EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.10.10

Microsoft Leaves Windows XP SP2 Users Open to Attacks, ZeuS Exploits Windows Flaws, and 4Chan Becomes Unsafe to Windows Users

Posted in Apple, GNU/Linux, Microsoft, Security, Windows at 7:27 pm by Dr. Roy Schestowitz

4chan front page in 2009

Summary: Grouping of security news from this week

“Has anybody seen the news about Microsoft not supporting the link vulnerability patch in XP SP2?”

That question was asked by Chips B Malroy earlier today. He cited the following two posts:

i. Registry hack used by gamers allows security for Windows XP SP2

If you use Windows XP SP2, then by now you are well aware that it has come to its end of life. This means no security updates, no software updates, no support. However, an interesting blog post from F-Secure explains how to install security updates on the aging operating system, if a user is willing to assume the risk.

ii. Windows XP SP2: Hack Allows ‘Shortcut Patch’ To Be Installed

PC users who are still using Windows XP SP2, even after the service pack was retired on July 13 can still receive security updates thanks to a trick found by editing the registry.

Had Windows been Free software, no “hack” around the Registry would be needed.

At the moment, all versions of Windows are still open for attacker to exploit. The press doesn’t call out Windows when it reports on the ZeuS Trojan:

Security vendor M86 Security says it’s discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.

More here:

A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July, according to security researchers.

Web-based malware based on the infamous Zeus cybercrime toolkit is being used to steal money via the unnamed bank’s online banking system. Researchers at the M86′s Security Labs came across the attack after discovering the botnet’s command & control centre, which is hosted in Moldova.

What about Microsoft and Windows? Here is another IDG article whose headline says “Malware Circulating on 4Chan Forums” (it does not say “Windows malware”).

The important point to take away from this is that HTA files are programs, just like EXEs and can do dangerous things.

Here is a funny one:

INSECURITY OUTFIT McAfee has decided it’s time to get tough on cybercrime.

We’re not sure how McAfee was tackling cybercrime before the publication of its report, “Security Takes the Offensive”. Whatever it was doing obviously wasn’t enough, given the malware threats out in the wilds of the Internet.

Security would be simplified if Windows was removed from this equation. Earlier today we posted several links to new articles that claim GNU/Linux/Android superiority over Apple when it comes to security. Apple — like Microsoft — is being negligent again.

Apple sits on a patch for a critical flaw

PEDDLER OF BROKEN DREAMS Apple has apparently come up with a patch for a critical flaw in the Iphone OS that gives a hacker so much control over the device that they might as well be Steve Jobs.

Just because this operating system is proprietary doesn’t mean it’s harder to decipher and thus more secure. Fast patching is key.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. News Roundup: Free Software/Open Source Software

    Reverse-chronological news summary with headlines of interest about Free/Open Source software

  2. Weekend News: Surveillance, Drones, CIA, and Ukraine

    More weekend news (plus early Monday news) about issues scarcely covered in the wider media/press

  3. Richard Stallman on Storing Files Online

    Dr. Richard Stallman, the Free Software Foundation's founder, talks about storage in so-called "clouds"

  4. Weekend News: Surveillance, Drones, Torture, and More

    News about power and abuse thereof, including -- for the most part -- surveillance

  5. Links 8/3/2014: Distros

    Links for the day

  6. Links 8/3/2014: Games

    Links for the day

  7. Links 8/3/2014: Instructionals

    Links for the day

  8. Political News That Matters

    Links for the day

  9. MDV News: OpenMandriva Lx 2014 on Its Way, Mageia Has Issue, PCLinuxOS Has New Magazine

    Links for the day

  10. Secret Deals -- Not GnuTLS -- a Threat to GNU/Linux Security

    Shifted focus (diversion towards non-issues like the GnuTLS flaw) and what we really need to watch out for when it comes to surveillance on GNU/Linux users

  11. Leaving Windows to Rot

    Windows XP is almost officially dead now, so rather than cling onto it (as parts of China reportedly do) one needs to move to GNU/Linux

  12. Red Hat Joins the Joke Which is Amazon's 'Secure' Federal 'Cloud'

    Another Red Hat move which puts citizens' data in the hands of unaccountable spies and their corporate partners/accomplices

  13. Fedora 21 Release Just 7 Months Away

    Red Hat's Fedora 21 will come out in the middle of October, according to a newly-published schedule

  14. Debian's Importance is Growing

    Updates and news from the Debian camp, focusing on the silent or lesser-acknowledged role of this international project in computing

  15. Arch Linux is Becoming More Mainstream

    Arch (GNU/)Linux is used by a lot of people and inspiring big derivatives such as Manjaro, Chakra GNU/Linux, and more

  16. IBM Not the Only 'Sugar Daddy' of GNU/Linux

    As IBM declines it is worth remembering that GNU/Linux no longer rests on the shoulders of few giants

  17. Privacy, Spying on Congress, Drones, Ukraine Intervention, and More

    Links for the day

  18. A Parade of (GNU/)Linux-powered Mobile Operating Systems

    Links for the day

  19. Links 6/3/2014: Games

    Links for the day

  20. Links 6/3/2014: Applications

    Links for the day

  21. Links 6/3/2014: Instructionals

    Links for the day

  22. GoDaddy, Go Away: How This SOPA Backer is Censoring the Internet Despite SOPA's Death

    Political censorship now in the West, but overlooked by statistics that omit domain-level cutoffs

  23. Bitcoin Increasingly Adopted, Increasingly Smeared

    A look at one of the latest smears against Bitcoin, courtesy of Britain's Internet Watch Foundation (IWF)

  24. You Know That Microsoft is Finished When Even Rupert Murdoch Dumps Microsoft

    Rupert Murdoch's special relationship with Microsoft and Bill Gates seems to be coming to an end

  25. Patent Stacking by Microsoft, Apple, Nokia et al. Makes Android/Linux More Expensive, Less Competitive

    The return of discussions about patent stacking and the role played by the anti-Android camp

  26. Panic Over Transport Layer Security (TLS) Flaw Which is Already Patched

    What the media is not really telling us about the GnuTLS vulnerability

  27. An Android World: Limitless Expansion in Tablets, Smaller Devices, and New Hardware

    Links for the day

  28. This Week's News: Civil Rights, Politics and War

    Links for the day

  29. Ubuntu Rising: Desktops, Servers, Phones, and Beyond

    Links for the day

  30. News About Lesser Known Desktop Environments

    Links for the day

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts