01.16.12
Posted in Microsoft, Security, Windows at 10:14 am by Dr. Roy Schestowitz
Binary security is no security
Summary: Personal and financial damage incurred due to security flaws in Windows
WE NO longer cover stories about the inherent insecurity of Microsoft Windows (it’s a repetitive issue), but sometimes we make the exception. According to this report which Slashdot has highlighted:
Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called “an infestation” of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college’s data security monitoring service detected an unusual pattern of computer traffic, flagging trouble.
Guess what? Microsoft is unlikely to be held liable. Thus, the best solution is to just avoid its products. █
Permalink
Send this to a friend
11.28.11
Posted in GNU/Linux, Security, Windows at 4:00 am by Dr. Roy Schestowitz
Photo by Joi Ito
Summary: Why the weakest link is Microsoft Windows (which therefore should not be used for storing sensitive information), whereas Android is just the target of a lot of FUD this month
TECHRIGHTS targets and addresses FUD, but sometimes the FUD is already sufficiently debunked by others, so a citation would do. There is some new FUD about Android and we put many links about it in our daily summaries, notably those which cite Chris DiBona.
Matt Asay says: “In the case of Android, which is apparently a malware-maker’s dream, Google’s open-source programs manager Chris DiBona has already gone on the defensive, arguing: “Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS.”"
The short story is (for those who missed it), rogue applications that the users themselves have to foolishly install can do bad things. Surprise, surprise. These are not viruses, not even when the BBC uses this lie. If people want programs that spy on them and occasionally ask for more money, they can install Windows. Heck, many OEMs already install this malware whether the user wants it or not, due to secret bundling agreements.
In other headlines we find reports of Windows allowing intrusion into NASDAQ: [via "FBI Blames NASDAQ Hack on UnPatched Windows, Bad Firewalls"]
Forensic investigators found some PCs and servers with out-of-date software and uninstalled security patches, Reuters reported, including Microsoft Windows Server 2003. The stock exchange had also incorrectly configured some of its firewalls.
Microsoft ‘quality’ at work. Here is a warning about putting Microsoft in charge of people’s medical records (where leakage can have devastating effects on the public). Mr. Pogson has this to say:
In an attempt to persuade Australia to allow Australian government documents to be stored off-shore, M$, in a discussion paper wrote, “Any company with a presence in the United States of America (not just those with headquarters or subsidiaries in that country) may be legally required to respond to a valid demand from the United States Government for information the company retains custody over or controls, regardless of where the data is stored or the existence of any conflicting obligations under the laws of the country where the data is located”.
Only a few days ago we explained why governments should not do business with Microsoft (and other proprietary software vendors for that matter). █
Permalink
Send this to a friend
11.02.11
Posted in Kernel, Microsoft, Security, Windows at 6:06 pm by Dr. Roy Schestowitz
Summary: A couple of new posts/articles about Microsoft Windows and what they teach us about this platform’s viability
THE PLATFORM which made “computer viruses” analogous and often synonymous with Windows viruses just keeps delivering and disappointing every time. According to this, the Windows kernel has unpatched flaws with exploits out there. To quote:
The Duqu malware used to steal sensitive data from manufacturers of industrial systems exploits at least one previously unknown vulnerability in the kernel of Microsoft Windows, Hungarian researchers said.
It is without great shock that we also learn why Windows can never be used reliably on a server, which — if compromised — makes is hard to diagnose the cause. To quote a new post:
Imagine if there were 50 PCs, 100, or more. I would be scared to look and see what other errors are occurring on other Windows 7 PCs in the company. Administrators have better things to do, than comb through useless log files. Way to go Microsoft, a quality operating system here with Windows 7. It’s no wonder Windows isn’t used for mission critical appliances, and GNU/Linux is instead. I’m not saying that GNU/Linux logs are the best, but they are pretty good and usually have information that I can use, to help pinpoint the error a little bit. GNU/Linux does not, and I repeat, does not have this amount of useless garbage in its logs like Windows does.
How long before Microsoft Jack appears at the scene to produce some promotional Microsoft comments in ZDNet UK? Usually it does not take long for Microsoft zealots like Jack to do this in that site.
A reader sent us some more links, one about the decline of Microsoft’s Web browser and another titled “Microsoft unlikely to patch Duqu kernel bug next week” (evidently).
“Time [for the] world to choose Linux,” concluded our reader. █
Permalink
Send this to a friend
10.09.11
Posted in GNU/Linux, Microsoft, Security, Windows at 10:20 am by Dr. Roy Schestowitz
Image by UpstateNYer
Summary: Deadly drones that depend on Windows become victims of intrusion and potentially control from the outside
DESPITE what Bristol might laughably claim, Microsoft is just about as bad as one can do for security and the monthly reminder (those numbers are fake by the way) should not be ignored. Patches aside, many news sites say that a Windows virus has hit the drone fleet of the US army. There’s a comforting thought, eh? With rockets on board, crackers can play war plane simulator with a real miniature (but well armed) plane. People have rightly started asking, why not just use Linux? One blogger writes: “Because the level of skill required to crack a Unix-like OS is much higher than that needed for a Microsoft OS. Further, properly configured Unix-like systems are much more robust than Microsoft systems. Were Military forces using properly configured and properly secured Unix or Linux systems we would not see items like these below being reported.
“”I just had a, “What were they thinking?!”, moment while reading this article at ars technica: Computer virus hits US Predator and Reaper drone fleet. First, it is not a “computer virus”, it is a Microsoft operating system virus. Second, using Microsoft operating systems for any critical Military computer systems is just wrong. I know the US Military has specifications for rugged computer systems that must be made in the USA. That makes sense. What does not make sense is the fact that the US Military will accept Microsoft operating systems on its critical, sensitive hardware at this date in time. That is like specifying a bank vault that can withstand a nearby nuclear blast, but allowing the builder to install a screen door for access to the vault. It is just a Bad Idea!”"
Here is another report about it. Wired says that “Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.”
Not so reassuring.
Drone issues such as this are just another reminder amongst other incidents that we mentioned before — incidents where the US military is put at risk because of Windows . To quote Microsoft’s Allchin, “It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”
“Microsoft Appears to Have Blacklisted Oxford University” says another report, showing us what Microsoft “security” really is achieving:
Microsoft’s motives for action is unknown, Oxford’s semester is about to start
We received word from Oxford University in the UK today that Microsoft Corp. (MSFT) has blacklisted the campus for unknown reasons.
The reasons are actually known. Microsoft is too incompetent or arrogant to implement security properly. █
Permalink
Send this to a friend
09.06.11
Posted in Microsoft, Security, Windows at 4:20 pm by Dr. Roy Schestowitz
Summary: In the midst of Wikileaks drama we learn that an executions-savvy regime will benefit from Windows cracks
“Windooze insecurity puts Iranian dissidents in mortal danger,” states the subject line of an anonymous USENET post, quoting this article. “A Dutch CA called DigiNotar,” says the poster, “was hacked by Iranian hackers, likely with the intention of intercepting SSL traffic (Gmail, Facebook etc.) of Iranian activists and freedom fighters. I checked DigiNotar’s website and guess what operating system they’re using? You guessed it! WINDOOZE ASP.NET!!!
“So now Microsoft will have blood on its hands. Its insecure graphical-shell-pretending-to-be-an-operating-system is now possibly responsible for the deaths and prosecution of many Iranians!! [..] THIS COMPANY SHOULDN’T BE SPLIT UP, IT SHOULD BE SHUT DOWN”
“And as long as otherwise respectable companies insist on e-mailing me “slide shows” in the form of IrfanView .exe files because “it’s so user-friendly”, Windows will remain as secure as a wet paper bag.”
–Richard RaskerA more moderate Dutch poster, Richard Rasker, wrote separately: “I guess we’ve all heard how a Dutch Certificate Authority by the name of Diginotar, formerly used by even the Dutch IRS authority and countless city councils, has screwed up severely, when their systems were breached by Iranian hackers, who managed to poison the world with many hundreds of bogus certificates. Then they screwed up even more by hushing up about the hack for months — a huge no-no in a world where trust is the highest good.
“And now it turns out that the screw-up has soared to even greater heights. In case you wondered what OS these people were using, here’s the answer:
http://webwereld.nl/nieuws/107833/fox-it–diginotar-gebruikte-niet-eens-virusscanner.html
“For those who don’t understand Dutch:
“Fox-IT: Diginotar didn’t even use a virusscaner
Fox IT has delivered a devastating verdict on Diginotar’s infrastructure. The company didn’t adhere to agreements and procedures. Even elementary security measures were totally absent.
These are the conclusions from an investigation by Fox IT into the security breach at Diginotar, as passed by Webwereld and NU.nl through a governmental source. It turns out that all operations were taking place from within one single Windows domain. This made it possible to gain access to the certificate administration from any work station; logging in to one’s work station was sufficient to get access to the systems. This is a mortal sin in the world of IT security. In addition, Diginotar was already aware of the abuse of its certificates as early as July.
No secure zones
Even when issuing certificates for government use, standard security rules were trodden underfoot. The government’s PKI computers operate from within a secure vault, and should never have been connected to Diginotar’s network. Yet even on those machines, investigators found evidence that connections had been made to the Windows domain.
…” [no virus scanner ... no proper logging ... no strong password enforcement ... inadequate intrusion detection ... hackers got & used administrator rights ... certificates chucked in an easily accessible database ... etcetera]
“Now I won’t say that this could never have happened in a Linux environment,” notes Rasker, “but for a screw-up of these truly epic proportions, Windows is the OS of choice — because it traditionally “makes things easy”, and because Windows users are traditionally not used to working with proper permissions, secure networks and strong passwords.
“And as long as otherwise respectable companies insist on e-mailing me “slide shows” in the form of IrfanView .exe files because “it’s so user-friendly”, Windows will remain as secure as a wet paper bag. QED.” █
Permalink
Send this to a friend
08.29.11
Posted in Microsoft, Security, Servers, Windows at 5:49 am by Dr. Roy Schestowitz
Summary: Rise in Windows traffic on the Internet, but not the desirable type of traffic (RDP attacks)
Check out this piece of news: [via]
It’s retro day in the world of Internet security, with an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP).
F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post.
SANS, which noticed heavy growth in RDP scan traffic over the weekend, says the spike in traffic is a “key indicator” of a growing number of infected hosts. Both Windows servers and workstations are vulnerable.
Bravo, Microsoft. █
Update: Incidentally, Nokia’s developer network has just been cracked. Based on some tests, the site runs Windows. Netcraft says it ran Windows, but it is now hiding behind Akamai (Linux). Some case sensitivity tests seem to confirm that It runs Windows.
Permalink
Send this to a friend
08.07.11
Posted in Microsoft, Novell, Security at 3:58 am by Dr. Roy Schestowitz
Summary: Novell and Microsoft get special mentions for weaknesses in their proprietary software, which they wish to hide by hiding the source code
NOVELL is a proprietary software company whose software has gotten enough flaws to earn a Pwnie Award nomination. Thanks to our reader Tacone for bringing the following bit to our attention:
Remotely exploitable stack overflow in OpenSSH on Novell NetWare
Vendor: Novell
The ZDI advisory clearly stated that this is a remotely-exploitable stack overflow, but Novel claimed that it was only a denial of service attack and refused to patch it until ZDI dropped the details on their blog. You can’t argue with 0×41414141.
In other news, Windows has a rootkits epidemic again and this time Sony is not to blame:
Machines running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said today.
Windows XP computers are infected with rootkits out of proportion to the operating system’s market share, according to data released Thursday by Avast Software, which surveyed more than 600,000 Windows PCs.
While XP now accounts for about 58% of all Windows systems in use, 74% of the rootkit infections found by Avast were on XP machines.
The Register meanwhile says that “Microsoft is fuelling up 13 bulletins for release next week, including an update that guards against critical flaws in Internet Explorer.”
We oughtn’t forget that Microsoft lies about those numbers.
“It’s funny that I almost never have to reboot, or even logout, when I update my Linux boxes,” remarks one GNU/Linux advocate. ‘Why is it that Windows can’t update a file that is open? Linux & other *nix’s have had this filesystem feature for longer than I can remember. Doesn’t Windows have any decent filesystem?”
Finally, spyware too seems to be part of Microsoft’s package:
Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned.
The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets.
How come nobody remarks on the privacy implications? Without privacy, security too can be compromised more easily. █
Permalink
Send this to a friend
07.21.11
Posted in Microsoft, Security, Windows at 7:25 am by Dr. Roy Schestowitz
Summary: New reports about bad Windows security
ONE OF OUR readers said that “Vista/Windows 7 are remote rooted through bluetooth” according to a report which says that “Windows laptops are configured to … turn on Bluetooth when the computer’s wireless Internet component is active or searching for networks (which, for many machines, is all the time).” CNET is meanwhile naming Windows in relation to malware. It quotes/attributes this to Google:
The malware only affects computers running the Windows operating system, according to a post by Google engineer Matt Cutts. Systems can be tested by running a Web search for any word, he said.
At Google, not many people are using Windows and within a few years it is possible that almost nobody will use Windows. It sure seems like Android takes over not only phones (even at Apple’s expense) but also tablets. We provided new links earlier. █
Permalink
Send this to a friend
« Previous entries Next Page » Next Page »
