Bonum Certa Men Certa

Microsoft's Latest Harms to the Web and Shallow Press Coverage That Neglects to Name Culprits

Duck gossip



Summary: Coverage about security issues is abundant, but the cause of many of these issues is simply not named

MANY companies in the West had their security measures superseded and breached due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft is now warning that Internet Explorer is under another attack:



In an advisory, the company warned that a new vulnerability was being targeted in attacks against Internet Explorer 6 and 7. IE 8 is not believed to be affected. According to Microsoft, the vulnerability is due to an invalid pointer reference being used within IE and can be exploited by tricking users into visiting a malicious or compromised Web page.


This is a Windows problem because Internet Explorer is a part of Windows, which therefore inherits all the weaknesses of one piece of software that ought to have been isolated. The consequences of Windows' insecurity can also be seen in the following news:

1. Vodafone ships malware infested mobiles

Upon further investigation, the phone was found to be infected with not one but three nasties, including the Conficker worm, a Mariposa bot client and a Lineage password divulger. The firm found that the Mariposa bot client was calling home to receive further instructions.


With a "password divulger", banks are at risk:

2. Online banking fraud losses rise 14%"

Number of 'phishing' attacks have risen to 51,000 from just 1,700 five years ago, according to the UK Cards Association


Also:

3. Twitter Fights Phishing, Malware with Link Scanning Service

Twitter has announced it will begin scanning links posted by users to thwart phishing attacks and the spread of malware on the site.


Notice how the articles typically neglect to say that such malware only affects Windows users. On we move to:

4. 10 Reasons Why Security Problems Persist at Microsoft

News Analysis: As much as Microsoft would like security problems to just go away, they won't. The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil. But there are many things that Microsoft should do to improve the situation. We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it.

[...]

2. Windows is an easy target

Windows is a nightmare when it comes to security. The operating system is filled with holes that, over the years, have been patched with varying degrees of success. Windows 7 is the most secure operating system Microsoft has released to date, but it's probably rife with flaws that Microsoft hasn't heard of yet. And no doubt hackers are ceaselessly searching for them. Unless Microsoft does something drastic with the next iteration of Windows, its operating system woes will likely continue.


We do not agree with the article as a whole, but it does raise some important points. The security weaknesses of Windows produce botnets rather easily:

5. Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations.


This is a Windows botnet (but it doesn't even say "Windows botnet"). What's sickening is that Microsoft is only mentioned in this article where it's given credit. It says: "Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace."

Giving Microsoft credit for the Waledac takedown [1, 2, 3, 4] is like giving DuPont credit for some minimal cleanup after the Bhopal disaster. Microsoft employees are given credit for fighting a problem that they themselves created. It's truly amazing, especially given that those Windows botnets are costing huge amounts of money that is hard to estimate (dependent upon definitions and methods).

Here is the EFF discussing Microsoft's takedown of an important Web site, not a Windows botnet.

We often criticize DMCA takedown abuse here at EFF, but last week's Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft's practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome.


We have already covered this in another post. Microsoft can stop people who leak evidence of its warrantless spying, whereas those who empty bank accounts through compromised Windows PCs are not a priority. There are hundreds of millions of them.

Comments

Recent Techrights' Posts

"Security Advantages" Explained by a Scammy "Security" Site That Uses LLMs to Spew Out Garbage
destroying the Web by saturating it with "bullshit".
 
Links 13/10/2024: Writing, Remembering John Wheeler, Voice Cloning
Links for the day
Certificate Authority Let's Encrypt Falls to 0.7% in Geminispace (It Was Around 12% Just 2 Years Ago and 7.5% This Past February)
Let's Encrypt is down again
Gemini Links 13/10/2024: Self-hosting Snac2 and Invasion of e-ink
Links for the day
SDxCentral, which the Linux Foundation Paid to Produce Marketing SPAM, Has Now Become Slop (LLM Spew) Disguised as 'Articles'
Google should delist it
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 12, 2024
IRC logs for Saturday, October 12, 2024
Links 12/10/2024: More Site Blocking, China's Hostility, and Evan Gershkovich's Upcoming Book
Links for the day
Links 12/10/2024: Boeing to Cut 17,000 Jobs, Medieval Sleeping Habits, Warning About Liquidweb
Links for the day
Links 12/10/2024: Health, Safety and Climate Concerns
Links for the day
Gemini Links 12/10/2024: Ensemble and Assembler
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
Links 12/10/2024: TikTok Layoffs and Risk of More Wars
Links for the day
IRC Proceedings: Friday, October 11, 2024
IRC logs for Friday, October 11, 2024
Gemini Links 11/10/2024: Against Cynicism, on Atheism, and Dropping Off The Internet
Links for the day
IBM Employees Smell Another Wave of Mass Layoffs (and Explain the Signs)
IBM currently has the policy of hiding the layoffs from shareholders and from the press using NDAs
Links 11/10/2024: Lots More Censorship and Growing Concerns About Health Impact of Social Control Media
Links for the day
Going Almost 4.5 Decades Back to Find 'Dirt' on a Person
That incident was 42.5 years ago. Is that how far some people would go in an effort to discredit a person?
XBox is Dead. This is Just the Beginning.
the main reason Microsoft bought Activision/Blizzard was to hide the growing losses and failure of XBox
The Risk to the "Linux" Brand
Brands that are not guarded from misuse/abuse will inevitably lose their original meaning and their value
Gemini Links 11/10/2024: Deploying Common Lisp Programs and Examining FreeBSD
Links for the day
Links 11/10/2024: Discord Still Blocked in Turkey, Google Might be Split
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 10, 2024
IRC logs for Thursday, October 10, 2024