EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.10

Microsoft Cannot Offer Security on the Web, Either

Posted in Microsoft, Security, Windows at 1:36 am by Dr. Roy Schestowitz

Predator

Summary: Vultures keep circling not just Microsoft Windows but just about anything from the company, which failed to comprehend security

THERE are companies that increasingly decide to rely on online services, which they sometimes refer to as ‘the cloud’. There is a false assumption about security though. First of all, if one accesses these services from a Windows-running PC, one is not secure. In China, for example, hackers can access Windows source code, which was never written to be inspected in this way (and many security experts have not had the time to find errors in it prior to release). On the server side too Microsoft is failing based on the latest news:

1. Microsoft BPOS configuration screw up causes data disclosure

Customers of Microsoft’s Business Productivity Online Suite—a cloud-based suite including Exchange, SharePoint, LiveMeeting, and Office Communicator—may have had certain data leaked after a configuration error left their contact information exposed.

The configuration problem left information in customers’ Offline Address Books exposed to other customers. The Offline Address Book is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, so that they can be used even when disconnected from Exchange. It’s e-mail addresses on those lists that could have been made available.

2. Microsoft BPOS cloud service hit with data breach

Company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software.

The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite.

Microsoft confirmed the data breach to Webwereld, a Dutch IDG publication.

This is far from being the first BPOS cockup [1, 2, 3] and putting that together with the botnet problem on the client side, there’s no reason to choose Microsoft over GNU/Linux with Google as host, for example. The European politicians recently began talking about Windows botnets, bringing up problems like Conficker and Stuxnet: [via Glyn Moody]

Inside the EU, damages from this botnet were reported in France, the UK and Germany. French fighter planes were unable to take off after military computers were infected by Conficker in January 2009. The German army reported in February 2009 that parts of its computer network were infected by Conficker, making the websites of the German army, and the Defence ministry unreachable and preventing them from being updated by their administrators. Certain IT services, including e-mails, were unavailable for weeks to the UK Ministry of Defence personnel in January/February 2009 after they were infected by the Conficker botnet.

In the last few days experts at international level have launched an alert for a new type of malicious computer warm called Stuxnet that is infecting a high number of power plants, pipelines and factories and could be used to control plant operations remotely. If confirmed, this would be the first case of a highly sophisticated botnet aimed at industrial targets, a development experts don’t hesitate to define ”the first directed cyber weapon”. Botnets like Stuxnet could give wrong information and orders to industrial plants and operate sabotage at several levels, causing severe damages.

Incidentally, there’s advice from Wayne Borean (“My Christmas gift to Windows Users” he calls it) which goes under the heading “Computer Security Suggestions For Microsoft Windows Users” and moving away from Windows is high up on the list. For those who don’t know yet, for Windows administrators it may have been a tough holiday, as usual (this happens every year at this time) because “Microsoft confirm[ed] critical un-patched Internet Explorer CSS vulnerability” just before Christmas:

The flaw could allow malicious users to run unauthorised code remotely inside the iexplore.exe process. Proof-of-concept code is currently available that exploits the vulnerability. The code bypasses ASLR and DEP security protections in Windows. Security firm Vupen warned of the vulnerability earlier this month.

Here is more about the zero-day exploit: [via]

A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products.

And finally, consider the following batch of news:

i. Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretend to find disk fragmentation or file system integrity problems.

ii. Bummed-out users give anti-virus bloatware the boot

One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira.

The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more than three in five (62.8 per cent) users had tried multiple anti-virus products over the last year.

The problem is not just Windows; it’s Microsoft products in general.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 15/4/2014: Lots of PCLinuxOS Releases, Ukraine Updates

    Links for the day



  2. Apple and Microsoft Actively Lobbying Against Patent Reform in the US

    Apple and Microsoft are reportedly intervening/interfering with US law in order to ensure that the law is Free/libre software-hostile



  3. Lawsuit by Microsoft Shareholder Targets Fine for Crimes Rather Than the Crimes Themselves

    A new lawsuit by a Microsoft shareholder shows everything that's wrong with today's model of accountability, where those who are responsible for crimes are accused of not avoiding fines rather than committing the crimes



  4. Public Institutions Must Dump PRISM-Associated Software

    Another reminder that taxpayers-subsidised services should refuse, as a matter of principle, to pay anything for -- let alone deploy -- proprietary software with back doors



  5. GNU/Linux News: The Opportunities Amid XP EOL

    Links for the day



  6. Microsoft Gets Its Money's Worth From Xamarin: PlayStation 4 Now Polluted by Microsoft

    The Trojan horse of Microsoft, Xamarin, is pushing .NET into Microsoft's console competitor



  7. After Brendan Eich Comes Chris Beard

    Having removed Brendan Eich using bullying and blackmail tactics, his foes inside Mozilla achieved too little as we have yet another man (coming from inside Mozilla) acting as CEO



  8. Healthcare News: Free Software in Health, Humanitarian Causes

    Links for the day



  9. Links 14/4/2014: MakuluLinux, Many Games, More Privacy News and Pulitzer Prize for NSA Revelations

    Links for the day



  10. TechBytes Episode 87: Catching up With Surveillance (NSA, GCHQ et al.)

    The first audio episode in a very long time covers some of the latest happenings when it comes to privacy and, contrariwise, mass surveillance



  11. Server News: KVM, ElasticHosts, Other GNU/Linux Items, and Open Network Linux

    Links for the day



  12. Hardware News: Freedom, Modding, Hackability on the Rise

    Links for the day



  13. Distributions News: GNU/Linux Distros

    Links for the day



  14. GNOME News: Financial Issues, Mutter-Wayland, West Coast Summit, Community Participation

    Links for the day



  15. KDE News: Kubuntu at the Centre Again KDE Applications Updated

    Links for the day



  16. Techrights Rising

    Effective immediately, Techrights will do what it takes to bring back old volume and pace of publishing



  17. Links: Surveillance, Intervention, Torture and Drones

    Links for the day



  18. Mobile Linux Not Just Android: Jolla, WebOS, and Firefox OS News

    Links for the day



  19. Google's Linux Revolution: New Gains for Android, Chrome OS (GNU/Linux)

    Links for the day



  20. Free/Libre Databases News: MongoDB, NoSQL, and MySQL Branches/Forks

    Links for the day



  21. Open Access on the Rise: Textbooks, Journals, Etc.

    Links for the day



  22. Finance Watch (Watching What's Not Being Watched): Economic Warfare/Class Injustice

    Links for the day



  23. Climate and Ecology Watch: News About a World Being Destroyed

    Links for the day



  24. Copyright News: DRM, Censorship, Megaupload, Hypocrisy, and Impact on the Internet

    Links for the day



  25. Sharing Works: Latest News Stories About Crowd-sourcing, Sharing, Transparency

    Links for the day



  26. Links 12/4/2014: Games

    Links for the day



  27. Links 12/4/2014: Applications

    Links for the day



  28. Links 12/4/2014: Instructionals

    Links for the day



  29. Political News: Protests Face a Ban, Covert Actions Continue, Cold War Era Imperialism, Privacy, and War on Justice

    Links for the day



  30. Ubuntu News: Themes, Unity 8, Meizu Phone, Ubuntu Touch, and Elementary OS

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts