Bonum Certa Men Certa

Microsoft's Latest Harms to the Web and Shallow Press Coverage That Neglects to Name Culprits

Duck gossip



Summary: Coverage about security issues is abundant, but the cause of many of these issues is simply not named

MANY companies in the West had their security measures superseded and breached due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft is now warning that Internet Explorer is under another attack:



In an advisory, the company warned that a new vulnerability was being targeted in attacks against Internet Explorer 6 and 7. IE 8 is not believed to be affected. According to Microsoft, the vulnerability is due to an invalid pointer reference being used within IE and can be exploited by tricking users into visiting a malicious or compromised Web page.


This is a Windows problem because Internet Explorer is a part of Windows, which therefore inherits all the weaknesses of one piece of software that ought to have been isolated. The consequences of Windows' insecurity can also be seen in the following news:

1. Vodafone ships malware infested mobiles

Upon further investigation, the phone was found to be infected with not one but three nasties, including the Conficker worm, a Mariposa bot client and a Lineage password divulger. The firm found that the Mariposa bot client was calling home to receive further instructions.


With a "password divulger", banks are at risk:

2. Online banking fraud losses rise 14%"

Number of 'phishing' attacks have risen to 51,000 from just 1,700 five years ago, according to the UK Cards Association


Also:

3. Twitter Fights Phishing, Malware with Link Scanning Service

Twitter has announced it will begin scanning links posted by users to thwart phishing attacks and the spread of malware on the site.


Notice how the articles typically neglect to say that such malware only affects Windows users. On we move to:

4. 10 Reasons Why Security Problems Persist at Microsoft

News Analysis: As much as Microsoft would like security problems to just go away, they won't. The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil. But there are many things that Microsoft should do to improve the situation. We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it.

[...]

2. Windows is an easy target

Windows is a nightmare when it comes to security. The operating system is filled with holes that, over the years, have been patched with varying degrees of success. Windows 7 is the most secure operating system Microsoft has released to date, but it's probably rife with flaws that Microsoft hasn't heard of yet. And no doubt hackers are ceaselessly searching for them. Unless Microsoft does something drastic with the next iteration of Windows, its operating system woes will likely continue.


We do not agree with the article as a whole, but it does raise some important points. The security weaknesses of Windows produce botnets rather easily:

5. Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations.


This is a Windows botnet (but it doesn't even say "Windows botnet"). What's sickening is that Microsoft is only mentioned in this article where it's given credit. It says: "Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace."

Giving Microsoft credit for the Waledac takedown [1, 2, 3, 4] is like giving DuPont credit for some minimal cleanup after the Bhopal disaster. Microsoft employees are given credit for fighting a problem that they themselves created. It's truly amazing, especially given that those Windows botnets are costing huge amounts of money that is hard to estimate (dependent upon definitions and methods).

Here is the EFF discussing Microsoft's takedown of an important Web site, not a Windows botnet.

We often criticize DMCA takedown abuse here at EFF, but last week's Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft's practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome.


We have already covered this in another post. Microsoft can stop people who leak evidence of its warrantless spying, whereas those who empty bank accounts through compromised Windows PCs are not a priority. There are hundreds of millions of them.

Comments

Recent Techrights' Posts

Web Sites That Are Independent Are Also Like Software Projects (Sometimes Literally So)
Roll out your own 'stack'
The Register MS (Situation Publishing) is Participating in a Ponzi Scheme
The market in "tech" seems awful when a lot of it sells a fraud and journalism about this market is part of the fraud
Mass Layoffs in Starbucks... and Society Loses Nothing of Value
Society might even be better off if Starbucks shuts down entirely
Matthew J. Garrett Behaved in a Similar Fashion to 4Chan and Kiwi Farms
Opposites attract? Are they opposites at all?
Drew DeVault Suggests "CoC Enhancement", Starts Trolling Projects in Microsoft GitHub
And it backfires immediately
 
