Bonum Certa Men Certa

Microsoft Leaves Windows XP SP2 Users Open to Attacks, ZeuS Exploits Windows Flaws, and 4Chan Becomes Unsafe to Windows Users

4chan front page in 2009



Summary: Grouping of security news from this week

"Has anybody seen the news about Microsoft not supporting the link vulnerability patch in XP SP2?"



That question was asked by Chips B Malroy earlier today. He cited the following two posts:

i. Registry hack used by gamers allows security for Windows XP SP2

If you use Windows XP SP2, then by now you are well aware that it has come to its end of life. This means no security updates, no software updates, no support. However, an interesting blog post from F-Secure explains how to install security updates on the aging operating system, if a user is willing to assume the risk.


ii. Windows XP SP2: Hack Allows ‘Shortcut Patch’ To Be Installed

PC users who are still using Windows XP SP2, even after the service pack was retired on July 13 can still receive security updates thanks to a trick found by editing the registry.


Had Windows been Free software, no "hack" around the Registry would be needed.

At the moment, all versions of Windows are still open for attacker to exploit. The press doesn't call out Windows when it reports on the ZeuS Trojan:

Security vendor M86 Security says it's discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.


More here:

A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July, according to security researchers.

Web-based malware based on the infamous Zeus cybercrime toolkit is being used to steal money via the unnamed bank's online banking system. Researchers at the M86's Security Labs came across the attack after discovering the botnet's command & control centre, which is hosted in Moldova.


What about Microsoft and Windows? Here is another IDG article whose headline says "Malware Circulating on 4Chan Forums" (it does not say "Windows malware").

The important point to take away from this is that HTA files are programs, just like EXEs and can do dangerous things.


Here is a funny one:

INSECURITY OUTFIT McAfee has decided it's time to get tough on cybercrime.

We're not sure how McAfee was tackling cybercrime before the publication of its report, "Security Takes the Offensive". Whatever it was doing obviously wasn't enough, given the malware threats out in the wilds of the Internet.


Security would be simplified if Windows was removed from this equation. Earlier today we posted several links to new articles that claim GNU/Linux/Android superiority over Apple when it comes to security. Apple -- like Microsoft -- is being negligent again.

Apple sits on a patch for a critical flaw



PEDDLER OF BROKEN DREAMS Apple has apparently come up with a patch for a critical flaw in the Iphone OS that gives a hacker so much control over the device that they might as well be Steve Jobs.


Just because this operating system is proprietary doesn't mean it's harder to decipher and thus more secure. Fast patching is key.

Recent Techrights' Posts

New Article Explains How the GPL Came About and WordPress Having Copyleft Obligations
Having been involved in the WordPress development community since almost the beginning, I know why it chose the GPL and how it restricts abuse by Automattic
Dr Richard Stallman (RMS) Gives Talk in Oxford University in 4 Hours
If you live nearby, go there (it's free as in gratis)
Using a Law Firm's Licence to Exercise Politics Through Frivolous SLAPPs and Nastygrams (to Silence People, Remove Pages, Demand Fake or Forced 'Apologies')
Things must be getting really bad when lawyers act for raving antisemites
 
IBM's Debt Ballooned by 8.5 Billion Dollars in Just 3 Months!
Hallmark of a company in a state of disarray, trying to spend its way out of trouble
Big Trouble in GNOME
even GNOME people admit the CoC went wrong
Serial Sloppers Are Killing the Web (They Probably Don't Care, Either)
Slop is a disease on the Web
Slopping the Trough: Disney Plus Loses Billions and the Decline of Physical Media in America
Reprinted with permission from Ryan Farmer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 24, 2025
IRC logs for Thursday, April 24, 2025
Links 24/04/2025: GAFAM Problems and No Peace (or Ceasefire) in Sight
Links for the day
Slopfarms on the Web Almost Always Generate Anti-Linux FUD When They Produce "Linux" Output
Welcome to the dying Web
Richard Stallman's Oxford Talk Has Just Ended, Here Are Some Photos
he might hop over to another European country
Gemini Links 24/04/2025: Birthday and Good Work of Academia in Esotericism
Links for the day
Links 24/04/2025: EU fines Apple and Facebook, Another Microsoft GitHub Security Blunder
Links for the day
IBM Gained Almost 6 Billion Dollars in "Goodwill" Value in Just 3 Months, According to IBM
Congrats to the management!
In Belarus, Yandex is Now Measured as 50 Times More 'Popular' (by Usage) Than Microsoft
Yandex continues to gain, whereas Bing cannot even register at 1%. Last month it was registered or measured at a measly 0.65%.
IBM Cannot Lie to Shareholders Anymore
"I would not be surprised if we see a layoff every quarter this year."
We're Working to Make Full-Site Search Available
This site has over 1,000 'wiki' pages, many thousands of documents, several thousands of videos, and about 50,000 blog posts or articles. We need to make them easier to find/navigate.
Links 24/04/2025: IBM Loses Many Contracts, Intel to Lay Off Over 20% (Not Counting Those Who Leave 'Voluntarily')
Links for the day
Richard Stallman Can Explain to Oxford Artificial Intelligence Society Why LLM Slop is Not Artificial Intelligence and Why It Hurts Society
another 'crop' of LLM slop that damages GNU/Linux and facts
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 23, 2025
IRC logs for Wednesday, April 23, 2025
Open Source Initiative (OSI) Promoting Microsoft and Proprietary Software Using Microsoft Operatives
Because nothing says "Open Source" like GPL violations facilitated by Microsoft
Another Site Bites the Dust: "Open Source For You" Becoming a Slopfarm (LLM Slop)
What a shame. Another dead site.
Links 23/04/2025: Crackdowns on Dissent, Palin Loses Libel Retrial Against New York Times
Links for the day
Links 23/04/2025: Hard Times and Digital Amnesia
Links for the day
The GNU/Linux Site Formerly Known as "linoxide.com" is Back... as an LLM Slopfarm!
Better for linoxide.com to go offline than to do this
Get Rid of Back Doors, Don't Obsess Over Bounties and Other Corporate PR Stunts (or Needless Reboot Rituals)
Security as a term has mostly lost its meaning due to repeated misuse for many years
Richard Stallman to Speak in Oxford University Exactly a Day From Now
outsourced to GAFAM
Links 23/04/2025: "Hiding Corruption" and "The Cost of Defunding Harvard"
Links for the day
Microsoft 'Studies' Again? Leon Musolff is Writing Papers With Microsoft.
Even if one can see/find a link to "the study" (in the Bezos-controlled publication), most people won't look any further and just take everything at face value.
Towards GNU World Domination
The FSF led by Geoffrey S. Knauth with his friend Richard Stallman in the FSF's Board [...] Let's encourage people to adopt GNU/Linux. There has never been a better time.
statCounter Helps Visualise Just How Deep in Trouble Microsoft is (Especially in Africa)
Microsoft sabotaged efforts to connect Africans and equip them with GNU/Linux laptops
The Register is Using Linux-Hostile Clickbait in Articles of Linux Proponents
Don't be a "whore" to advertisers, team El Reg
Microsoft Windows in Cyprus Lacking a Future
Most people access the Web there from mobile
Matrix Has a Severe Problem With Illegal Images
If Matrix cannot get the CP problem under control, many projects and people will dump Matrix
Never Try to Justify Strangulation of Women (Not in the US and Not in the UK)
Joint post by Mrs. Rianne Schestowitz and Dr. Roy Schestowitz
Links 23/04/2025: Tesla Profits Plunge 71%, Intel Ready to Lay Off 20% of Staff, Microsoft and IBM Layoffs
Links for the day
Microsoft's Most Profound Issue is That People Moved to 'Mobile' and "App Stores" (Microsoft's Presence There is Negligible)
Expect a wild ride for Microsoft this year
Google News is Amplifying FUD and Lies About Linux (and OpenSSH/SSH) by Promoting Slopfarms With Machine-Generated FUD and Slop Images
Google should know better
Gemini Links 23/04/2025: Librarians, Anubis, and Refactoring a Gemini Capsule
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 22, 2025
IRC logs for Tuesday, April 22, 2025