Novell and Microsoft Security 'Honours'

Dr. Roy Schestowitz

2011-08-07 08:58:22 UTC
Modified: 2011-08-07 08:58:57 UTC

Summary: Novell and Microsoft get special mentions for weaknesses in their proprietary software, which they wish to hide by hiding the source code

NOVELL is a proprietary software company whose software has gotten enough flaws to earn a Pwnie Award nomination. Thanks to our reader Tacone for bringing the following bit to our attention:

Remotely exploitable stack overflow in OpenSSH on Novell NetWare Vendor: Novell

The ZDI advisory clearly stated that this is a remotely-exploitable stack overflow, but Novel claimed that it was only a denial of service attack and refused to patch it until ZDI dropped the details on their blog. You can't argue with 0x41414141.

In other news, Windows has a rootkits epidemic again and this time Sony is not to blame:

Machines running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said today.

Windows XP computers are infected with rootkits out of proportion to the operating system's market share, according to data released Thursday by Avast Software, which surveyed more than 600,000 Windows PCs.

While XP now accounts for about 58% of all Windows systems in use, 74% of the rootkit infections found by Avast were on XP machines.

The Register meanwhile says that "Microsoft is fuelling up 13 bulletins for release next week, including an update that guards against critical flaws in Internet Explorer."

We oughtn't forget that Microsoft lies about those numbers.

"It's funny that I almost never have to reboot, or even logout, when I update my Linux boxes," remarks one GNU/Linux advocate. 'Why is it that Windows can't update a file that is open? Linux & other *nix's have had this filesystem feature for longer than I can remember. Doesn't Windows have any decent filesystem?"

Finally, spyware too seems to be part of Microsoft's package:

Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned.

The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets.

How come nobody remarks on the privacy implications? Without privacy, security too can be compromised more easily. ⬆

"AI" Hype or LLM Slop is Not About Efficiency, It's About Lowering Standards: It does not seem like IBM is genuinely committed to the same goals (or commitments) as the original Red Hat
If Free/Libre Software is Adding Trillions in Value to the European Economy, Then the European Commission Must Crush Software Patents: Further to what we wrote yesterday
Over at Tux Machines...: GNU/Linux news for the past day
Gemini Links 13/08/2025: Movie Memories and Mystery Machine Bus: Links for the day
Links 13/08/2025: GitHub Trouble and Openwashing by Microsoft OSI With the Typical Buzzwords: Links for the day
Microsoft Swallows GitHub Losses: Only Microsoft knows how much money it has already lost on GitHub
Gemini Links 13/08/2025: Climate, Coffee, and Deploying Troops in Washington DC After Pardoning 1,000+ Insurrectionists in Washington DC: Links for the day
The Register MS Lowered MS Focus This Week: We hope The Register recognises its errors and tries to make up for them
Learning Ethics From Jeffrey Epstein's Enabler/Client/Ally, Coca-Cola, and Microsoft Accenture: Whatever merits vocabulary changes initially had are being tainted or obscured by later iterations, which tell us to avoid word like "normal", which apparently offend some people (so they argue)
Personal Attacks From Rust People Serve to Confirm They Have Lost the Argument: "The discussion I find around the net so far has no technical merit and centers around ad hominem"
Physical Meters and Purely Mechanical Meters Aren't Dumb; It's Dumb to Mock or Dismiss Them as Antiquated: I've learned a lot this week, both online and over the telephone
IRC Proceedings: Tuesday, August 12, 2025: IRC logs for Tuesday, August 12, 2025
GitHub Will End Up like XBox and Skype: It is not likely that the XBox franchise will survive the next 5 years
Stones Thrown in Glass Houses: Projecting? You bet!
As Europe Gets Increasingly Serious About Software Freedom and Digital Sovereignty It Needs to Enforce a Ban on Software Patents ASAP: many councils in Europe move to Free software and US policy/companies cannot be trusted
Windows 12 in Bahrain (Microsoft "Market Share" Down to 12%, an All-Time Low): They really ought to get away from Windows even faster
The Web Needs 'Pest Control' When It Comes to LLM Slopfarms: The goal is to discourage more sites becoming slopfarms
Microsoft Can Now Stop Reporting the GitHub Layoffs (Even When They Happen): GitHub's original staff will see the true cost of becoming "b0rged" - something that Microsoft earned a bad reputation for
How to Get Very Bad or Even Malicious Code Into Linux? Write it in a Language That Linus Torvalds and Most Other Linux Developers Don't Understand.: One point nobody brings up is, what if code gets committed while evading audits and scrutiny?
Links 12/08/2025: Wikipedia Fails at UK High Court, Perlmutter Still Fights to Squash the Slop Lobby: Links for the day
Gemini Links 12/08/2025: Field Recording and Digital Legacy: Links for the day
Links 12/08/2025: WinRAR Zero-Day, SonicWall Does More Harm Than Good: Links for the day
Links 12/08/2025: More Sabotage of Underwater Cable Ahead of Russian Alaska Summit: Links for the day
Richard Stallman Will Not Miss Microsoft GitHub, It Was Only Good at Harvesting a Lot of Code for Plagiarism-as-a-Service: investors are apparently willing to lose money for buzzwords
Slopfarms Slopping Away at "Linux" and Spreading Microsoft Misinformation: Slopfarms don't comprehend this as they lack actual comprehension, they're just parrots
Links 12/08/2025: Science, Hardware, and Ukraine Excluded From Negotiations About Its Future: Links for the day
GitHub the Company Has, in Effect, Just Died (Time to Look for Alternatives): To Microsoft, what's left of GitHub after dismantling/folding it is some "training set" (people's code, without permission to "train" i.e. misuse under the guise of "GenAI" plagiarism)
Linux Foundation Says "Housekeeping", "Hung", "Normal", "Native Feature/Support" and "Girl/Girls" Are Offensive Words: Bombing people is OK, just use the right "terms"
It Looks More Like Microsoft GitHub Layoffs: GitHub is just losing loads of money
Gemini Links 12/08/2025: Meditation, OpenStreetMap, Smolweb, and More: Links for the day
Google News is Dying: Most of Its Top Stories Now Are LLM Slop With Slop Images (i.e. 100% Fake 'Content'): Google News has been drowning in this sort of stuff for quite some time
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, August 11, 2025: IRC logs for Monday, August 11, 2025
Our Predictions Were Right: GitHub Dying as Losses Pile Up (as a Company It Cannot Continue to Exist, It's Not 'Free Hosting'): GitHub always lost money
Links 11/08/2025: Meritless Twitter Suspensions and Disney Scraps Deepfake Dwayne Johnson: Links for the day
Gemini Links 11/08/2025: Upgrading Debian Bookworm and Better Quality PDFs From Gemini Pages: Links for the day
Currys PCWorld Lied a Decade Ago, 10 Years Later It Still Effectively Voids Your Warranty for Installing GNU/Linux Despite It Being Increasingly Mainstream: Microsoft gatekeepers
Team GNOME Has Libeled Me for Nearly 20 Years: we are not dealing with sane people
Experience With Airlines in 'Web Sites' and in 'Apps': In a lot of ways, Stallman Was Right about what JavaScript would turn out to be
Open Does Not Mean Free: wiser to ask if some program is freedom-respecting
The Register MS Takes Money From Companies Banned by the Biden and Trump Administrations (National Security Risk): today's sponsor
Sabotaging GNU/Linux PCs (and Users) is Not a 'Joke': maybe cruelty is the very objective
How We Process Screenshots of Slop to Suitably Tag Them as Slop: everything is a single command
Links 11/08/2025: Data Breaches, Politics, and Climate: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, August 10, 2025: IRC logs for Sunday, August 10, 2025
Gemini Links 11/08/2025: Tea Caffeine Hot and Super ZZ Zero: Links for the day

Novell and Microsoft Security 'Honours'

Recent Techrights' Posts