EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.10

Microsoft Cannot Offer Security on the Web, Either

Posted in Microsoft, Security, Windows at 1:36 am by Dr. Roy Schestowitz

Predator

Summary: Vultures keep circling not just Microsoft Windows but just about anything from the company, which failed to comprehend security

THERE are companies that increasingly decide to rely on online services, which they sometimes refer to as ‘the cloud’. There is a false assumption about security though. First of all, if one accesses these services from a Windows-running PC, one is not secure. In China, for example, hackers can access Windows source code, which was never written to be inspected in this way (and many security experts have not had the time to find errors in it prior to release). On the server side too Microsoft is failing based on the latest news:

1. Microsoft BPOS configuration screw up causes data disclosure

Customers of Microsoft’s Business Productivity Online Suite—a cloud-based suite including Exchange, SharePoint, LiveMeeting, and Office Communicator—may have had certain data leaked after a configuration error left their contact information exposed.

The configuration problem left information in customers’ Offline Address Books exposed to other customers. The Offline Address Book is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, so that they can be used even when disconnected from Exchange. It’s e-mail addresses on those lists that could have been made available.

2. Microsoft BPOS cloud service hit with data breach

Company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software.

The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite.

Microsoft confirmed the data breach to Webwereld, a Dutch IDG publication.

This is far from being the first BPOS cockup [1, 2, 3] and putting that together with the botnet problem on the client side, there’s no reason to choose Microsoft over GNU/Linux with Google as host, for example. The European politicians recently began talking about Windows botnets, bringing up problems like Conficker and Stuxnet: [via Glyn Moody]

Inside the EU, damages from this botnet were reported in France, the UK and Germany. French fighter planes were unable to take off after military computers were infected by Conficker in January 2009. The German army reported in February 2009 that parts of its computer network were infected by Conficker, making the websites of the German army, and the Defence ministry unreachable and preventing them from being updated by their administrators. Certain IT services, including e-mails, were unavailable for weeks to the UK Ministry of Defence personnel in January/February 2009 after they were infected by the Conficker botnet.

In the last few days experts at international level have launched an alert for a new type of malicious computer warm called Stuxnet that is infecting a high number of power plants, pipelines and factories and could be used to control plant operations remotely. If confirmed, this would be the first case of a highly sophisticated botnet aimed at industrial targets, a development experts don’t hesitate to define ”the first directed cyber weapon”. Botnets like Stuxnet could give wrong information and orders to industrial plants and operate sabotage at several levels, causing severe damages.

Incidentally, there’s advice from Wayne Borean (“My Christmas gift to Windows Users” he calls it) which goes under the heading “Computer Security Suggestions For Microsoft Windows Users” and moving away from Windows is high up on the list. For those who don’t know yet, for Windows administrators it may have been a tough holiday, as usual (this happens every year at this time) because “Microsoft confirm[ed] critical un-patched Internet Explorer CSS vulnerability” just before Christmas:

The flaw could allow malicious users to run unauthorised code remotely inside the iexplore.exe process. Proof-of-concept code is currently available that exploits the vulnerability. The code bypasses ASLR and DEP security protections in Windows. Security firm Vupen warned of the vulnerability earlier this month.

Here is more about the zero-day exploit: [via]

A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products.

And finally, consider the following batch of news:

i. Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretend to find disk fragmentation or file system integrity problems.

ii. Bummed-out users give anti-virus bloatware the boot

One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira.

The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more than three in five (62.8 per cent) users had tried multiple anti-virus products over the last year.

The problem is not just Windows; it’s Microsoft products in general.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Interesting Supreme Court Cases About Patents in the United States

    A quick review of some of the latest developments regarding SCOTUS (the US Supreme Court) as far as patents go



  2. Governments in Europe Still Active Against EPO Management

    There is still political work being done -- albeit rather discreetly -- against Battistelli and his goons at the European Patent Office's top-level management



  3. The European Spam Office (EPO)

    EPO budget at 'work', days after doing copy-paste jobs and also working overtime in the weekend for an extravagant and needless/purposeless event (except for Battistelli's own pride)



  4. Not Just Benoît Battistelli and Willy Minnoye (EPO): Željko Topić Too Thinks He is Above the Law, Avoids the Judges and Courts

    The latest developments regarding some of the criminal complaints and civil lawsuits against Topić, who is now a Vice-President at the European Patent Office (EPO)



  5. Nefarious Forces for Patent Abuse and Software Patents in the United States, Australia, India, Korea, and Europe

    A roundup of news from the weekend and today, with emphasis on the elements inside the system (or the media) which push for regressive policies that benefit them financially at the expense of everybody else



  6. [ES] El Sistema de Patentes de los EE.UU: Donde Uno Desperdicia Años en Corte y Gasta $8,000,000 en Honorarios de Abogados Peleándo una Patente Falsa

    un sumario de noticias acerca de las patentes de software en los EE.UU. Y ha lo que han llevado, debido en gran manera al decline en calidad de las patentes por parte de la USPTO (dejando que otros se las arreglen limpiando el desórden)



  7. [ES] La Oficina Europea de Patentes Todavía Sigilósamente Abusiva, Pagará $15,000 en Compensasió a Trabajadora Tras un Tardío Fallo de la ILO

    La Organización Internacional del Trabajo (ILO) emite un fallo en un caso de abuso de la EPO y nota “la excesiva duración de los procedimienteos internos de apelación.”



  8. Links 2/5/2016: Linux 4.6 RC6, DragonBox Pyra

    Links for the day



  9. Links 1/5/2016: Wine 1.9.9, Devuan Jessie 1.0 Beta

    Links for the day



  10. The US Patent System: Where One Wastes Years in Court and Spends $8,000,000 in Lawyers' Fees Fighting a Bogus Patent

    A roundup of news about software patents in the US and what they have led to, owing in part to the USPTO's declining patent quality (leaving others to clean up its mess)



  11. The European Patent Office Still Silently Abusive, Will Pay $15,000 in Compensation to Female Worker After Belated ILO Judgment

    The International Labour Organisation (ILO) issues a judgment on a case of abuse by the EPO and notes "excessive length of the internal appeal proceedings."



  12. [ES] Alice Continúa Quebrando Patentes de Software Asi Que los Abogados de Patentes, Cabilderos de los Monopolistas, Etc. Ahora Atacan a la Corte Suprema por Hacer Esto

    los cabilderos Corpórativos y abogados de patentes están tratándo de poner a Alicia en la tumba, por su impacto en las patentes de software que es muy profundo y así hasta ahora casi indetenible



  13. [ES] ¿Cómo Salvar la Reputación de la EPO?: Crear Más Jurados de Apelaciónes en Europa y Abolir la Malgíada/Malintencionada Fantasía de la UPC

    Una crítica evaluación de lo que ocurre en la Oficina Europea de Patentes (EPO), la que rápidamente se está yendo para abajo (y degradando sobre todo) a el nivel de los sistemas Chinos, en conjuntamente con corrupción, los abusos, y la bajísima calidad de las patentes



  14. [ES] La Corte de Apelaciónes del Circuito Federal (CAFC) Acaba de Ponerse a Favor de los Trolles de Patentes

    la tristémente célebre CAFC, que manifestó las patentes de software en los EE.UU, acaba de dar un regalo a los trolles de patentes quienes típicamente usan las patentes de software para extorsión enc complicidad con los jueces del Este de Texas



  15. [ES] Análisis de los Últimos Datos de Lex Machina Acerca de la Litigación de Patentes Muestra Como está Declinándo

    el Professor Mark Lemley de Lex Machina resalta las tendencias en litigation al colectar y analizar datos relacionados con patente y concerniéntes a monopolios intelectuales en general; actualmente muestra una sequía de litigaciones (muestran que ha disminuído)



  16. [ES] La India Está Teniendo Otra Prueba de los Peligros de las Patentes Occidentales, Debe Aprender a Rechazar Completamente las Patentes de Software en Medio de Gran Presión

    El gigante de software que es la India continua enfrentándos ea la cruel y agresivo cabildeo de Occidente, haciéndo que este controle a la India por patentes que no deberían de existir en primer lugar



  17. [ES] Microsoft Dice que Continuará Extorsiónando a Compañías Que Distribuyan Linux, Usando Patentes de Software Usuallmente

    La guerra de Microsoft contra Linux, una guerra que es peleada usando patentes de software patents (por ganancias y/o por chantáje con arreglos empaquetados), todavía continúa a pesar de todas las tácticas de relaciónes públicas de Microsoft y sus sócios



  18. Alice Continues to Smash Software Patents So Patent Lawyers, Monopolists' Lobbyists Etc. Now Attack the Supreme Court for Doing This

    Corporate lobbyists and patent lawyers are trying to put Alice in the grave, for its impact on software patents is very profound and thus far almost unstoppable



  19. How to Salvage the EPO's Reputation: Create More Boards of Appeal in Europe and Abolish the Misguided UPC Fantasy

    A critical evaluation of what goes on at the European Patent Office (EPO), which is quickly descending down (and overall degrading) to the level of Chinese systems, along with the corruption, the abuses, and the low quality of patents



  20. Court of Appeals for the Federal Circuit (CAFC) Has Just Sided With Patent Trolls

    The notorious CAFC, which manifested software patents in the United States, has just given a gift to patent trolls that typically use software patents for extortion down in Texas



  21. Analyses of the Latest Data From Lex Machina About Patent Litigation Show Some Litigation Declines

    Professor Mark Lemley's Lex Machina highlights litigation trends by collecting and analysing data related to patents and pertaining to intellectual monopolies in general; now it shows litigation droughts



  22. India is Having Another Taste of the Dangers of Western Patents, Must Learn to Reject Software Patents in the Face of Great Pressure

    The growing software giant which is India continues to face cruel and aggressive lobbying from the West, enabling the West to control India by patents that should not exist in the first place



  23. Links 29/4/2016: GNOME 3.21.1, Fairphone

    Links for the day



  24. Microsoft Says It Will Continue to Extort Companies That Distribute Linux, Using Software Patents As Usual

    Microsoft's war on Linux, a war which is waged using software patents (for revenue and/or for coercion in bundling deals), is still going on in spite of all the PR tactics from Microsoft and its paid partners



  25. Australia Might be Next to Block Software Patents If Commission's Advice is Followed

    Australian advice against software patents, which can hopefully influence Australian politicians and put an end, once and for all, to all software patents in Australia



  26. [ES] ''Si la Forma de Pensar de la EPO fuese Seguida, Guantánamo Sería Posible en Suelo Alemán.”

    La EPO está todavía bajo fuego, pero mucho de ello pasa detrás de las cortinas y envuelve abogados y/o burócratas



  27. The European Copy-Paste Office (EPO)

    This morning's example (not the first) of how the EPO uses 'social' media



  28. Links 28/4/2016: Fedora 24, EE Goes Open Source

    Links for the day



  29. Amid Referendum “the New European Unitary Patent System is Likely to Collapse Before It Started”

    The Unitary Patent Court (UPC) vision seems like it may be just one month away from its gradual death, depending on British voices amongst other key factors



  30. USTR is Trying to Shame and Bully India Into Introducing Software Patents in India

    Lobbying body of the US (corporations-led) is trying its usual dirty tactics against India's sound policy which excludes software/algorithms from patent scope


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts