EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.10

Microsoft Cannot Offer Security on the Web, Either

Posted in Microsoft, Security, Windows at 1:36 am by Dr. Roy Schestowitz

Predator

Summary: Vultures keep circling not just Microsoft Windows but just about anything from the company, which failed to comprehend security

THERE are companies that increasingly decide to rely on online services, which they sometimes refer to as ‘the cloud’. There is a false assumption about security though. First of all, if one accesses these services from a Windows-running PC, one is not secure. In China, for example, hackers can access Windows source code, which was never written to be inspected in this way (and many security experts have not had the time to find errors in it prior to release). On the server side too Microsoft is failing based on the latest news:

1. Microsoft BPOS configuration screw up causes data disclosure

Customers of Microsoft’s Business Productivity Online Suite—a cloud-based suite including Exchange, SharePoint, LiveMeeting, and Office Communicator—may have had certain data leaked after a configuration error left their contact information exposed.

The configuration problem left information in customers’ Offline Address Books exposed to other customers. The Offline Address Book is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, so that they can be used even when disconnected from Exchange. It’s e-mail addresses on those lists that could have been made available.

2. Microsoft BPOS cloud service hit with data breach

Company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software.

The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite.

Microsoft confirmed the data breach to Webwereld, a Dutch IDG publication.

This is far from being the first BPOS cockup [1, 2, 3] and putting that together with the botnet problem on the client side, there’s no reason to choose Microsoft over GNU/Linux with Google as host, for example. The European politicians recently began talking about Windows botnets, bringing up problems like Conficker and Stuxnet: [via Glyn Moody]

Inside the EU, damages from this botnet were reported in France, the UK and Germany. French fighter planes were unable to take off after military computers were infected by Conficker in January 2009. The German army reported in February 2009 that parts of its computer network were infected by Conficker, making the websites of the German army, and the Defence ministry unreachable and preventing them from being updated by their administrators. Certain IT services, including e-mails, were unavailable for weeks to the UK Ministry of Defence personnel in January/February 2009 after they were infected by the Conficker botnet.

In the last few days experts at international level have launched an alert for a new type of malicious computer warm called Stuxnet that is infecting a high number of power plants, pipelines and factories and could be used to control plant operations remotely. If confirmed, this would be the first case of a highly sophisticated botnet aimed at industrial targets, a development experts don’t hesitate to define ”the first directed cyber weapon”. Botnets like Stuxnet could give wrong information and orders to industrial plants and operate sabotage at several levels, causing severe damages.

Incidentally, there’s advice from Wayne Borean (“My Christmas gift to Windows Users” he calls it) which goes under the heading “Computer Security Suggestions For Microsoft Windows Users” and moving away from Windows is high up on the list. For those who don’t know yet, for Windows administrators it may have been a tough holiday, as usual (this happens every year at this time) because “Microsoft confirm[ed] critical un-patched Internet Explorer CSS vulnerability” just before Christmas:

The flaw could allow malicious users to run unauthorised code remotely inside the iexplore.exe process. Proof-of-concept code is currently available that exploits the vulnerability. The code bypasses ASLR and DEP security protections in Windows. Security firm Vupen warned of the vulnerability earlier this month.

Here is more about the zero-day exploit: [via]

A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products.

And finally, consider the following batch of news:

i. Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretend to find disk fragmentation or file system integrity problems.

ii. Bummed-out users give anti-virus bloatware the boot

One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira.

The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more than three in five (62.8 per cent) users had tried multiple anti-virus products over the last year.

The problem is not just Windows; it’s Microsoft products in general.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Microsoft Admits Vista 10 Not a 'Free' 'Upgrade', Especially If You Upgrade

    Microsoft debunks its own false promises, showing that Vista 10 as 'free' is virtually a mirage



  2. Free Software is Commercial

    orporate media helps stigmatise Free/Open Source software as unsuitable for commercial use and once again it uses the 'security' card



  3. 'Sanader’s Protégé' Željko Topić Slammed by Press in His Home Country

    The mischiefs of Benoît Battistelli and Željko Topić still not forgotten while temporary calm prevails at the EPO



  4. Links 3/8/2015: Linux 4.2 RC5, Korora 22

    Links for the day



  5. The World is Changing and Patent Law Can Change Either for Better or for Worse

    Recent secret dealings (which are being exposed to the public owing to whistle-blowers) show the degree of coordination and collusion against public interests; it's up to us, the majority, to fight back and tackle this injustice



  6. The Latest on Patent 'Reform' in the US: GOP Media Deception, Healthwashing Patents, and SIIA Lobbying

    Techrights looks at the more prominent actors driving patent policy in the US, with budget to absorb and agenda to lobby for



  7. Newegg Uses Its Fight Against Patent Trolls for Marketing

    Comments on Newegg's fight against patent trolls in court, setting an example for other companies



  8. Microsoft Lies, Propaganda, Embedded 'Journalism' and Other Dirty Tricks to Promote Vista 10

    The Vista 10 entrapment is being sold to the public using bogus/unverified figures, Microsoft propagandists pretending to be journalists, and some gullible people who actually believe them



  9. Microsoft -- Like Bill Gates -- Bribes PBS for Propaganda to be Presented as 'TV Programme'

    Microsoft pays the supposedly 'public' network to act as courier of Microsoft marketing, shrewdly disguised as 'information'



  10. Links 2/8/2015: KDE Applications 15.08 Beta, Zorin OS 10

    Links for the day



  11. Links 1/8/2015: Steam Sale, blackPanther OS 14.1

    Links for the day



  12. Vista 10 Inherently Criminal: Vandalising the Competition (Dual Boot, Rival Web Browsers, Online Services)

    Vista 10, the latest incarnation of Windows, takes its anticompetitive aspects to a whole new level, betraying even so-called 'partners' in the process



  13. As Microsoft AstroTurfing/PR Budget Runs Dry, Vista 10 Truths Come Out

    The media manipulation by Microsoft (to the tune of hundreds of millions of dollars spent on 'marketing') grows thin as a growing number of growingly angry early adopters of Vista 10 publicly rant



  14. Links 31/7/2015: Lennart Poettering as 'Linux Hero' and systemd Conference Coming

    Links for the day



  15. Links 30/7/2015: Apache Spark on Z System, Elive 2.6.8 Beta

    Links for the day



  16. Microsoft's Mouthpiece Mary Branscombe Tries to Shoot Down Free Software, But Fails Miserably

    At the CBS-owned ZDNet, which is Free/Open Source software-hostile, new FUD surfaces, but the FUD is so flawed that a full rebuttal is easy and almost imperative



  17. People of New Zealand Must Rise Up to Defend Sovereignty and Stop Software Patents

    The TPPA serves to override (launder) the law of New Zealand, allegedly legalising patents on software in the process



  18. Microsoft Illegally Evades Billions of Dollars in Tax, Says IRS

    The criminal enterprise known as Microsoft finds itself embarrassingly exposed in the courtroom, for the IRS belatedly (decades too late) targets the company in an effort to tackle massive tax evasions



  19. Vista 10 Very Buggy Upon Release, Just as We Have Repeatedly Warned for Weeks

    Vista 10 is prematurely pushed out the door (to meet a deadline) way ahead of it being stable, even remotely polished, and supported by hardware companies (there is a serious drivers issue)



  20. Surveillance Machine With a Keylogger: Vista 10 Will Spy on the User (Over the Internet) Even While Playing Games

    Microsoft is making it clear that even playing a simple game like Solitaire on Vista 10 will make one subjected to spying (for targeted ads); other serious violations of privacy revealed upon release



  21. Links 29/7/2015: Akademy 2015 Ends, NetBSD 7.0 RC

    Links for the day



  22. MPEG-LA is Preparing New Patent Obstruction (Called DASH) Against Free Software, OIN Grows

    A new conspiracy against free multimedia software, set up by the MPEG cartel, is called DASH



  23. New Zealand's Media Gets History Wrong on Software Patents

    Setting the record straight on the fight against software patents in New Zealand



  24. Not Only Vista 10 Crashes a Lot, Any .NET Application Does Too (Updated)

    Microsoft software is quickly becoming synonymous with crashes as any piece of software developed with Microsoft's tools, not just the underlying platform, crashes chronically



  25. The Government of Bulgaria Sells Out to Microsoft, Again

    Despite some promises and reassurances that Bulgaria will consider Free/libre software, the Bulgarian government hands out a lot more of taxpayers' money to the Mafia



  26. Corporate Media Finally Finds Out That Vista 10 Crashes a Lot

    Stability issues of Vista 10 are belatedly reported to be a major catastrophe, leaving it unusable for many early adopters



  27. Links 28/7/2015: Linux 4.2 RC4, New Logos and Bug 'Branding' for FUD

    Links for the day



  28. Patents Roundup: Technicolor, Alice, Voip-Pal, Fitbit, Marijuana Patents, and JDate

    A look at some of last week's patent news, with imperative responses that criticise corporate exploitation of patents for protectionism (excluding and/or driving away the competition using legal threats)



  29. Corporate Lobbyists Including Koch-Connected Front Groups Attack Real and Perceived Patent Reform in the United States

    Looking at some of the latest propaganda for and against a bill which is already too watered-down to actually fix the US patent system



  30. Patents in the Android World Further Complicate Freedom in This Linux-Powered Platform

    A survey of last week's news with special focus on Google and Android, which are trying to coexist and thrive in a world full of patent maximalists


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts