Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Good Explanation of Why IBM Has Chosen to Conceal Mass Layoffs (of 'Expensive' Staff) as "R.T.O." (Even For People Who Never Worked at the Office to Which They're Ordered to "Return")
- Many remaining IBM (or Red Hat) workers in Europe are in "cheaper" places such as Brno
- Microsoft's Serial Strangler and Matthew J. Garrett Join Forces in Trying to Gag Techrights (for Exposing Microsoft Corruption and Crimes Against Women)
- Whose terrible idea was it?
- Free University of Bozen-Bolzano Proud to Host Free Software Talk by Richard Stallman
- ahead of Monday's talk
- Slopwatch: Anti-Linux Machine-Generated FUD (LLM Slop) From GBHackers, CybersecurityNews, and Guardian Digital, Inc (Google News Promotes Slop Plagiarism, Misinformation)
- Companies that lie try to drown out the signal with falsehoods
-
- Politicians Ought to Invite Dr. Richard Stallman and Prof. Eben Moglen to Speak About Policies, Licensing, Digital Sovereignty
- Is there something in Europe other than RMS' talk this coming Monday (that we're not yet aware of)?
- Links 22/02/2025: Labour Department Investigates Microsoft Infosys Amid Mass Layoffs, Large Law Firms Caught Red Handed With LLM Slop (Defrauding Clients and Courts)
- Links for the day
- Gemini Links 22/02/2025: Analog Stuff, Sigil, and SSGs
- Links for the day
- Microsoft's Market Share in Cameroon Falls to New Lows
- This means a lot of Android users (iOS is about 4 times smaller), but Android does not mean freedom
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, February 21, 2025
- IRC logs for Friday, February 21, 2025
- The Streisand Effect is Real
- So don't be evil. Also, don't strangle women.
- Links 21/02/2025: Linux Foundation Openwashing, Microsoft Copilot Goes Down
- Links for the day
- Links 21/02/2025: Doomscrolling and European Ham Radio Show
- Links for the day
- Links 21/02/2025: TikTok Layoffs, WebOS Software Patents in Bad Hands
- Links for the day
- Gemini Links 21/02/2025: Web Browsers, Mechanical Shortcuts, and Internet Hygiene
- Links for the day
- Richard Stallman 'Only' Founded the FSF
- there's no reason to be upset at the FSF for keeping their founder in the Board
- Techrights Disconnected From the United States Two Years Ago
- Did people really need to wait for the US government to become this hostile towards the media before recognising the threat?
- Before Trying Censorship by Extortion the Serial Strangler From Microsoft Literally Begged Us to Delete Pages
- This is very clearly just a broad campaign of intimidation
- Hype Watch: Weeks After Microsoft Disappointed Investors With "Hey Hi" It's Trying Some "Quantum" Hype (Adding Impractical Vapourware to Accompany This Hype and Even LLM Slop in 'News' Clothing)
- Remember "metaverse"? What happened to media hype about "blockchain" and "IoT"?
- Report About February Mass Layoffs at Microsoft (Third Wave of Microsoft Layoffs in 2025) Comes Back From the Dead
- Yesterday we wrote about an article in CRN (reporting Microsoft layoffs) being removed without any reasons specified
- Links 21/02/2025: Myanmar Scam Centre and Disruptions at USPTO
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, February 20, 2025
- IRC logs for Thursday, February 20, 2025
- gbhackers.com is Not Hackers, It's LLM Slop Outputs (Fake 'Articles') That Attack 'True Hackers'
- A site called linuxsecurity.com keeps doing this and now we see the slopfarm gbhackers.com doing the same
- Gemini Links 20/02/2025: Law of Warming and Cooling, Health, and Devlog
- Links for the day
- linuxsecurity.com Continues to Spread Lies or Machine-Generated FUD (Microsoft LLMs Likely the Source) About OpenSSH and Linux
- this LLM problem is global
- Links 20/02/2025: Microsoft Infosys Layoffs and IRS Layoffs (Good News for Rich Tax Evaders)
- Links for the day
- IBM Layoffs in Europe Already Happening or Underway (UK and Spain). They Try Not to Call These "Layoffs".
- "CIO" in particular was repeatedly mentioned lately, as was Consulting
- People Who Came From Microsoft Demanding Removal of Articles About Them, About Microsoft, and About Microsoft GitHub is "Generous" (According to Them)
- Imagine choosing a law firm that borrows money in the same year just to avoid overdraft in the bank!
- Possibly a Third Round of Mass Layoffs at Microsoft in 2025 ("Cloud Solution Architects, Customer Roles"), Report Removed or Censored
- This is literally the top story for "microsoft layoffs" right now
- Instead of 'DoS Protection' Cloudflare is Allegedly Conducting 'DoS Attacks' on Users of Browsers Other Than Firefox and GAFAM's DRM Sandboxes (Chrome, Safari and Others)
- If you value the Web, you will avoid Cloudflare
- Mixing Real With Fake in One 'Article' (by "Director of Content, Help Net Security")
- From what we can gather, he got machines to generate some slop for him
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, February 19, 2025
- IRC logs for Wednesday, February 19, 2025
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26