Bonum Certa Men Certa

“Tens of Thousands of [Microsoft IIS] Sites” Are Being Compromised

Weird poem



Summary: Another live example of Microsoft 'security' at work; debunking the latest Linux lies from Ed Bott

"SECURITY through obscurity" sounds like a good idea in theory. As we recently found out (and had confirmed by Microsoft), part of this obscurity is lack of disclosure. Microsoft is silently patching flaws that it never discloses, which is dishonest if not fraudulent when Microsoft issues security reports based on such oversight.



According to this new article, "tens of thousands of sites" running Microsoft's software are paying the price for having 'secret' vulnerabilities:

There's a large-scale attack underway that is targeting Web servers running Microsoft's IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there's no clear indication of who's behind the campaign right now.

The attack, which researchers first noticed earlier this week, already has affected a few high-profile sites, including those belonging to The Wall Street Journal and The Jerusalem Post. Some analyses of the IIS attack suggest that it is directed at a third-party ad management script found on these sites.


This must be the latest example of why nobody gets fired for avoiding Microsoft.

Speaking of Windows security, "Juniper Networks Protects Customers From New Microsoft Vulnerabilities" after Juniper became filled with Microsoft managers [1, 2, 3]. It's just something to bear in mind.

There is some bad FUD about Linux security at the moment (coming primarily from Ed Bott). SJVN has already responded to this FUD:

Here's what really happened. UnrealIRCd, a rather obscure open-source IRC (Internet Relay Chat) server, wasn't so much hacked as the program it was letting people download has been replaced by one with a built-in security hole. Or, as they explained on their site,


Microsoft boosters like Bott have been desperate to show that GNU/Linux is not more secure than Windows. As companies like Google dump Windows for security reasons, Microsoft will carry on with this FUD campaign but rely on peripherals/extensions (like Bott) to do the attacks]. That's just how Microsoft operates when it needs FUD. See the "smoking gun" below.

"As discussed in our PR meeting this morning. David & I have spoken with Maureen O'Gara (based on go ahead from BrianV) and planted the story. She has agreed to not attribute the story to us....

"[...] Inform Maureen O' Gara (Senior Editor Client Server News/LinuxGram) or John Markoff (NYT) of announcement on Aug 28, 2000. Owner dougmil (Approval received from BrianV to proceed)

"Contact Eric Raymond, Tim O'Reilly or Bruce Perrins to solicit support for this going against the objectives of the Open Source movement. Owner: dougmil [Doug Miller]. Note that I will not be doing this. Maureen O'Gara said she was going to call them so it looks better coming from her."

Microsoft uses reporters as attackers

Recent Techrights' Posts

The U.S. Patent and Trademark Office Hijacked Again by Patent Litigation Industry, as President Cheeto Prioritises Aggressors
The "mafia" has taken over the "industry" and the Federal system (justice and constitutions trampled upon)
Ubuntu Slop and FUD Manufactured With LLMs and Funded (by Oneself) 'Studies'
Slop and FUD are ruining the Web
Gemini Links 01/04/2025: Games and More
Links for the day
Why We're Reporting Brett Wilson LLP for Apparently Misusing Their Licence to Protect American Microsofters Who Attack Women
For those who have not been keeping abreast
Stefano Maffulli and His Microsoft-Funded OSI Staff Are Killing the OSI and Killing "Open Source" (All for Money!)
This is far from over
Techrights Headlines as Semaphore
"If you are hearing this, thank you"
 
Gemini Protocol Has Growing Appeal (the Web Got Too Bloated and Full of LLM Slop)
For any "data plan" with bandwidth limits or "tiers" it would be cheaper to use/browse Geminispace
The Web Can Survive LLM Slop, But Only If We Collectively Shun and Discourage Serial Sloppers
Doing nothing ought not be a possibility
Amid Secret Shut-downs and Mass Layoffs at Microsoft (4 Waves of Layoffs in 3 Months of 2025) Some Microsoft Staff Expected to Go On Strike
workers going on strike
Gemini Links 02/04/2025: No more on Mastodon and Gemini Mention Script in Go
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 01, 2025
IRC logs for Tuesday, April 01, 2025
My Motion Disbarring or “Striking Off” Brett Wilson LLP for Enabling Violent Americans Who Try to Crush Microsoft Critics in the United Kingdom by Multiple SLAPPs
"Guns for hire" (for Microsoft people who received Microsoft salaries)
Links 01/04/2025: Apple Fined $162M for Privacy Abuses, Disinformation Online a Growing Concern
Links for the day
Newer Press Reports Confirm That Microsoft Shuts Down 'Hey Hi' (AI) Labs Despite All the Hype
The "hey hi" (AI) bubble is not sustainable
Links 01/04/2025: Mass Layoffs at Eidos and "Microsoft Pulls Back on Data Centers" (Demand Lacking); "Racist and Sexist" Slop From Microsoft
Links for the day
Gemini Links 01/04/2025: XKCDpunk and worldclock.py
Links for the day
50 Years of Sabotage and a Gut Punch to Computer Science (and Science in General)
Will we get back to science-based computing rather than cult-like following?
3 Months in 2025, 4 Waves of Mass Layoffs at Microsoft, Now Offices Shut Down Permanently
"A recent visit by the South China Morning Post confirmed that the office was dark, unoccupied, and had its logo removed."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 31, 2025
IRC logs for Monday, March 31, 2025
Links 31/03/2025: China Tensions, Bombs Falling in Myanmar After Earthquake
Links for the day
Gemini Links 31/03/2025: Falling Out of Love With Tech, Sunsetting openSNP
Links for the day
R.T.O. at IBM in Texas and Atlanta (State of Georgia) Expected as "Soft Layoffs" Catalyst This Coming Year
It also sounds like more IBM layoffs are in the making
Law Firms Can Also Lose Their Licence for Clearly Misusing It
The bottom line is, never made the false assumption that because you can pile up SLAPPs in a docket you will not suffer from bad reputation or even get disbarred
Link between institutional abuse, Swiss jurists, Debianism and FSFE
Reprinted with permission from Daniel Pocock
LLM Slop Piggybacking News About GNU/Linux and Distorting It
new examples
Links 31/03/2025: Press and Democracy Under Further Attacks in the US, Attitudes Towards Slop Sour
Links for the day
Open Source Initiative (OSI) Privacy Fiasco in Detail: The OSI Does Not Respect Anybody's Privacy
The surveillance mafia that bans dissent or key people (even co-founders) with dissenting views
Gemini Links 31/03/2025: More X-Filesposting and Dreaming in Emacs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 30, 2025
IRC logs for Sunday, March 30, 2025