Bonum Certa Men Certa

Microsoft Cannot Offer Security on the Web, Either

Predator



Summary: Vultures keep circling not just Microsoft Windows but just about anything from the company, which failed to comprehend security

THERE are companies that increasingly decide to rely on online services, which they sometimes refer to as 'the cloud'. There is a false assumption about security though. First of all, if one accesses these services from a Windows-running PC, one is not secure. In China, for example, hackers can access Windows source code, which was never written to be inspected in this way (and many security experts have not had the time to find errors in it prior to release). On the server side too Microsoft is failing based on the latest news:



1. Microsoft BPOS configuration screw up causes data disclosure

Customers of Microsoft's Business Productivity Online Suite—a cloud-based suite including Exchange, SharePoint, LiveMeeting, and Office Communicator—may have had certain data leaked after a configuration error left their contact information exposed.

The configuration problem left information in customers' Offline Address Books exposed to other customers. The Offline Address Book is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, so that they can be used even when disconnected from Exchange. It's e-mail addresses on those lists that could have been made available.


2. Microsoft BPOS cloud service hit with data breach

Company data belonging to customers of Microsoft's hosted business suite BPOS has been accessed and downloaded by other users of the software.

The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite.

Microsoft confirmed the data breach to Webwereld, a Dutch IDG publication.


This is far from being the first BPOS cockup [1, 2, 3] and putting that together with the botnet problem on the client side, there's no reason to choose Microsoft over GNU/Linux with Google as host, for example. The European politicians recently began talking about Windows botnets, bringing up problems like Conficker and Stuxnet: [via Glyn Moody]

Inside the EU, damages from this botnet were reported in France, the UK and Germany. French fighter planes were unable to take off after military computers were infected by Conficker in January 2009. The German army reported in February 2009 that parts of its computer network were infected by Conficker, making the websites of the German army, and the Defence ministry unreachable and preventing them from being updated by their administrators. Certain IT services, including e-mails, were unavailable for weeks to the UK Ministry of Defence personnel in January/February 2009 after they were infected by the Conficker botnet.

In the last few days experts at international level have launched an alert for a new type of malicious computer warm called Stuxnet that is infecting a high number of power plants, pipelines and factories and could be used to control plant operations remotely. If confirmed, this would be the first case of a highly sophisticated botnet aimed at industrial targets, a development experts don't hesitate to define ''the first directed cyber weapon''. Botnets like Stuxnet could give wrong information and orders to industrial plants and operate sabotage at several levels, causing severe damages.


Incidentally, there's advice from Wayne Borean ("My Christmas gift to Windows Users" he calls it) which goes under the heading "Computer Security Suggestions For Microsoft Windows Users" and moving away from Windows is high up on the list. For those who don't know yet, for Windows administrators it may have been a tough holiday, as usual (this happens every year at this time) because "Microsoft confirm[ed] critical un-patched Internet Explorer CSS vulnerability" just before Christmas:

The flaw could allow malicious users to run unauthorised code remotely inside the iexplore.exe process. Proof-of-concept code is currently available that exploits the vulnerability. The code bypasses ASLR and DEP security protections in Windows. Security firm Vupen warned of the vulnerability earlier this month.


Here is more about the zero-day exploit: [via]

A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products.


And finally, consider the following batch of news:

i. Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretend to find disk fragmentation or file system integrity problems.


ii. Bummed-out users give anti-virus bloatware the boot

One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira.

The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more than three in five (62.8 per cent) users had tried multiple anti-virus products over the last year.


The problem is not just Windows; it's Microsoft products in general.

