LAST NIGHT we showed that Windows security is a lost cause. Far too many machines that run Windows are infected; in fact, almost the majority are, even though they run so-called 'anti-viral' software. According to this new report, Windows Trojans hit people almost literally in the pocket:
A researcher at SecureWorks has uncovered a new Trojan swiping credentials of customers of roughly 15 large and medium-sized banks in the United States.
SecureWorks has dubbed the malware the Bugat Trojan. The malware has similar functionality to other banking Trojans such as Clampi and Zeus, and was seen being distributed by a Zeus botnet.
Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death (BSOD), users have reported on the company's support forum.
Complaints began early yesterday, and gained momentum throughout the day.
Microsoft has removed one group of patches it released as part of this week’s Patch Tuesday — MS10-015 (KB977165) – from its Windows Update service until it can investigate reports by some users that it is causing havoc with their PCs.
ANOTHER DAY, another Windows security flaw, it seems.
This time Microsoft has posted Security Advisory 977377, which reports a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
Comments
Yuhong Bao
2010-02-13 02:44:20
your_friend
2010-02-13 06:25:10
The more straight forward scenario is usually the right one. The patch bricks XP and Microsoft knows it but had to slow down for perception management purposes.
Yuhong Bao
2010-02-13 07:29:12
Roy Schestowitz
2010-02-13 09:45:47
Robotron 2084
2010-02-13 12:20:03
Making sure people are afraid of Microsoft, no matter how accurate that fear is, is more important that factual reporting.
your_friend
2010-02-13 16:57:32
I don't have to prove any details to prove the benefits to users of moving to free software. All of the lame excuses and finger pointing only apply to non free software. The very concept of "third party" as suspect is laughable in the free software world and free software systems do not suffer these kinds of mysterious failures. Amazingly enough, systems like Debian upgrade without a hitch and a new stable release never causes problems with older stable releases. Users rightly dread their non free software and know that it will fail them sooner or later.
Yuhong Bao
2010-02-13 18:40:11
Yuhong Bao
2010-02-13 18:41:19
Roy Schestowitz
2010-02-13 19:06:21
Robotron 2084
2010-02-15 16:09:20
That statement is perfectly true... provided you are having a 1-on-1 argument with yourself. I stand corrected.
your_friend
2010-02-15 19:32:36
Yuhong Bao
2010-02-17 09:32:06
Roy Schestowitz
2010-02-17 09:36:43
williami
2010-02-13 06:15:16
williami
2010-02-13 19:26:07
The release date of OpenSSL 0.9.8l: 11-05-09.
When M$ found out about the SSL issue: 02-12-10
Do you see now? Let me spell that out for you: Micro$oft found out that issue 4 MONTHS after OpenSSL 0.9.8l was released, which fixed the very same flaw. Seriously, Micro$oft deserves a facepalm.
Roy Schestowitz
2010-02-13 20:11:48
your_friend
2010-02-13 21:55:41
Roy Schestowitz
2010-02-13 23:34:42
Yuhong Bao
2010-02-17 09:40:18
Roy Schestowitz
2010-02-17 09:50:55