12.27.10
IRC Proceedings: December 26th, 2010
|
|
|
|
Freedom is Not Free
Richard Stallman in a Free Software Briefing (WSIS-2005)
Summary: How Microsoft is daemonising ordinary people and confusing lawmakers using terminology and imposters who pretend to speak for free/open source software
MOVING to Free (libre) software is a decision which ought to be motivated at least in part by the realisation that freedom is hard to earn and it is very valuable. It’s only when it’s lost that its value can be appreciated. Microsoft pretends to be countering counterfeiting while in fact it uses counterfeiting to counter freedom, ensuring that populations especially in poor countries have no control over their computing; instead, Microsoft takes control. Glyn Moody has found this post from China about a new and dishonest Microsoft campaign:
One of the biggest issues Western firms have with China is the country’s stance on intellectual property rights. Despite the Chinese Government stepping up its efforts to battle the issue in recent years, the problems still exist.
Whether it be the stalls in Beijing’s Silk Market selling their staggering range of counterfeit designer goods, Chinese media broadcasters using copyright footage without permission, or the ever impressive copycat products (known in China as ‘山寨’ – Shānzhài) such as the recent ‘iPed’ — the fake iPad, there is no doubt about it intellectual property infringements are rife in the PRC.
[...]
For instance in 2008, Microsoft rolled out a program called “Windows Genuine Advantage” which caused “black screens of death” to appear every hour on unregistered versions of the Windows operating system. The only way to resolve the problem would have been to buy a genuine copy of Windows.
Bill Gates in China 1995
Yet, just a year earlier, Bill Gates stated that he liked the Chinese pirating his software over its competitors, because he believed that eventually Chinese consumers would pay for the real thing.
Wikileaks recently taught us something new about the “black screens of death”. To the government, it’s about control (being able to suspend computers in a hostile nation), not about so-called ‘piracy’ (counterfeiting). Be careful of the Microsoft spin, which seems to be everywhere these days.
In a “Guest Post” from Microsoft’s Walli [1, 2, 3, 4, 5, 6] (who pretends not to understand Free software, e.g. by implicitly comparing it to communism) Microsoft’s Outercurve Foundation gets promoted while Outercurve/Microsoft staff continues to redefine open source. It is infiltrating its competition and obscures freedom as in “free to distribute”, as opposed to free of charge. Not so long ago the same type of people tried to tell us that RAND was compatible with Free software and they managed to derail the second version of EIF [1, 2, 3, 4, 5], which more and more groups are not pleased with. The FFII deciphers this message from Dutch:
IT journalist Brenno de Winter is not impressed by the #EIF
That’s what will happen if Microsoft is allowed to hijack “open source” and then use mobbyists/lobbyists to lie about what it is. Glyn Moody predicted this would happen when he wrote about it for Linux Journal around 3 years ago. █
“There’s free software [gratis, dumpware] and then there’s open source… there is this thing called the GPL, which we disagree with.”
–Bill Gates, April 2008
Apple and Bill Gates Serve Power, Serve Themselves, Harm the Population
National heroes or national felons with PR facelift?
(Photo by Joi Ito from Inbamura, Japan)
Summary: How powerful people with excessive wealth ensure the population beneath them remains ignorant and obedient, using control of information (media acquisition and censorship)
COMPANIES like PayPal, MasterCard and Visa are known to be defending their government’s bad behaviour. It was all over the news this month. Amazon arguably falls under the same category, but guess who else? “Apple removes Wikileaks app? North Korea are more open than Apple,” wrote Gordon Sinclair regarding this very recent news. Yes, Apple censored Wikileaks without specifying a reason, but there are excuses. TechDirt is not typically hostile towards Apple but its latest headline says: “Apple The Latest To Convict Wikileaks Despite No Charges Or Trial; Kills Wikileaks App For Violating Unnamed Laws”
The thing is, Wikileaks hasn’t even been charged with a crime yet, let alone found guilty of one, so it’s not clear why all these companies claim that the app does not comply with he law. Also, while we’re still waiting for evidence of anyone actually put in “harm’s way” due to Wikileaks, that reasoning doesn’t make any sense either. The information found on Wikileaks is being written about in all sorts of major news publications — so if a Wikileaks app is putting people in harm’s way, then so is the Safari browser on the iPhone that can be used to access all the same information.
Asher Wolf adds: “‘Flipping Skirts’ iPhone app still available at iStores. Wikileaks app censored. What does this say about Apple’s values?” In a later post TechDirt lumps Apple together with all the Wikileaks censors (“Visa, MasterCard, Paypal, BofA & Apple”) and says:
But, an even bigger point is buried towards the end in an update, where Greenwald asks:
Why aren’t Visa, MasterCard, Paypal, their web hosting company and various banks terminating their relationships with The New York Times, the way they all did with WikiLeaks: not only for the NYT’s publication of many of the same diplomatic and war cables published by WikiLeaks, but also for this much more serious leak today in which WikiLeaks was completely uninvolved?
And, I think, we can add Apple to that list. After all, if these companies keep claiming that Wikileaks “broke the law” (as most of the companies listed here are saying), why do they not feel the same way about the NY Times?
Let this teach us an important lesson. Supporting Apple is supporting a vision where people have no perceived individuality/superiority (everyone uses Apple) and everyone is digitally ‘jailed’. That’s the type of vision tyrants tend to have and speaking of tyrants, watch out for Bill Gates’ hijack of the press, which in turn he uses to promote his power ploy (taking over schools, libraries, and so on). One journalist has just published an article titled “The Gates Foundation conspiracy to take over the media” (similar to the idea of suppressing Wikileaks’ content):
Bill Gates is too shrewd a businessman to want to actually take over a money-losing, failing industry like the media. (Though newspapers today do have something in common with software; one person produces the original product and then millions obtain copies of it for free.)
No, what I want to talk about is the Gates Foundation’s funding of media. I’ve already written plenty about this … maybe too much.
More accurately, I wanted to talk with the media folks at the Seattle philanthropy about their perspective on “partnering” with the media.
These kind of arrangements confuse or disturb some people and I’ve given the media folks at the Gates Foundation a bit of grief over the past few months about the nature of some of these partnerships. This might seem kind of odd, I know, since I work for NPR, which also has been funded by the world’s largest philanthropy to report on global health and development issues — and which is what I do (even though I get no Gates money).
The world needs access to real information and not PR, which Gates spends over one million dollars on per day. That’s why we maintain this Wiki about the Gates Foundation — a page which we really hope to extend next week (time permitting). It gets mean where Gates insults the intelligence of Americans in order to justify Microsoft's approach towards cheap(er) labour in/from other countries. It’s extremely dangerous when information is controlled by the nation’s wealth and disinformation disseminated with the justification that ignorance is bliss. █
The Future of Embedded is Linux, Not Windows
Summary: Mobile devices and phones are becoming centred around Linux while Microsoft can only dream and use legal actions (or threats of legal actions, as means of extortion rackets)
GNU/Linux has already won a place in the server room and it dominates the world’s biggest servers. But also on the very low scale Linux is a spectacular superstar and Microsoft cannot do so much about it. Our reader gnufreex alleges that Microsoft’s ARM news is just vapourware that’s intended to harm Linux because Microsoft promises too much, only to under-deliver (or not at all deliver) at a later date. Many distributors of Linux regularly confess that their “next version” will not have much that’s revolutionary. Microsoft never behaves that way. It pretends everything is exciting even when it’s not and Steven J. Vaughan-Nichols has a post about that, wherein he says that Vista 7 on ARM tablets is a pipe dream:
The only reason for Microsoft to bring Windows 7, Windows 8, or whatever to ARM is to put it on a tablet. The best existing fit would be Windows Phone 7, but the story being spun by Microsoft rumor spiders seems to be that this will be bigger and better than Windows Phone 7.
Excuse me as I roll my eyes. Microsoft has always promised that their next big operating system will be the greatest thing ever. The business reason for this is to try to freeze the market. Ideally, a customer goes: “Oh, I can’t buy WordPerfect today; Word 6.0 next year will be sooo much better.” This tactic worked for decades, which is why the younger among you will never have even heard of WordPerfect, much less used it.
Microsoft recently threw out there the figure 1.5 million, in relation to its phone platform. This number is not only appalling but it is also deceiving (people can see that) as it shows just how far behind Microsoft has fallen. It can barely even stuff the channel anymore. As OpenBytes put it:
I also have to wonder if Steve Ballmer is now just hoping for a Christmas miracle – when he wakes on Xmas morning and switches on the TV he sees consumers and developers climbing over each other to get into the shops to purchase his phone? What will become of Ballmer if the phone flops? What will become of Microsoft’s phone aspirations if yet again they fail (like with the Kin)?