Recent Techrights' Posts

Coping With the Site Going More Mainstream
Fame is no laughing matter
21 Pages in Less Than 7 Hours is No Joking Matter
We've become a lot more effective and efficient
Generation Chaff - Phase V: Censorship of Dissent (Painted as Harassment or Terrorism)
Censorship is all around us now
Generation Chaff - Phase IV: Apps Only Few Companies Decide On
Tools are being collectively confiscated, under the premise or false prospect of "security"
 
Links 24/10/2025: "Independent Media in Cambodia is Collapsing" and Serious F5 Breach
Links for the day
They Never 'Put Down' Corporations
There are "pests" that are traded in Wall Street
Correct Information is a Valued Asset in the Age of Slopfarms and Public Relations (PR) or Spin
Publishing suppressed facts is never easy
The Register MS Continues to Bag Money to Promote a Ponzi Scheme, Even Money From China
Today in the front page
analytics.usa.gov: The Only Supported Version of Windows (This Past Week) is Only Used by About 13.9% of People in the US, the Home Base of Windows
Even Vista 7 is still used more
Rust is Very Secure
If only Rust itself is secure
Who Will be Held Accountable for Breaking Ubuntu by Imposing Rust on Otherwise-Functional Programs, in Effect Replacing GNU With Proprietary Microsoft (GitHub)?
they're practical people who merely point out that a bunch of buffoons not only ruin Ubuntu but also every future distro based on Ubuntu
Generation Chaff - Phase VIII: In Summary
Like "Science" with a capital "S", what we see here commercial interests usurping everything
Generation Chaff - Phase VII: Curtailing Alternative Media
There was always an obligation - a collective duty of sorts - to uphold independent journalism
Generation Chaff - Phase VI: Centralisation of Information (X, Cheetok/Fentanylware)
Would you trust information when controlled by such people?
Generation Chaff - Phase III: Slop and Plagiarism
A lot of the current so-called 'economy' is built upon false valuations
Generation Chaff - Phase II: "Cloud", Blockchains and Other Hype
For those of us who turned down those propositions there was a struggle; we needed to justify not having skinnerboxes or "social" accounts in some site run by a private company
Generation Chaff - Phase I: Social Control Media
IRC predates the Web
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 23, 2025
IRC logs for Thursday, October 23, 2025
More Clues Shed on Collapse of Microsoft XBox
XBox is basically circling down the drain as Microsoft implements 2-3 waves of layoffs each month
'Vibe Coding' Doesn't Work
In a lot of ways, so-called 'Vibe Coding' is already considered vapourware or a passing fad promoted in the media by managers who try to justify mass layoffs, especially ridding companies of "very expensive" software engineers
Links 24/10/2025: Microsoft's Killing of XBox Connected to Revenue/Profit Problems, "How Elon Musk Ruined Twitter"
Links for the day
Gemini Links 24/10/2025: 86,400 Seconds and "Society's Task"
Links for the day
Slopwatch: Google News and Slopfarms That Relay Nonsense From LLMs
Google News, which once prioritised or used to care about provenance and quality, is feeding slopfarms
Links 23/10/2025: More Health Concerns Over Dumb Chatbots (LLMs) and "Talking Cars" as Latest Buzz
Links for the day
Gemini Links 23/10/2025: Daylight Savings Time and Duration Shorthand
Links for the day
Links 23/10/2025: LLM 'Hallucinations' (Defects) in Practical Code 'Generation', China Becomes More Economically and Technologically Independent
Links for the day
Why We Support Richard Stallman and You Probably Should Too
It's not about being "Richard Stallman fan", it is about maintaining the right to hold positions (on technology) like his
Linux Foundation Uses LLM Slop to Promote Microsoft in Linux.com (Again), Rendering It a Linux-Hostile Slopfarm
Openwashing with slop by "Linux.com Editorial Staff", which basically seems to be a bot
Some Large German Media Covers Richard Stallman's Talks in Germany Earlier This Week
LLM-based chatbots are just "bullshit generators" (as he has long called them)
Links 23/10/2025: Windows TCO Galore and "The Internet Is Going to Break Again"
Links for the day
Trouble in Red Hat/IBM and a Retreat to Ponzi Economics in Search of Wall Street Market Heist
Would you invest your life savings in this kind of crap?
Who Asked Software in the Public Interest (SPI) for a Refund? ($100,000, Resulting in Losses of $267,201 in 12 Months, Highest-Ever Losses)
The IRS does not reveal who or what's tied to this refund (or the cause/reason)
Social engineering attack: Debian voted to trick you on binary blobs
Reprinted with permission from Daniel Pocock
Techrights Will Always Stand for Women's Rights
We even invest money - personal savings that it - in our principles
Certified Lawyers Should Know Better (Than to Intimidate Us With Man Who Drives on Motorcycle Through a Really Bad Storm Between Distant Cities, Then Collects Photos of Our Home)
Mentioning someone was in prison for bad things isn't a crime, it's a public service
The "AI" (Slop) Bubble is Already Imploding
"ChatGPT Usage Has Peaked and Is Now Declining, New Data Finds"
The So-called "Sexy" Buckets (AI, Quantum) Cannot Save IBM From Reality, Shares Tank
"No matter how much financial hocus-pocus they use to reclassify revenues to land in the "sexy" buckets (AI, Quantum), it still smells old and musty - just like this company."
Paul Krugman is Wrong About the Scope of Mass Layoffs in the United States
A few years ago society was accelerating its journey towards feudalism, boosted by COVID-19
Links 23/10/2025: Proprietary Blunders and CISA's Latest Disclosure of Holes
Links for the day
Gemini Links 23/10/2025: Fast Past (F1), 99.9% Uptime
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 22, 2025
IRC logs for Wednesday, October 22, 2025
Slopwatch: Google News is Promoting Fake 'Articles' About Fake Xubuntu, Fake Articles About Replacing Windows With GNU/Linux
The quality of the Web deteriorates and unless someone cleans up the mess, real sites will lose an incentive to produce anything
When "AI Layoffs" Mean Layoffs Due to the "AI" Bubble Popping
many people that are laid off by Microsoft claim to be specialists in "AI"
Mysterious grant forfeited, $100,000 from Software in the Public Interest accounts 2023
Reprinted with permission from Daniel Pocock
Evidence: bullying, student union behaviour: Armijn Hemel's FSFE resignation
Reprinted with permission from Daniel Pocock
Evidence: psychological abuse, stalking, Galia Mancheva, Susanne Eiswirt ignored by FSFE judgment for Matthias Kirschner
Reprinted with permission from Daniel Pocock
Helping FSFE scam victims and conference organisers
Reprinted with permission from Daniel Pocock
Nigerian fraud in FSFE constitution
Reprinted with permission from Daniel Pocock
Worrying and Amusing Stories of "Clown Computing" Gone Awry
Many of these disasters could be avoided
Links 22/10/2025: Amazon Plans to Replace Workers With Robotics, AWS and Clown Computing in General Ridiculed
Links for the day
Gemini Links 22/10/2025: Niri Completely Changes Multitasking and Overview of Diff-ers
Links for the day
Links 22/10/2025: Study on Misinformation by Slop and Heavily Debt-Sabbled Microsoft OpenAI (ClosedSlop) Uses "Browser" as Gimmick/Distraction
Links for the day
They've Already Spent Close to a Million Dollars on Lawyers and Sent Us About 50 KG of Legal Papers (Sponsored by Mysterious Third Party) to Try to Censor Techrights, Without Success
They try to overcompensate with sheer volume for a lack of solid, clear arguments (we are the victims here)
12 Months Ago the 'Hulk Hogan of UEFI' Officially Went 'Tag-Team'
We're actually sort of flattered or proud that such despicable people are so desperate to censor us
"Cloud Computing" Was Always a Joke, But This Week Was the Punchline
Maybe stop following tech trends and fashions
"Cloud Computing" Does Not Mean Safety
Fault tolerance is related to the notion of software freedom
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 21, 2025
IRC logs for Tuesday, October 21, 2025
The Fall of Windows: From Something to Nothing
Of course Microsoft will pretend everything is fine and "just trust the hey hi" (AI)