Bonum Certa Men Certa

Microsoft Cannot Offer Security on the Web, Either

Predator



Summary: Vultures keep circling not just Microsoft Windows but just about anything from the company, which failed to comprehend security

THERE are companies that increasingly decide to rely on online services, which they sometimes refer to as 'the cloud'. There is a false assumption about security though. First of all, if one accesses these services from a Windows-running PC, one is not secure. In China, for example, hackers can access Windows source code, which was never written to be inspected in this way (and many security experts have not had the time to find errors in it prior to release). On the server side too Microsoft is failing based on the latest news:



1. Microsoft BPOS configuration screw up causes data disclosure

Customers of Microsoft's Business Productivity Online Suite—a cloud-based suite including Exchange, SharePoint, LiveMeeting, and Office Communicator—may have had certain data leaked after a configuration error left their contact information exposed.

The configuration problem left information in customers' Offline Address Books exposed to other customers. The Offline Address Book is an Exchange feature that allows Outlook users to download a copy of all the e-mail addresses and mailing list aliases that an organization uses, so that they can be used even when disconnected from Exchange. It's e-mail addresses on those lists that could have been made available.


2. Microsoft BPOS cloud service hit with data breach

Company data belonging to customers of Microsoft's hosted business suite BPOS has been accessed and downloaded by other users of the software.

The issue affected the Offline Address Book of customers of the Business Productivity Online Suite (BPOS) Standard suite.

Microsoft confirmed the data breach to Webwereld, a Dutch IDG publication.


This is far from being the first BPOS cockup [1, 2, 3] and putting that together with the botnet problem on the client side, there's no reason to choose Microsoft over GNU/Linux with Google as host, for example. The European politicians recently began talking about Windows botnets, bringing up problems like Conficker and Stuxnet: [via Glyn Moody]

Inside the EU, damages from this botnet were reported in France, the UK and Germany. French fighter planes were unable to take off after military computers were infected by Conficker in January 2009. The German army reported in February 2009 that parts of its computer network were infected by Conficker, making the websites of the German army, and the Defence ministry unreachable and preventing them from being updated by their administrators. Certain IT services, including e-mails, were unavailable for weeks to the UK Ministry of Defence personnel in January/February 2009 after they were infected by the Conficker botnet.

In the last few days experts at international level have launched an alert for a new type of malicious computer warm called Stuxnet that is infecting a high number of power plants, pipelines and factories and could be used to control plant operations remotely. If confirmed, this would be the first case of a highly sophisticated botnet aimed at industrial targets, a development experts don't hesitate to define ''the first directed cyber weapon''. Botnets like Stuxnet could give wrong information and orders to industrial plants and operate sabotage at several levels, causing severe damages.


Incidentally, there's advice from Wayne Borean ("My Christmas gift to Windows Users" he calls it) which goes under the heading "Computer Security Suggestions For Microsoft Windows Users" and moving away from Windows is high up on the list. For those who don't know yet, for Windows administrators it may have been a tough holiday, as usual (this happens every year at this time) because "Microsoft confirm[ed] critical un-patched Internet Explorer CSS vulnerability" just before Christmas:

The flaw could allow malicious users to run unauthorised code remotely inside the iexplore.exe process. Proof-of-concept code is currently available that exploits the vulnerability. The code bypasses ASLR and DEP security protections in Windows. Security firm Vupen warned of the vulnerability earlier this month.


Here is more about the zero-day exploit: [via]

A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products.


And finally, consider the following batch of news:

i. Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretend to find disk fragmentation or file system integrity problems.


ii. Bummed-out users give anti-virus bloatware the boot

One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira.

The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more than three in five (62.8 per cent) users had tried multiple anti-virus products over the last year.


The problem is not just Windows; it's Microsoft products in general.

Recent Techrights' Posts

WikiLeaks Wonders: Major Leaks That Shook the Worlds
Published 14 hours ago
No Outage Here
Microsoft seems to have lost control of the narrative
Microsoft Has Managed to Make GNU/Linux Users Scared of Updating Their GNU/Linux PCs (Thanks to UEFI 'Secure' Boot's Boosters!)
How many people know who's responsible for this mess?
Geminispace Growing and Getting More Free (Independent)
Because self-signed certificates are the way to go
 
OpenHarmony, HarmonyOS Next, Deepin, Kylin, and openKylin: How China's Various Manoeuvres Away From Windows Get Covered in the West
Kylin was openly based on Ubuntu
Links 20/07/2024: Tesla's UK Lawsuit for 5G Patents Licence Thrown Out by UK Court, Censorship Examples Surface
Links for the day
Gemini Links 20/07/2024: Why Sleep Is So Important, Bot Problems Online
Links for the day
[Meme] Truth Hurts
"Saying that I physically assaulted women is 'defamation'"
Techrights Turns 18 in About 3 Months
Nothing can stop us
When (Software) Freedom is the Goal
Freedom of thought also
Giving the False Impression That the R blogosphere is Microsoft's Microcosm
Curation that culls "astrotrufing" isn't censorship but quality control for relevance
Expect Many More Microsoft Layoffs After the Latest Windows Outages (Bonus: More Media Says Microsoft Has Cut Half the Staff in Nigeria)
after the latest worldwide blunder we can expect many businesses to gradually ditch Windows
Today GNU/Linux Broke All-Time Record in statCounter Again
Expect more people to hop over to GNU/Linux after the Windows fiasco
Joab Jackson and "The New Stack" Publishing Microsoft Spam (E.E.E. Against Linux) for a Payment From Microsoft
It's not a real news site
Links 20/07/2024: Patents on Software Squashed, Further Attacks on Independent News Sites
Links for the day
Links 20/07/2024: Shopping Mall in Southwestern China and New Health Crises
Links for the day
Microsoft/Windows Has Fallen Well Below 1% (Now 0.7%) in American Samoa
statCounter Sees Microsoft Windows at Below 1% in American Samoa
The Thelio Mega Is a Dual-GPU Linux Supercomputer
System76 sells many desktops and laptops built to run Linux. The company has now revealed its new high-powered Linux desktop, the Thelio Mega
[Meme] "System of a Down"
The latest international catastrophe kills people
Why Microsoft is Laying Off So Many People in Nigeria
Nigeria is a place Microsoft has lost
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 19, 2024
IRC logs for Friday, July 19, 2024
Gemini Links 20/07/2024: Gopher Catchup and Old Computer Challenge
Links for the day
Microsoft Lays Off Half of Its Workforce in Nigeria
Microsoft continues to implode in Africa
Links 19/07/2024: Microsoft Breaks Down and Amdocs Has 1,500-3,000 More Layoffs
Links for the day
Washington's WARN Site/Portal (That Excludes Many Microsoft Layoffs) is Now Down for Many Hours, Microsoft Causes Major Outages and Incidents Worldwide (Even Deaths)
The mass layoffs (lots of them in Azure since 2020) probably worsen resilience and security some more
UEFI 'Secure Boot' Once Again Bricking PCs and Fake Security Models Are Perishing in Geminispace
Let's Encrypt has just fallen again
[Meme] Conservative (and Fake) Nuclear Physicist Bill Gates
Didn't even graduate from college, media treats him like a world-renowned expert in nuclear energy
The Gemini Capsule of Tux Machines Turns 2 in Six Days
Many people actually use Gemini, some participate in it by creating their own capsule (or capsules)
GNU/Linux Rises to 4% in Saudi Arabia, Says statCounter, Windows Has Fallen to 11% (Android Exceeds 60%)
Microsoft might soon fall below 10% in KSA (Saudi Arabia)
IRC Proceedings: Thursday, July 18, 2024
IRC logs for Thursday, July 18, 2024
GNU/Linux news for the past day
GNU/Linux news for the past day
1901 Days in High-Security Prison (and 8 More Years in Severe Confinement) for the 'Crime' of Exposing War Crimes and Corruption
Julian Assange clip
Opensource.org = Microsoft Lobbying (Openwashing)
Here's the latest pair of blog posts
In Northern Mariana Islands, Where Julian Assange Pled Guilty 4 Weeks Ago, Windows Remains Second to Android, and GNU/Linux Still Grows in Oceania
It was the first month ever that statCounter saw more Web requests there from Android than from Windows
If GitLab Gets Sold (Datadog and Google Named Among Potential Buyers), It'll Prove Our Point About GitLab
Beware the bait on the hook