There is no such “Christmas miracle” and Microsoft will probably just resort to more litigation — a subject we’ll cover later. Embedded Linux developers — some of whom are located in Europe (the head of the FFII for example) — understand why software patents as the most major threat. █
OpenSUSE is Imploding and Novell Events May Die
Summary: More people are leaving OpenSUSE while BrainShare faces an uncertain future (if any)
AS EXPECTED, following the acquisition news and Novell’s sale of patents to a Microsoft-organised consortium, people are leaving and AttachMSFT [sic] can’t do anything about it. Despite some OpenSUSE news and Jos Poortvliet’s announcement of another milestone (more interviewing with him), the project is losing momentum and Sascha Manns reveals that people still walk away:
Right now the following Sections need someone taking over:
* Tips and Tricks
* In the Community
* On the Web.
OpenSUSE was once somewhat of a leader and right now it might be following others, e.g. with Canonical’s Unity:
Unity Coming to openSUSE too?!
After the announcement by Canonical that Ubuntu would be moving to Unity for its interface, other developers have expressed some interest in porting it to their distributions just for fun. Fedora’s Adam Williamson was one of the first to start building packages for other distributions, but now someone is working on openSUSE packages as well.
Nelson Marques, openSUSE contributor, began by porting some of Ubuntu’s Indicators to openSUSE; many of which are available now in openSUSE:Contrib for 11.4 Milestone 4 and beyond. Some of these include the Me Menu Indicator, Battery Status, and Sound Indicator. Soon after sending those up to the contrib repository, Marques stated that since many of the Indicators and dependencies are shared with Unity, he might as well try to package Unity as well.
OpenSUSE has become a follower rather than a leader and as a Novell expert revealed last week:
With Novell’s announcement of the postponement of BrainShare in March of 2011, GWAVACon takes on a little bit more significance this year.
GWAVACon still depends on AttachMSFT’s decision regarding GroupWise. Will they keep it or let it go in the long term? █
Novell Being Bribed by Microsoft to Support OOXML is Not News
Summary: Groklaw, which helped Novell in its case against SCO, finally calls Novell a “community rat”; the company is being slammed from many different directions
IT IS surprising that Groklaw presents this as news. At “Boycott Novell” we have covered this for years and provided extensive evidence, too. Anyway, here’s a quick roundup of what was up last week. Following the good news from Russia people recall he nastiness which surrounds OOXML. The FFII tells Jan Wildeboer from Red Hat:
@jwildeboer Do you remember how pissed #Microsoft was when KdV referred to #OOXML as an example for a royalty-free licensed std?
Harish Pillay from Red Hat writes:
I think I need to get the SPRING Singapore to deem the OOXML vote invalid in light of these M$-Novell abuses – http://ur1.ca/2n3c7 #fb
Let us remember what Microsoft did for OOXML in Singapore before the manager quit. Microsoft was bribing many organisations and companies to support OOXML. Essentially, Microsoft was buying friends. One of those bought ‘friends’ was Novell, which not only supported OOXML as a result of a large payment. Other examples include Windows and Moonlight, to name just a couple we wrote about. Look at Novell’s new announcement of a security product; the subtext says: “Latest version extends privileged user control, tracking and auditing capabilities to the Windows platform”
Yes, Windows. That’s what they add, eh?
Here is more new Windows software from Novell, which resembles this post from rPath. How about this new release from Novell? Or the new vulnerabilities? Or the press release whose headline says: “Novell Joins Microsoft Windows Azure Technology Adoption Program to Test and Validate Novell Cloud S”?
To quote the opening paragraph:
Today Novell announced it has joined the Microsoft* Windows Azure* Technology Adoption Program to address cloud security challenges through the Novell® Cloud Security Service. Microsoft and Novell will work together on pre-release, non-commercial, internal testing and validation of Novell Cloud Security Service on Windows Azure with a goal to deliver a consistent access, security and compliance management framework for applications hosted on Microsoft’s cloud application platform, Windows Azure.
Over at Groklaw, Pamela Jones wrote in response to it: “Because who doesn’t think of Microsoft when they think about security online? Snort.” We wrote about this earlier today. Jones is right. She also denounced Novell recently [1, 2], having given this company the benefit of the doubt for far too long. For the “Boycott Novell” site this is major progress and IBM’s Rob Weir already uses Groklaw to inform people that Novell is trouble, that it’s essentially a traitor. “I just now saw two updates on Groklaw article,” wrote gnufreex in our IRC channels, “PJ finally calls Novell what it is: Community Rat”
To quote from this update to a post we cited before:
Update 2: Simon Phipps tweets that Miguel is sincere even when wrong, and so we should all lay off him. And he provides a link to Miguel responding on his blog now also.
I provide the links so you can reach your own conclusions. But here’s mine. The damage from Mono is real, regardless of motives. And the community is foolish not to say so and mean it. This isn’t about personalities. What does motive have to do with it? Sincerity can be more dangerous. And this is about danger. It’s about the community trying for code that is safe for everyone to use, unencumbered by Microsoft patents. If anyone is endangering the community with encumbered code, we need to defend against it. I don’t care about sincerity.
And why, pray tell, would it *ever* be all right to offer the community such encumbered code deliberately? If you follow the links in the article linked to above about him saying OOXML was superb, you will find him suggesting that to be safe, everyone download Mono only from Novell, due to the patent situation. Is that acceptable on any possible level? Not to me.
But let’s address the sincerity issue. Can anyone reasonably really think OOXML is superb? Superb how? Because it’s not. As a standard, it’s failed. The way you measure a standard is who can use it, how many do, and whether it works as passed. If it were superb, Microsoft wouldn’t have to hire Novell to make it sorta work, now, would they? No one uses it. Novell was hired to make it look like they do. Lots of folks use ODF, yet here’s Miguel once again complaining about alleged flaws in ODF and saying that OOXML is fine because ISO approved it. Puh lease. We got a window into the kinds of things Microsoft did to make that happen. Many consider that vote tainted.
[...]
The unalterable truth is that something awful happened. Something that we can’t ignore now that we know about it. And it cannot be justified. Not to me. As usual when awful things happen, Microsoft money is there in the center of the tableau, and so when we pull back the curtain suddenly, we see folks with their pants down and their hands out. I’m speaking of the company here. And to me, at least, it’s disgusting. Doesn’t it frame the sale of the 882 patents to a Microsoft-organized consortium in a clearer context? How could Novell do that, we asked. Now we know. It was part of a larger picture. We know now what we are dealing with inside the community. So it’s time to face up to it and start to plan on how to deal with it. As usual with problems, the first step is to acknowledge the problem honestly. And the problem is, not to put too fine a point on it, how to deal with Community Rats, corporate or otherwise, taking money from Microsoft and then subtly deflecting the community away from its goals. And now there is a new category: those who are sincerely misguided into thinking that doing deals with Microsoft won’t damage the community in the end. It doesn’t matter at all if they are sincere or not, even if they don’t even comprehend the problem. What matters is the damage that results or can result. I expect Novell would argue that what they did was a good thing. But can anyone argue that the 882 patents are not damage, regardless of Novell sincerity?
Incidentally, there is still time to sign up with OIN and get protection from those patents. The deal doesn’t close until January.
Groklaw’s job is to notice danger, particularly legal issues, and then tell it out. And I certainly will continue to do exactly that.
“Microsoft is funding our OpenOffice team to develop open source code that will improve the OOXML,” gnufreex quotes Miguel de Icaza as saying. Microsoft MVP de Icaza uses the term "Conspiracy Theories" to deny the obvious but mostly fails and Groklaw explains why. In Twitter, Weir writes to Microsoft MVP de Icaza:
Your were a Novell VP. It is hard to excuse yourself claiming ignorance of corporate agreements in this area.
And also:
You have your own independent standards arm staffed by NOVL engineers but not party to NOVL agreements with MSFT?
To one delegate who is supportive of ODF Weir writes:
I just don’t understand his argument. “I had bad judgment even before I was paid, so don’t criticize me for taking the money” ??
Rob Weir initially just cited Groklaw’s analysis where he also commented (there are over 500 comments there so far):
Anyone remember Microsoft, OOXML and Sweden? 1st time was a mistake. 2nd time an inter-corporate agreement . http://bit.ly/g8fvgQ
In Groklaw he writes
Back in August 2007 there was an uproar when it was found out that a Microsoft employee had offered “marketing support” and “additional support in the form of Microsoft resources” in return for Microsoft partners joining the Swedish national body, SSI, to influence Sweden’s vote on the OOXML ballot.
When that story broke, Microsoft’s Tom Robertson defused the crisis by saying that this was an unauthorized act of a single rogue employee:
“Microsoft corporate policy expressly forbids financial support, of any kind, to third parties for their participation as a member of a national body voting on the ISO/IEC standardisation of Open XML. This policy is widely communicated throughout the company and will be reiterated going forward”
So what does it say when we find out now that Microsoft signed an agreement with Novell, and as part of that agreement explicitly remunerates them for participating in the standardization of OOXML? And this was not low level employee acting alone. This was a inter-corporate agreement, no doubt reviewed and approved at the highest levels at Microsoft.
Here is Weir explaining his stance to Jason Brooks, whom Microsoft gave an expensive laptop. Speaking of buying votes, eh?
Weir writes:
But this agreement explicitly called for Novell to participate in ISO meetings. It even stated how many they had to attend.
And also
Surely there are ways of promoting a standard short of paying someone to participate in ISO?
Further in this discussion:
You would need to ask Microsoft why they articulated their corporate policy that way.
I have not found any ISO participant who says that it is a good thing for a company to pay another to participate in ISO.
Later on he says:
But I’m still pushing. Maybe Gareth will break down and give you a quote on why this is good for ISO?
And finally:
Remember, ISO is quasi-official, produces standards that via regulations have the force of law in some places.
Here is another reference to the long story of bribery from Microsoft:
I’ll give you a clue. A bribe comes with conditions.
“Novell participating in the standard evolving in a manner that is consistent with the needs…” then lists Microsoft’s priorities.
And also:
Participation in ISO is not cheap, especially international meetings A company that subsidizes 3rd parties can bias results.
Then, to another person he points out:
So you see where it calls for Novell to participate in ISO meetings, and gives quotas for how many meetings they must attend?
So are you saying then it is OK for one company to pay another to join and participate in an ISO committee?
Later he writes back to SJVN:
Well, that is the tragedy of ISO, that it is increasingly the collision of standards idealists and large corporations.
Compare to US politics: via bribery laws, disclosure requirements, COI rules we can handle the involvement of corporations in politics
There is a lot more from him. Weir has been very active amid these developments, especially right before Christmas. He is one of the victims of this massive pile of Microsoft corruption which Novell was a part of. Groklaw regrets helping Novell and Jones goes as far as thinking of shutting down Groklaw because she feels betrayed. To quote some portions from a touching Christmas Day post:
I took a few days off from writing any articles, partly to try to make a serious dent in transcribing the Comes v. Microsoft exhibits. We’re in the home stretch, and a quiet weekend, marking on a curve, is perfect. I know there’s lots going on, other than work.
I also needed to take some time to think about the recent discovery about Novell taking money from Microsoft and contractually agreeing to show up at Open XML standards meetings and events. Should Groklaw stop helping people like that, I asked? Is it time to shut Groklaw down? If not, is there a way to carve out helping Linux and FOSS, which is what we are about, from helping self-interested executives and board members so that in essence we end up being used by them so they get larger piles of money because we worked ourselves to the bone and then they repay the community with such a deal as this?
Yes, I’m furious. Or I was. I always tell you the truth. And the truth is I felt used and abused. How could Novell enter into such a deal? Then top it off with selling 882 patents to a Microsoft-organized consortium? Why do I bother, I wondered? More seriously, I asked myself should do I ask you to help? We’re all volunteers here. No one pays us, and I feel a responsibility not to ask you to do anything that isn’t worth doing. So I had to think this through.
[...]
Is it intentional? Or does the heart find ways to justify what people want to do because they personally benefit? I leave that part to God. I can’t read hearts. I analyze behavior only. But I see results. It’s depressing to find out that community members are so easy to buy off, which is how I view it.
[...]
We’re in the Library of Congress, and we need to finish, I believe. It’s in that spirit that I’m back to working on the Comes exhibits until it’s done. So if there are no articles for a bit, that’s the reason why, but Groklaw will continue. I’m disappointed in Novell, but I didn’t start Groklaw for Novell, so I need to get over it and focus on the issues that matter to Groklaw, which have not changed just because Novell has made it harder to succeed. That’s the bottom line.
Needless to day, the Microsoft boosters came to this debate too (Jesper Lund Stocholm was obviously one of them) and there is a lot to be found in comments and in Twitter (plenty more where that came from). IBM is not happy with this part of Novell that has helped Microsoft and secretly helps OOXML to this date.