Next Step: Find Out Who's Funding the 'Hulk Hogan of UEFI' to SLAPP Us
We now have the 'Hulk Hogan of UEFI' working alongside a strangler of women, who as a Microsoft employee spent time in prison for it
Pieter Hintjens on Codes of Misconduct a Decade Ago
original is still online
Links 27/09/2025: Australia Might Ban Microsoft GitHub for Young People, Likely Illegal Executive Order Turns TikTok Into Cheeto Propaganda
Links for the day
Repeating the Lies to Promote a Ponzi Scheme is Not OK Because "Many Other Sites Do This" (Including Slopfarms)
They already work on the next Ponzi scheme
Glimmer of Hope: More People Realise and Come to Accept "AI" is Just a Giant, Elaborate Ponzi/Pyramid Scheme That Will Leave Everyone Worse Off (Except the "Top of the Pyramid")
quoting Einhorn and some comments
Do Your Job and Demand Your Compensation - But in That Order.
We'll do our best to convince the Judge to award all costs to us (lawyers, barrister, LIP bills etc.) plus judgements against them, for abusive litigation and needless suffering associated with that abuse
Like Nazi Germany and Volkswagen
Tell us all about "freedom" when your government runs a Ponzi scheme
Microsoft Sponsored This Man, Microsoft Sponsored His Behaviour (and He Controls Microsoft)
They get what they paid for
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 26, 2025
IRC logs for Friday, September 26, 2025
He Talks Too Much, He Says Dumb Things
only British when that suits him
Slopwatch: FUD and Plagiarism (Working Against Linux) Promoted and Rewarded by Google News
Shame on Google News
Reminder: We're Unloading Some Publications to Tux Machines
About 15 years ago I was struggling to keep up with TechDirt
The E-mail Protocol is for Text
bad netiquette
Gemini Links 26/09/2025: Slop in OpenStreetMap and MOPML (My Own Private Markup Language)
Links for the day
Links 26/09/2025: More Provocations Against NATO by Russia (Near Alaska, USA), Microsoft Booster Accenture Has Mass Layoffs
Links for the day
Links 26/09/2025: Hardware, Security, Health, and Nuclear Armament
Links for the day
Links 26/09/2025: "Digital Fatigue" and Slop Frenzy (Hype) Ruining Work Productivity, Culture, Languages
Links for the day
Brett Wilson LLP Unwilling to Disclose or Explain How 'Hulk Hogan of UEFI' Pays for His SLAPPs Against Us (He Cannot Afford These), So We Are Escalating
Escalated in the British authorities
What 'Hulk Hogan of UEFI' Could Learn From Jimmy Kimmel About the 'Streisand Effect'
Lawyering up is risky and is usually doesn't work
Linux is Replacing Apple
Apple is money down the drain. Not only are the gadgets overpriced; they cost a lot to maintain and keep going over time
"We don't have that kind of relationship with Microsoft. The only public key that every UEFI firmware is guaranteed to have is Microsoft's, and only Microsoft owns the private key."
This is how to sabotage GNU/Linux distros that Microsoft does not control
Slopwatch: linuxconfig.org, linuxsecurity.com, and Google's Promotion of the Worst and Most Prolific Slopfarms
Over in Google News it has been quite chaotic this past day
Gemini Links 26/09/2025: Reading RSS Feeds, ROOPHLOCH 202
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 25, 2025
IRC logs for Thursday, September 25, 2025
Links 25/09/2025: More European Airports Shut Down Due to What Seems Like Russian Drones
Links for the day
Gemini Links 25/09/2025: Amiga Revived and Hackers (UTF-8)
Links for the day
Purchasing Concert Tickets in 2025 in Manchester: The "Modern" Experience
I recently spent a couple of days here testing the "terrain" in order to better understand how large public venues, for concerts rather than sporting events like football, currently "work"
Links 25/09/2025: French Unions Want Another Strike, Super Typhoon Ragasa Kills Many
Links for the day
Microsoft 'Secure Boot' and Shim as Barrier or Obstacle to New GNU/Linux Users Trying to Escape Microsoft
Just as intended all along
Lovers and Haters
Always beware hate preachers and demagogues (or how they frame issues or whose fault they distract from)
Focusing on What People Have in Common Instead of Killing and Cancelling One Another
Men and women of both "wings" stand to gain a lot by working together on common interests
'Cancel Culture' Isn't About Enforcing Ethics (and It's Done by People on the Right, Not "The Leftists")
Smarter folks would leave social control media
Russia's Attack on Europe (and NATO) Will Worsen Censorship and Corruption in Europe
Can we still debate issues that predate the invasion of Crimea?
Lawyers Should Permanently Lose Their Licence (and Worse) for Using Chatbots in Legal Work
They not only waste people's money and time. They pollute the literature with falsehoods. They commit perjury. [...] Brett Wilson LLP sent the Judge nearly 1,000 pages of material (mostly mine, copied without proper permission) shortly before a short Hearing, which lasted less than an hour
GAFAM and MATA (Mythical, Metaphor) as Explained by analognowhere.com
They're instruments of suppression that sponsor the oppressor
We've Already Mentioned Who Nowadays Funds Garrett's SLAPP Against Us (Not Garrett), Let's Examine Who Sponsored His Litigation Partner (Other Than Microsoft Salaries There's a Buddy of Bill Gates)
it's alleged that the Serial Strangler from Microsoft got money from him
Florian Müller: Using Software Patents to Attack Software Developers, Agitate Against Patent Reform
He also promotes attacks on the German Constitution and laws
Reliance on Typepad Seems to Have Doomed the Voice of Software Patents and Patent Maximalists in PatentDocs
Follow the money
UEFI 'Secure Boot' is Potential Mayhem to the Environment (Older and Leaner Distros Stop Working)
creating new problems, disguised as "solutions" to problems that do not exist
Sometimes 'Cancel Culture' Backfires Badly
There's no such thing as "too much" coverage
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 24, 2025
IRC logs for Wednesday, September 24, 2025
Links 25/09/2025: Jimmy Kimmel Returns to Air (With Limitations) and London Stansted Airport Latest to Have Incident (Fire)
Links for the day
Slopwatch: Fake Articles, SPAM With Slop, and Google News Directs People to Read Slopfarms
why does Google News insist on still linking to prolific slopfarms?
Gemini Links 25/09/2025: New Game for Gemini Protocol, Eleven, and Network Solutions Woes
Links for the day