Bonum Certa Men Certa

Microsoft Leaves Windows XP SP2 Users Open to Attacks, ZeuS Exploits Windows Flaws, and 4Chan Becomes Unsafe to Windows Users

4chan front page in 2009



Summary: Grouping of security news from this week

"Has anybody seen the news about Microsoft not supporting the link vulnerability patch in XP SP2?"



That question was asked by Chips B Malroy earlier today. He cited the following two posts:

i. Registry hack used by gamers allows security for Windows XP SP2

If you use Windows XP SP2, then by now you are well aware that it has come to its end of life. This means no security updates, no software updates, no support. However, an interesting blog post from F-Secure explains how to install security updates on the aging operating system, if a user is willing to assume the risk.


ii. Windows XP SP2: Hack Allows ‘Shortcut Patch’ To Be Installed

PC users who are still using Windows XP SP2, even after the service pack was retired on July 13 can still receive security updates thanks to a trick found by editing the registry.


Had Windows been Free software, no "hack" around the Registry would be needed.

At the moment, all versions of Windows are still open for attacker to exploit. The press doesn't call out Windows when it reports on the ZeuS Trojan:

Security vendor M86 Security says it's discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.


More here:

A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July, according to security researchers.

Web-based malware based on the infamous Zeus cybercrime toolkit is being used to steal money via the unnamed bank's online banking system. Researchers at the M86's Security Labs came across the attack after discovering the botnet's command & control centre, which is hosted in Moldova.


What about Microsoft and Windows? Here is another IDG article whose headline says "Malware Circulating on 4Chan Forums" (it does not say "Windows malware").

The important point to take away from this is that HTA files are programs, just like EXEs and can do dangerous things.


Here is a funny one:

INSECURITY OUTFIT McAfee has decided it's time to get tough on cybercrime.

We're not sure how McAfee was tackling cybercrime before the publication of its report, "Security Takes the Offensive". Whatever it was doing obviously wasn't enough, given the malware threats out in the wilds of the Internet.


Security would be simplified if Windows was removed from this equation. Earlier today we posted several links to new articles that claim GNU/Linux/Android superiority over Apple when it comes to security. Apple -- like Microsoft -- is being negligent again.

Apple sits on a patch for a critical flaw



PEDDLER OF BROKEN DREAMS Apple has apparently come up with a patch for a critical flaw in the Iphone OS that gives a hacker so much control over the device that they might as well be Steve Jobs.


Just because this operating system is proprietary doesn't mean it's harder to decipher and thus more secure. Fast patching is key.

Recent Techrights' Posts

This Week's Letter to António Campinos About Mean-Spirited Line Managers at the European Patent Office (EPO)
Seems like a way to get rid of staff. Some will resign in anger.
 
Ads as 'Articles'
Money buys perception manipulation (or reputation laundering) campaigns
Abraham Raji & Debian, DebConf kayak death: search abandoned, evading liability
Reprinted with permission from Daniel Pocock
Links 22/02/2024: Chatbots Failing 'Big Time' and More Condemnations Appear of Bill Gates
Links for the day
There May be Close to 100,000,000 Laptops and Desktops Running GNU/Linux Around the World in 2024
hard to track the number
Search Engine Market Share Worldwide Shows How Badly Microsoft's Chatbot Strategy (Hopes) and Vapourware Have Failed
Bing, which was marketed as the forefront "product" for chatbots (Microsoft paid the media a lot of money for hype campaigns), gained nothing at Google's expense
[Meme] Demoralising and Putting Down Your Staff
unproductive and dangerous approach
Software in the Public Interest (SPI) & Debian obfuscated structure fooled suicide victim's family: the ultimate example of bad faith
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 21, 2024
IRC logs for Wednesday, February 21, 2024
Gemini Links 22/02/2024: What We Pass On and HTTP Header Viewer
Links for the day
Manuel Estrada Sainz (ranty), Andres Garcia (ErConde) & Debian Deaths overworking
Reprinted with permission from Daniel Pocock
GNU/Linux Rising to 8% of Desktops/Laptops in Jordan?
what statCounter shows
[Meme] If Iraq Launches an Investigation Into How Microsoft Bought OpenAI Without Paying for It
fake "money" from Microsoft
Windows Has Fallen to 13% Market Share in Iraq (It was 100% Just 15 Years Ago), GNU/Linux Rose Sharply in Recent Years
In recent years Iraq was developing its own GNU/Linux distro
Springtime is Next, Here's What We Plan for March and April
This month and next month we expect to publish something unique about EPO abuses every day
Studying the Freedom of firefox-123.0.tar.bz2
The "F" in Firefox
Abraham Raji, Jens Schmalzing & debian-private cover-ups after deaths, accidents, suicides
Reprinted with permission from Daniel Pocock
Microsoft Bribes, Keeping Regulators at Bay
crime and corruption
[Meme] The Quotas Came From Above
EPO targets
EPO Talent Planning & Architecture is Another Attack on EPO Staff and the Central Staff Committee (CSC) Explains Why
ignore the flowery words
[Meme] Just Following Orders From "The Fu**ing President" António Campinos
Salary? OBEY!
Links 21/02/2024: China Working on West-less Tech Future, More Bounties on Patent Troll Leigh M. Rothschild (Which IBM et al Failed to Dismantle at the Root)
Links for the day
Links 21/02/2024: Encryption Backdoors Deemed Not Legal, Decentralised Web Under Attack
Links for the day
Games:Steam Audio as Free Software, Hazard Pay, ChipWits, and More
7 stories for today
Julian Assange, Wikileaks & Debian-private
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 20, 2024
IRC logs for Tuesday, February 20, 2024
Links 21/02/2024: Microsoft Sued for Monopolistic Policies, More Layoffs Planned for Next Month
Links for the day
Gemini Links 20/02/2024: Time Management System and Communications
Links for the day
Techrights' Statement on Julian Assange Verdict (February 20th, 2024) - Updated Throughout the Day
Techrights observes today's disturbing attempts to extradite a journalist for committing acts of journalism
Links 20/02/2024: More GAFAM Layoffs, Assange Missing From His Trial for Heath Reasons (the UK's Own 'Navalny Treatment')
Links for the day
[Meme] But the Boss Said...
"The illegal we do immediately. The unconstitutional takes a little longer."
An EPC-Violating Patent Granting Process: Unlawful Orders, According to the Central Staff Committee of the European Patent Office (EPO)
One can hope there's another strike (work stoppage) planned
In Cuba, Windows Dips to 'Market Share' of 16.8% and GNU/Linux Keeps Growing (Now ~6% of Desktops and Laptops)
it's harder for Microsoft to push Cubans around
[Meme] Code of Conduct (CoC): Too Much Power in the Wrong Hands
Might makes right?
[Video] For Software Freedom Avoid Free Bait
do not take any of this for granted
[Video] Trouble at Mozilla Means Trouble for Firefox and for the Web
The era of the open Web is ending
[Video] Microsoft Layoffs: It's Worse Than the Media Makes It Seem
Microsoft's fraudulent accounting
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 19, 2024
IRC logs for Monday, February 19, 2024
Gemini Links 20/02/2024: Kids Cannot Write, Misfin-Server, and More
Links for the day