouble after a lot of executives from Microsoft took over most top positions there



  18. Another Massive Step Towards Elimination of Software Patents as Even CAFC Rules Against Them

    After SCOTUS gets involved in the Ultramercial case, the CAFC finally decides to actually serve justice rather than dogma



  19. The GOP's Patent Reform Plan Not Effective Enough to Stop Massive Patent Trolls Like Microsoft/Nokia

    The corporations-serving GOP says that it wants a patent reform, but another reminder is needed of the futility of the suggested changes



  20. How the EPO's Executive Branch (Battistelli and Topić) Banned Scrutiny and Created Authoritarian Model of Control: Part X

    A look at highly dubious moves by EPO President Battistelli and his right-hand man Topić, whose abuses are becoming hard to oversee or even report



  21. Links 15/11/2014: Linux Mint 17.1 Release Candidate, Popcorn Time 0.3.5

    Links for the day



  22. IRC Proceedings: October 26th, 2014 – November 8th, 2014

    Many IRC logs



  23. The Terrible Joke Which is Microsoft 'Loving' Linux: Nightmares With UEFI 'Secure' Boot (i.e. Windows Monopoly Imposed) Continue to Affect GNU/Linux Users

    A reminder of Microsoft's sheer hostility towards GNU/Linux and long-reaching sabotage of GNU/Linux installations



  24. Patent Lawyers Worry About Section 101 in 'Alice' (and Other Patent News)

    A quick roundup of news of interest regarding software patents



  25. Will Write for FUD (Against FOSS)

    Black Duck rears its ugly head again, serving to show that it is in the business of changing perceptions and not in the information or analysis business



  26. Debunking Several Days of Never-Ending Lies About Microsoft and .NET

    .NET is not "Open Source", it cannot be forked (there remains patent threat), Visual Studio is still completely proprietary and it is expected to come to other platforms only because Windows has lost its dominance and Microsoft wants to perpetually control APIs (with software patents) and hence reign over developers



  27. Links 14/11/2014: LibreOffice 4.3.4, Ads Now in Firefox

    Links for the day



  28. Links 14/11/2014: GNOME 3.14.2, PulseAudio 6.0

    Links for the day



  29. Microsoft Windows is Still Designed as a Paradise of Back Doors, Intrusion, Wiretaps, and Interception

    At many levels -- from communication to storage and encryption -- Windows is designed for the very opposite of security



  30. Forget the FUD About Bash and OpenSSL, Microsoft Windows Blamed for Massive Credit Cards Heist

    Home Depot learns its lesson from a Microsoft Windows disaster, but it stays with proprietary software rather than move to software that is actively audited by many people and is inherently better maintained (Free/libre software)


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts