EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.21.10

Bad September for Microsoft Security, Symantec Buyout Rumours

Posted in Microsoft, Rumour, Security, Windows at 3:03 pm by Dr. Roy Schestowitz

buying a book

Summary: As loads of security problems occupy the world of Windows, Microsoft resorts to seeking help from security firms it competes with and more botnets thrive nonetheless

Microsoft is having a tough month dealing with many security problems caused by its own weaknesses. This post is a quick accumulation of some issues from the past 2 weeks.

Viruses

Earlier in the month we wrote about the ‘Here You Have’ virus, which got a lot of news coverage [1, 2, 3]. It was politically motivated:

THE HACKER claiming credit for the ‘Here you have’ Trojan, written as a blow against the invasion and occupation of Iraq, might be located in Spain.

Cisco says that this virus caused brief havoc. It affects everyone to a certain extent.

Stuxnet

Stuxnet is real bummer which we covered in [1, 2, 3, 4, 5, 6, 7, 8, 9]. “Holes used by the Stuxnet worm remain in Windows XP,” said this recent report (there are more) and it is exploiting zero-day flaws. Microsoft liaises with Kaspersky in hopes of tackling this problem. Eventually some patches arrived [1, 2, 3, 4] but only after a lot of damage had been done. It turns out that Symantec — not just Kaspersky — helped Microsoft here:

Microsoft has credited security partners at Kaspersky Lab and Symantec for helping to close a critical Windows vulnerability that was being exploited by a sophisticated worm that has attacked industrial plant

Symantec

Earlier this month Symantec created a tie-up with Microsoft’s Fog Computing [1, 2]. Then came speculations that Microsoft was looking to buy Symantec. It was just a rumour (likely false), but investors took it seriously and Symantec surged [1, 2, 3, 4, 5]. The stock being driven up like this may always lead to suspicion that someone spread the rumour just to make money in a short-term period. That’s illegal of course and the SEC should keep an eye open.

Speaking of acquisitions by Microsoft, “PopCap Rejected $5 Million Microsoft Buyout” says this one report among many more [1, 2,
3]. This one says that “Microsoft tried to convince PopCap it was only worth $5 million, but the studio didn’t believe it.” To quote another item, ‘During an interview with Develop, Jason Kapalka, creative director at PopCap, explained how even Microsoft tried to buy them, but the offer price was a joke: “We had a couple of funny instances in the early years of PopCap where we were talking to Microsoft about a possible acquisition – I think it was in 2002 – and they sat us down and gave us this long speech about why our company was worth 5 million dollars, at a time when we had four million in the bank.”‘

Fakes

Back to insecurity, an older rogue antivirus attack gave trouble to Windows users this month [1, 2, 3, 4, 5]. It’s a form of malware. In an operating system where antivirus software is not necessary, this would hardly be an issue.

ASP.NET

Microsoft is acknowledging that there is a security problem with ASP.NET, as mentioned here last week.

Microsoft has released a security advisory about a vulnerability affecting Web applications built on ASP.NET.

Here is another article about it.

It’s already being exploited, based on today’s reports:

Attackers have begun exploiting a recently disclosed vulnerability in Microsoft web-development applications that opens password files and other sensitive data to interception and tampering.

The vulnerability in the way ASP.Net apps encrypt data was disclosed last week at the Ekoparty Conference in Argentina. Microsoft on Friday issued a temporary fix for the so-called “cryptographic padding attack,” which allows attackers to decrypt protected files by sending vulnerable systems large numbers of corrupted requests.

Now, Microsoft security pros say they are seeing “limited attacks” in the wild and warned that they can be used to read and tamper with a system’s most sensitive configuration files.

Malware

There are many new stories about malware, such as:

i. Report: More Than 1 Million Web Sites Serving Malware in Q2 [via]

Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 – a sharp increase.

More than one million Web domains were infected with malicious code in the second quarter of 2010 – around one percent of all active Web domains, according to data released by Web security firm Dasient, Inc.

ii. Pirate Bay beset by tainted ads

The tainted ads exposed visiting surfers to Windows Trojans via drive-by download attacks. Pirate Bay has experienced similar problems in the past, and it’s unclear how long it will take to clear up the latest issues.

iii. Study: 33% of SMBs Have Been Infected With Malware From Social Networks

About one-third of small and medium-sized businesses have been infected with malware from social networks like Facebook and Twitter, according to a recent study released by Panda Security, a company specializing in cloud security.

iv. Windows malware dwarfs other viral threats

The vast majority of malware – more than 99 per cent – targets Windows PCs, according to a new survey by German anti-virus firm G-Data.

G-Data reckons 99.4 per cent of all new malware of the first half of 2010 targeted Microsoft’s operating system. Just 0.6 per cent of the 1,017,208 new malware programs discovered in 1H2010 targeted other systems, such as Apple Mac boxes and servers running Unix.

Botnet

When one in two Windows computers is said to be a zombie PC, there is clearly a problem, especially when it goes on for years, still unresolved. Some of the latest Windows botnets stories are:

i. A botnet for hire springs up

Insecurity outfit Damballa revealed that the creatively named IMDDOS (I’m DDoS) botnet can be hired out as “pressure test software” by those who are willing to cough up some cash and download an application. The application is little more than dialogue box allowing the user to point the botnet to a particular IP address and port number and start hitting it with spurious requests.

ii. Microsoft Helps Cox Identify Infected Computers

iii. Microsoft gets legal might to target spamming botnets

iv. Microsoft gets superweapon for fighting botnets

Internet Explorer 8

The very latest version of Internet Explorer is still not so widely adopted because of Microsoft’s hostility towards the Web which it still cannot reverse. Here is the latest vulnerability in Internet Explorer 8 [1, 2].

Late last week, a security flaw in Internet Explorer 8 was publicly disclosed to the Full Disclosure mailing list. The flaw allows attackers to steal private information from online services such as web mail and Twitter, allowing attackers to, for example, delete e-mails or send tweets from their victims’ accounts.

Exchange

“Microsoft Exchange opens the door for hackers,” says The Inquirer.

FIRMS RUNNING Microsoft’s Exchange mail server could find that users of its Outlook Web Access (OWA) software have their sessions hijacked.

A security vulnerability in Exchange Server 2003 SP2 and Exchange Server 2007 SP1 and SP2 means that attackers can take control of a user’s OWA session and issue commands up to the level permitted by security controls without the user knowing. OWA is a rich ‘web mail’ client that is offered by Exchange Server and has the look and feel of Microsoft’s standalone Outlook software.

According to this, a well-selling Linux phone (not Ballnux) suffers from its reliance on Exchange.

There are rumors that the possible technical problem with the Microsoft Exchange is causing the delay of Android 2.2 Froyo push to Motorola Droid X devices. Multiple news outlets including Droid Life has confirmed the news.

Who needs Exchange anyway? It’s just a brand. Android can do better than that and also avert the security problems.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 24/4/2018: Preview of Crostini, Introducing Heptio Gimbal, OPNsense 18.1.6

    Links for the day



  2. Patent Maximalists Step Things Up With Director Andrei Iancu and It's Time for Scientists to Fight Back

    Science and technology don't seem to matter as much as the whims of the patent (litigation) 'industry', at least judging by recent actions taken by Andrei Iancu (following a hearing before the Senate Judiciary Committee)



  3. Mythology About Patents in the East

    Misconceptions (or deliberate propaganda) about patent policy in the east poison the debate and derail a serious, facts-based discussion about it



  4. Patent Trolls Watch: Red River Innovations, Bradium Technologies/General Patent, and Wordlogic

    A quick look at some patent trolls that made the news this Monday; we are still seeing a powerful response to such trolls, whose momentum is slipping owing to the good work of the Patent Trial and Appeal Board (PTAB)



  5. Holding Benoît Battistelli Accountable After the EPO

    The many abuses and offenses committed by Mr. Battistelli whilst he enjoyed diplomatic immunity can and should be brought up as that immunity expires in two months; a good start would be contacting his colleagues, who might not be aware of the full spectrum of his abuses



  6. Links 23/4/2018: Second RC of Linux 4.17 and First RC of Mesa 18.1

    Links for the day



  7. The Good Work of the Patent Trial and Appeal Board (PTAB) and the Latest Attempts to Undermine It

    A week's roundup of news about PTAB, which is eliminating many bad (wrongly-granted) patents and is therefore becoming "enemy number one" to those who got accustomed to blackmailing real (productive) firms with their questionable patents



  8. District Courts' Patent Cases, Including the Eastern District of Texas (EDTX/TXED), in a Nutshell

    A roundup of patent cases in 'low courts' of the United States, where patents are being reasoned about or objected to while patent law firms make a lot of money



  9. The Federal Circuit's (CAFC) Decisions Are Being Twisted by Patent Propaganda Sites Which Merely Cherry-Pick Cases With Outcomes That Suit Them

    The Court of Appeals for the Federal Circuit (CAFC) continues to reject the vast majority of software patents, citing Section 101 in many such cases, but the likes of Managing IP, Patently-O, IAM and Watchtroll only selectively cover such cases (instead they’re ‘pulling a Berkheimer’ or some similar name-dropping)



  10. Patents Roundup: Metaswitch, GENBAND, Susman, Cisco, Konami, High 5 Games, HTC, and Nintendo

    A look at existing legal actions, the application of 35 U.S.C. § 101, and questionable patents that are being pursued on software (algorithms or "software infrastructure")



  11. In Maxon v Funai the High 'Patent Court' (CAFC) Reaffirms Disdain for Software Patents, Which Are Nowadays Harder to Get and Then Defend

    With the wealth of decisions from the Court of Appeals for the Federal Circuit (CAFC) wherein software patents get discarded (Funai being the latest example), the public needs to ask itself whether patent law firms are honest when they make claims about resurgence of software patents by 'pulling a Berkheimer' or coming up with terms like “Berkheimer Effect”



  12. Today's European Patent Office Works for Patent Extremists and for Team UPC Rather Than for Europe or for Innovation

    The International Association for the Protection of Intellectual Property (AIPPI) and other patent maximalists who have nothing to do with Europe, helped by a malicious and rather clueless politician called Benoît Battistelli, are turning the EPO into a patent-printing machine rather than an examination office as envisioned by the EPC (founders) and member states



  13. The EPO is Dying and Those Who Have Killed It Are Becoming Very Rich in the Process

    Following the footsteps of Ron Hovsepian at Novell, Battistelli at the EPO (along with Team Battistelli) may mean the end of the EPO as we know it (or the end altogether); one manager and a cabal of confidants make themselves obscenely rich by basically sacrificing the very organisation they were entrusted to serve



  14. Short: Just Keep Repeating the Lie (“Quality”) Until People Might Believe It

    Battistelli’s patent-printing bureau (EPO without quality control) keeps lying about the quality of patents by repeating the word “quality” a lot of times, including no less than twice in the summary alone



  15. Shelston IP Keeps Pressuring IP Australia to Allow Software Patents and Harm Software Development

    Shelston IP wants exactly the opposite of what's good for Australia; it just wants what's good for itself, yet it habitually pretends to speak for a productive industry (nothing could be further from the truth)



  16. Is Andy Ramer's Departure the End of Cantor Fitzgerald's Patent Trolls-Feeding Operations and Ambitions?

    The managing director of the 'IP' group at Cantor Fitzgerald is leaving, but it does not yet mean that patent trolls will be starved/deprived access to patents



  17. EPO Hoards Billions of Euros (Taken From the Public), Decreases Quality to Get More Money, Reduces Payments to Staff

    The EPO continues to collect money from everyone, distributes bogus/dubious patents that usher patent trolls into Europe (to cost European businesses billions in the long run), and staff of the EPO faces more cuts while EPO management swims in cash and perks



  18. Short: Calling Battistelli's Town (Where He Works) “Force for Innovation” to Justify the Funneling of EPO Funds to It

    How the EPO‘s management ‘explained’ (or sought to rationalise) to staff its opaque decision to send a multi-million, one-day ceremony to Battistelli’s own theatre only weeks before he leaves



  19. Short: EPO Bribes the Media and Then Brags About the Paid-for Outcome to Staff

    The EPO‘s systematic corruption of the media at the expense of EPO stakeholders — not to mention hiring of lawyers to bully media which exposes EPO corruption — in the EPO’s own words (amended by us)



  20. Short: EPO's “Working Party for Quality” is to Quality What the “Democratic People's Republic of Korea” is to Democracy

    To maintain the perception (illusion) that the EPO still cares about patent quality — and in order to disseminate this lie to EPO staff — a puff piece with the above heading/photograph was distributed to thousands of examiners in glossy paper form



  21. Short: This Spring's Message From the EPO's President (Corrected)

    A corrected preface from the Liar in Chief, the EPO's notoriously crooked and dishonest President



  22. Short: Highly Misleading and Unscientific Graphics From the EPO for an Illusion of Growth

    A look at the brainwash that EPO management is distributing to staff and what's wrong with it



  23. Short: EPO Explains to Examiners Why They Should and Apparently Can Grant Software Patents (in Spite of EPC)

    Whether it calls it "CII" or "ICT" or "Industry 4.0" or "4IR", the EPO's management continues to grant software patents and attempts to justify this to itself (and to staff)



  24. Links 21/4/2018: Linux 4.9.95, FFmpeg 4.0, OpenBSD Foundation 2018 Fundraising Campaign

    Links for the day



  25. As USPTO Director, Andrei Iancu Gives Three Months for Public Comments on 35 U.S.C. § 101 (Software Patenting Impacted)

    Weeks after starting his job as head of the US patent office, to our regret but not to our surprise, Iancu asks whether to limit examiners' ability to reject abstract patent applications citing 35 U.S.C. § 101 (relates to Alice and Mayo)



  26. In Keith Raniere v Microsoft Both Sides Are Evil But for Different Reasons

    Billing for patent lawyers reveals an abusive strategy from Microsoft, which responded to abusive patent litigation (something which Microsoft too has done for well over a decade)



  27. Links 20/4/2018: Atom 1.26, MySQL 8.0

    Links for the day



  28. Links 19/4/2018: Mesa 17.3.9 and 18.0.1, Trisquel 8.0 LTS Flidas, Elections for openSUSE Board

    Links for the day



  29. The Patent Microcosm, Patent Trolls and Their Pressure Groups Incite a USPTO Director Against the Patent Trial and Appeal Board (PTAB) and Section 101/Alice

    As one might expect, the patent extremists continue their witch-hunt and constant manipulation of USPTO officials, whom they hope to compel to become patent extremists themselves (otherwise those officials are defamed, typically until they're fired or decide to resign)



  30. Microsoft's Lobbying for FRAND Pays Off as Microsoft-Connected Patent Troll Conversant (Formerly MOSAID) Goes After Android OEMs in Europe

    The FRAND (or SEP) lobby seems to have caused a lot of monopolistic patent lawsuits; this mostly affects Linux-powered platforms such as Android, Tizen and webOS and there are new legal actions from Microsoft-connected patent trolls


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts