Summary: Novell and Microsoft get special mentions for weaknesses in their proprietary software, which they wish to hide by hiding the source code

NOVELL is a proprietary software company whose software has gotten enough flaws to earn a Pwnie Award nomination. Thanks to our reader Tacone for bringing the following bit to our attention:

Remotely exploitable stack overflow in OpenSSH on Novell NetWare Vendor: Novell

The ZDI advisory clearly stated that this is a remotely-exploitable stack overflow, but Novel claimed that it was only a denial of service attack and refused to patch it until ZDI dropped the details on their blog. You can't argue with 0x41414141.

In other news, Windows has a rootkits epidemic again and this time Sony is not to blame:

Machines running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said today.

Windows XP computers are infected with rootkits out of proportion to the operating system's market share, according to data released Thursday by Avast Software, which surveyed more than 600,000 Windows PCs.

While XP now accounts for about 58% of all Windows systems in use, 74% of the rootkit infections found by Avast were on XP machines.

The Register meanwhile says that "Microsoft is fuelling up 13 bulletins for release next week, including an update that guards against critical flaws in Internet Explorer."

We oughtn't forget that Microsoft lies about those numbers.

"It's funny that I almost never have to reboot, or even logout, when I update my Linux boxes," remarks one GNU/Linux advocate. 'Why is it that Windows can't update a file that is open? Linux & other *nix's have had this filesystem feature for longer than I can remember. Doesn't Windows have any decent filesystem?"

Finally, spyware too seems to be part of Microsoft's package:

Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned.

The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets.

How come nobody remarks on the privacy implications? Without privacy, security too can be compromised more easily. ⬆