Bonum Certa Men Certa

Microsoft Cannot Offer Security on the Web, Either

Predator



Summary: Vultures keep circling not just Microsoft Windows but just about anything from the company, which failed to comprehend security

THERE are companies that increasingly decide to rely on online services, which they sometimes refer to as 'the cloud'. There is a false assumption about security though. First of all, if one accesses these services from a Windows-running PC, one is not secure. In China, for example, hackers can access Windows source code, which was never written to be inspected in this way (and many security experts have not had the time to find errors in it prior to release). On the server side too Microsoft is failing based on the latest news:



1. Microsoft BPOS configuration screw up causes data disclosure

Customers of Microsoft's Business Productivity Online Suite—a cloud-based suite including Exchange, SharePoint, LiveMeeting, and Office Communicator—may have had certain data leaked after a configuration error left their contact information exposed.

The configuration problem left information in customers' Offline Address Books exposed to other customers. The Offline Address Book is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, so that they can be used even when disconnected from Exchange. It's e-mail addresses on those lists that could have been made available.


2. Microsoft BPOS cloud service hit with data breach

Company data belonging to customers of Microsoft's hosted business suite BPOS has been accessed and downloaded by other users of the software.

The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite.

Microsoft confirmed the data breach to Webwereld, a Dutch IDG publication.


This is far from being the first BPOS cockup [1, 2, 3] and putting that together with the botnet problem on the client side, there's no reason to choose Microsoft over GNU/Linux with Google as host, for example. The European politicians recently began talking about Windows botnets, bringing up problems like Conficker and Stuxnet: [via Glyn Moody]

Inside the EU, damages from this botnet were reported in France, the UK and Germany. French fighter planes were unable to take off after military computers were infected by Conficker in January 2009. The German army reported in February 2009 that parts of its computer network were infected by Conficker, making the websites of the German army, and the Defence ministry unreachable and preventing them from being updated by their administrators. Certain IT services, including e-mails, were unavailable for weeks to the UK Ministry of Defence personnel in January/February 2009 after they were infected by the Conficker botnet.

In the last few days experts at international level have launched an alert for a new type of malicious computer warm called Stuxnet that is infecting a high number of power plants, pipelines and factories and could be used to control plant operations remotely. If confirmed, this would be the first case of a highly sophisticated botnet aimed at industrial targets, a development experts don't hesitate to define ''the first directed cyber weapon''. Botnets like Stuxnet could give wrong information and orders to industrial plants and operate sabotage at several levels, causing severe damages.


Incidentally, there's advice from Wayne Borean ("My Christmas gift to Windows Users" he calls it) which goes under the heading "Computer Security Suggestions For Microsoft Windows Users" and moving away from Windows is high up on the list. For those who don't know yet, for Windows administrators it may have been a tough holiday, as usual (this happens every year at this time) because "Microsoft confirm[ed] critical un-patched Internet Explorer CSS vulnerability" just before Christmas:

The flaw could allow malicious users to run unauthorised code remotely inside the iexplore.exe process. Proof-of-concept code is currently available that exploits the vulnerability. The code bypasses ASLR and DEP security protections in Windows. Security firm Vupen warned of the vulnerability earlier this month.


Here is more about the zero-day exploit: [via]

A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products.


And finally, consider the following batch of news:

i. Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretend to find disk fragmentation or file system integrity problems.


ii. Bummed-out users give anti-virus bloatware the boot

One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira.

The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more than three in five (62.8 per cent) users had tried multiple anti-virus products over the last year.


The problem is not just Windows; it's Microsoft products in general.

Recent Techrights' Posts

Slop Nihilism is Funded by Big Oil
Eventually human civilisation will destroy itself
Professor Eben Moglen Recovering From Open Heart Surgery
From his public pages (this is not secret)
There Are Red Hat (IBM) Layoffs, But Google News is Infested With Slopfarms
It contributes a lot to misinformation and it encourages plagiarism
USA Not a Place for Free Speech
In America, as in the US, the attacks seem more enhanced or advanced these days
 
Pacing Publication Up a Bit
The news cycles have gotten rather light and slow
Links 17/09/2025: Power Outages, Digital Controls, and Attacks on the Mainstream Media (by Insecure and Corrupt Dictators)
Links for the day
Gemini Links 17/09/2025: Flashing LineageOS and ROOPHLOCH
Links for the day
Links 17/09/2025: Long COVID Study, "Exposing Pegasus", and Chatbots Exposing Sensitive Data
Links for the day
Links 17/09/2025: Secret Settlement for Internet Archive and Google’s LLM Slop Summaries Attracting Lawsuits
Links for the day
The True Cost of 'Generative Models'
Funded and promoted by the companies that profit from the waste
'Big Slop' Attacks Contemporary Information/Knowledge and Creative Works, 'Big Copyright' (Cartel) Attacks the Old
Someone at IA will hopefully "blow the whistle" on what they actually agreed
Why We Find It Difficult to Trust Rust
A comparison between C/C++ and Rust
Watching the OSI: Our Series Will Carry on Irrespective of the Chief's 'Resignation'
the OSI isn't even the real guardian of the term "Open Source"
Just What LibreOffice Needs? Another Language? (Rust)
what's all this concern about memory safety?
Many Microsoft Managers Are Leaving
"Hey hi" chaff or chaff about "hey hi" cannot eternally distract from the difficulties inside the company
Tomorrow, Microsoft's Tim Anderson's 'The Register MS' Offshoot Will Have Been Inactive for 2 Months (There's Also a Slop Problem)
We've already caught The Register MS using LLM slop for articles
Microsoft's Chief Legal Officer Leaves Microsoft After Nearly 30 Years
And not retiring
Even Windows Users Are Having Problems With "Secure Boot"
When it comes to security - Microsoft strives for the very opposite
Another Competition Crime of Microsoft, Long Facilitated and Advocated by a Bad Actor, Who is Funded by a Third Party to Commit Extortion Against People Who Have Correctly and Repeatedly Warned About It for Over 13 Year
We must always go back to the core issues
3 More Reasons to Replace Mozilla Firefox With LibreWolf
Thankfully there are de-enshittified versions of Firefox
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 16, 2025
IRC logs for Tuesday, September 16, 2025
Links 17/09/2025: Google Layoffs in "Hey Hi" (AI), Perplexity Hit With More "Hey Hi" (Plagiarism) Lawsuits
Links for the day
Gemini Links 17/09/2025: Reclaiming Things in a Digital Age and Moon Phases in CGI
Links for the day
Slopwatch: Google News is Slop, Google News is Plagiarism, Google News is Dying
Google is off the rails
Links 16/09/2025: "The Censorship Alarm Is Ringing in the Wrong Direction" and ASRock Does Microsoft E.E.E. on GNU/Linux
Links for the day
Serious "Breach of Confidentiality of Personal Data" in Europe's Second-Largest Institution, the EPO
Yes, the same EPO that routinely uses "data protection" and "GDPR" as a pretext for hiding or covering up its corruption and white-collar crimes (it even uses that as an excuse for refusing to obey courts' orders)
Adrienne Rockenhaus Says Her Husband Was Arrested for Running Tor and Denied Basic Rights in the United States
the US seems to be getting "russified" in its approach towards Tor
This is What Happens When Microsoft Canonical Lets Decisions on Ubuntu be Made by a Youngster From the British Army (Where He Did Mass Surveillance)
"Is Ubuntu Compromised?"
Back Doored Windows Giving GNU/Linux a Hard Time (Under the Guise of 'Security')
Is this complication intentional? Most likely, yes
Links 16/09/2025: Science, Security, and Conflicts
Links for the day
Gemini Links 16/09/2025: Command-line Options in POSIX Shell and Introducing Acre 0.9
Links for the day
Microsoft 'Secure' Boot Versus Dual Boot With GNU/Linux
they're meant to assume everything is OK
Links 16/09/2025: While Oracle Pretends to be Rich It's Firing About 70 MySQL Workers, "Oracle's Revenge" (Faking Demand With "AI")
Links for the day
Microsoft Has Just Published a New Web Page About "Secure Boot Update Process" (Microsoft Also Admits Issues; PCs Can Stop Booting)
Why was this page issued and published only hours ago?
Microsoft Lunduke: I Spread Hate and Then I Receive Hate
Cry us a river, Microsoft Lunduke
"Use Wayland" Isn't a Bugfix for X (X11 is Still Necessary)
They tell us X is "dead" and we must all be herded into Wayland ASAP
"Disable Secure Boot and Fast Boot. Wipe and Start Over."
At least they didn't say, buy a new computer...
The Oracle Ponzi Scheme
Oracle isn't doing well, but it's nowadays fashionable to say "clown" and "hey hi" to prop up one's stock, even based on nothing at all
The New Head of OSI is an "Hey Hi" (AI) Obsessed Person
when Bryant says "AI" that doesn't mean AI
Taking Out the Battery, Opening Up Your Computer, Just Like a "Normie" Would
At this stage, any person who still says "enable Secure Boot" is misguided or persuaded by companies that sell rootkits
Slopwatch: Serial Sloppers and Slopfarms Still Infesting Google News (Fake 'Articles' About "Linux" Spreading FUD)
searching for "Linux" today yields a lot of FUD
"Governments, local authorities, schools and hospitals can lead by example by procuring only Free Software"
Crossposted from Tux Machines
Cindy Cohn Leaving the Electronic Frontier Foundation While Its Co-founder John Gilmore, Whom She Apparently Helped Oust, Will Celebrate 40 Years of the Free Software Foundation, Inc.
EFF has been busy hoarding GAFAM money, whereas the latter is where all the real activism is done
The Reach of Techrights Has Broadened
We nowadays cover a broader range of issues
"Google is Googlebombing KDE's Project Banana"
So is Google googlebombing KDE's Project Banana? You decide.
Complicating Things for No Actual Benefit, Just Added Risk and More Difficulties Adding GNU/Linux and BSDs
Watch what it's like for people who wish to use BSDs
Some Very Large IRC Networks Are Growing
IRC will turn 38 next year
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 15, 2025
IRC logs for Monday, September 15, 2025
Links 16/09/2025: Autumn Party, RPG Planet, and Optical ROOPHLOCH
Links for the day
Geminispace Growing at Pace of Over 10% Per Year
Contrary to what some pessimists try to claim
Linux Mint Forums Today: Disable 'Secure Boot', It Doesn't Improve Security, It's Just a Microsoft Obstacle to GNU/Linux Users
They also mention MOK
What Ruben Amorim and Stefano Maffulli Have in Common
Censors Wikipedia and Social Control Media
Microsoft Won't Cooperate in Trying to Tackle EPO Corruption (Microsoft Profits From This Corruption)
Use something like BigBlueButton, Jami, Ring, and Jitsi instead
Solved Less Than an Hour Ago: Trying to Escape Windows, 'Secure Boot' Gets in the Way
'Secure Boot' wasn't meant to even exist in the first place
Stefano Maffulli, Executive Director of the Open Source Initiative, Resigns or Gets Removed (We'll Continue Covering OSI Scandals)
A dozen mentions of "AI", not much about "Open Source"
Andy Has Just Nailed It (Regarding Complexity and Failure, a la UEFI)
The users no longer own or control what they buy
Compatibility Support Module (CSM) Versus GNU/Linux Simplicity
what Andy recently called "solutionism"
Links 15/09/2025: "Postal Traffic to US Down by Over 80%" and 'Smart' Spinozacampus Laundry Room Goes AWOL
Links for the day
Gemini Links 15/09/2025: Dungeon Hustle and Deleting Oneself From the Net
Links for the day
Breach of EPO's Duty of Care or Cigna Reimbursement Issues
This is the sort of thing that motivated Luigi Mangione to assassinate a CEO
Ask Ubuntu About "Secure Boot" Violation and Laptops That Don't Boot GNU/Linux
Does anyone still believe that "Secure Boot" has anything at all to do with security?
We Are Sad to Hear the Story of Jonathan Riddell, Champion of KDE and GNU/Linux on Desktops/Laptops
I have enormous respect for Jonathan and everything he has done
Talking About the Problem vs Talking to the Problem
Wanting an audience is never a good excuse for compromising one's values and principles
Focusing on Patents
The reason we cover the EPO so much is that it's close to home
"Secure Boot Violation": The 'Joys' of Fake Security Gone Wrong
Not everyone reboots every day
Links 15/09/2025: Russia Invades Romanian Airspace, Penske Media Sues Google Over LLM Slop
Links for the day
Links 15/09/2025: Bitcoin ATMs Scam and "Conservative Cryptography" (Backdoors Fantasies)
Links for the day
EPO Imitates Microsoft: "Three Days or More Per Week" Inside the Office to Get a Desk to Work on; "the Office Breaches Its Promise Towards Staff and Acts in Breach of Its Duty of Care"
The EPO serves no actual function in Europe
Links 15/09/2025: Political Affairs, Censorship, and Copyrights
Links for the day
Gemini Links 15/09/2025: Music Genres, Invisible Networks, and Akademy 2025
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 14, 2025
IRC logs for Sunday, September 14, 2025