The FFII links to Groklaw and says: “Groklaw on why they were right about Novell”
Do not forget that “Boycott Novell” was also right about Novell a long time ago. █
Russia’s Federal Agency for Technical Regulation and Metrology Approves OpenDocument Format as National Standard
Summary: OpenDocument Format (ODF) wins in Russia
IN SPITE of Microsoft’s misconduct in Russia [1, 2, 3] (for OOXML) and despite Medvedev, Russia is embracing ODF, according to several sources. This one-line summary from Rob Weir says:
ODF approved as National Standard by Russia’s Federal Agency for Technical Regulation and Metrology http://bit.ly/hOuw67
That’s good news. They sidestep proprietary formats like OOXML and also avoid the RAND trap (OOXML as a ‘standard’ is fake). █
Microsoft Cannot Offer Security on the Web, Either
Summary: Vultures keep circling not just Microsoft Windows but just about anything from the company, which failed to comprehend security
THERE are companies that increasingly decide to rely on online services, which they sometimes refer to as ‘the cloud’. There is a false assumption about security though. First of all, if one accesses these services from a Windows-running PC, one is not secure. In China, for example, hackers can access Windows source code, which was never written to be inspected in this way (and many security experts have not had the time to find errors in it prior to release). On the server side too Microsoft is failing based on the latest news:
1. Microsoft BPOS configuration screw up causes data disclosure
Customers of Microsoft’s Business Productivity Online Suite—a cloud-based suite including Exchange, SharePoint, LiveMeeting, and Office Communicator—may have had certain data leaked after a configuration error left their contact information exposed.
The configuration problem left information in customers’ Offline Address Books exposed to other customers. The Offline Address Book is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, so that they can be used even when disconnected from Exchange. It’s e-mail addresses on those lists that could have been made available.
2. Microsoft BPOS cloud service hit with data breach
Company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software.
The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite.
Microsoft confirmed the data breach to Webwereld, a Dutch IDG publication.
This is far from being the first BPOS cockup [1, 2, 3] and putting that together with the botnet problem on the client side, there’s no reason to choose Microsoft over GNU/Linux with Google as host, for example. The European politicians recently began talking about Windows botnets, bringing up problems like Conficker and Stuxnet: [via Glyn Moody]
Inside the EU, damages from this botnet were reported in France, the UK and Germany. French fighter planes were unable to take off after military computers were infected by Conficker in January 2009. The German army reported in February 2009 that parts of its computer network were infected by Conficker, making the websites of the German army, and the Defence ministry unreachable and preventing them from being updated by their administrators. Certain IT services, including e-mails, were unavailable for weeks to the UK Ministry of Defence personnel in January/February 2009 after they were infected by the Conficker botnet.
In the last few days experts at international level have launched an alert for a new type of malicious computer warm called Stuxnet that is infecting a high number of power plants, pipelines and factories and could be used to control plant operations remotely. If confirmed, this would be the first case of a highly sophisticated botnet aimed at industrial targets, a development experts don’t hesitate to define ”the first directed cyber weapon”. Botnets like Stuxnet could give wrong information and orders to industrial plants and operate sabotage at several levels, causing severe damages.
Incidentally, there’s advice from Wayne Borean (“My Christmas gift to Windows Users” he calls it) which goes under the heading “Computer Security Suggestions For Microsoft Windows Users” and moving away from Windows is high up on the list. For those who don’t know yet, for Windows administrators it may have been a tough holiday, as usual (this happens every year at this time) because “Microsoft confirm[ed] critical un-patched Internet Explorer CSS vulnerability” just before Christmas:
The flaw could allow malicious users to run unauthorised code remotely inside the iexplore.exe process. Proof-of-concept code is currently available that exploits the vulnerability. The code bypasses ASLR and DEP security protections in Windows. Security firm Vupen warned of the vulnerability earlier this month.
Here is more about the zero-day exploit: [via]
A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products.
And finally, consider the following batch of news:
i. Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus
Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretend to find disk fragmentation or file system integrity problems.
ii. Bummed-out users give anti-virus bloatware the boot
One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira.
The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more than three in five (62.8 per cent) users had tried multiple anti-virus products over the last year.
The problem is not just Windows; it’s Microsoft products in general. █
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »
