Eye on Microsoft: Ransomware, Botnets, Critical Flaws, and Insecure Microsoft File Types
- Dr. Roy Schestowitz
- 2009-07-28 07:18:43 UTC
- Modified: 2009-07-28 07:18:43 UTC
●
Smut page ransomware Trojan ransacks browsers
Russian cybercrooks have come up with a variant of ransomware scams, which works by displaying an invasive advert for online smut in users' browsers that victims are extorted to pay to remove.
●
The Business of Botnets
Kaspersky Lab released some interesting statistics recently in a technical whitepaper. As part of its research into the cyber-underground, the company took a look at how botmasters are pricing the networks under their control.
●
Microsoft to fix critical hole in IE
In a rare move, Microsoft on Friday said it would be releasing security updates on Tuesday--outside of its monthly patch cycle--for a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studio.
●
Microsoft to Issue Emergency Patches Next Week
The advance notification advisory that Microsoft released about these upcoming patches doesn't say so explicitly, but a spokesperson for the company confirmed that the updates will address a critical security flaw in collection of code that Microsoft uses in a number of places in Windows. Having a vulnerability in this so-called "code library" is especially dangerous because Microsoft also provides this library to third-party software makers to help them build programs that can leverage certain built-in features of Windows.
●
Insecure by design: MS Office formats
You see, when you're opening an Office document today, you're not just opening static words, images, or numbers. You're actually starting a program that uses Microsoft Office as its interpreter. And, no matter whether you're using Word 2,0 formats or the 2008's 7,000+ pages mis-mash of 'standard' ECMA-376 Office Open XML file formats, there is no built-in network security layer. Instead, there is a mis-mash of fixes for one problem or the other.
Also see:
Emergency, Botnets, and No Remedy
Recent Techrights' Posts
- [Meme] The Heart of Staff Rep
- Rowan heartily grateful
-
- Sven Luther, Lucy Wayland & Debian's toxic culture
- Reprinted with permission from disguised.work
- Coroner's Report: Lucy Wayland & Debian Abuse Culture
- Reprinted with permission from disguised.work
- Links 18/04/2024: Misuse of COVID Stimulus Money, Governments Buying Your Data
- Links for the day
- Gemini Links 18/04/2024: GemText Pain and Web 1.0
- Links for the day
- Gemini Links 18/04/2024: Google Layoffs Again, ByteDance Scandals Return
- Links for the day
- Gemini Links 18/04/2024: Trying OpenBSD and War on Links Continues
- Links for the day
- IRC Proceedings: Wednesday, April 17, 2024
- IRC logs for Wednesday, April 17, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- North America, Home of Microsoft and of Windows, is Moving to GNU/Linux
- Can it top 5% by year's end?
- Management-Friendly Staff Representatives at the EPO Voted Out (or Simply Did Not Run Anymore)
- The good news is that they're no longer in a position of authority
- Microsofters in 'Linux Foundation' Clothing Continue to Shift Security Scrutiny to 'Linux'
- Pay closer attention to the latest Microsoft breach and security catastrophes
- Links 17/04/2024: Free-Market Policies Wane, China Marks Economic Recovery
- Links for the day
- Gemini Links 17/04/2024: "Failure Is An Option", Profectus Alpha 0.5 From a Microsofter Trying to Dethrone Gemini
- Links for the day
- How does unpaid Debian work impact our families?
- Reprinted with permission from Daniel Pocock
- Microsoft's Windows Falls to All-Time Low and Layoffs Reported by Managers in the Windows Division
- One manager probably broke an NDA or two when he spoke about it in social control media
- When you give money to Debian, where does it go?
- Reprinted with permission from Daniel Pocock
- How do teams work in Debian?
- Reprinted with permission from Daniel Pocock
- Joint Authors & Debian Family Legitimate Interests
- Reprinted with permission from Daniel Pocock
- Bad faith: Debian logo and theme use authorized
- Reprinted with permission from Daniel Pocock
- Links 17/04/2024: TikTok Killing Youth, More Layoff Rounds
- Links for the day
- Jack Wallen Has Been Assigned by ZDNet to Write Fake (Sponsored) 'Reviews'
- Wallen is selling out. Shilling for the corporations, not the community.
- Links 17/04/2024: SAP, Kwalee, and Take-Two Layoffs
- Links for the day
- IRC Proceedings: Tuesday, April 16, 2024
- IRC logs for Tuesday, April 16, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- Inclusion of Dissent and Diversity of Views (Opinions, Interpretations, Scenarios)
- Stand for freedom of expression as much as you insist on software freedom
- Examining Code of Conduct violations
- Reprinted with permission from the Free Software Fellowship
- Ruben Schade's Story Shows the Toxicity of Social Control Media, Not GNU/Linux
- The issue here is Social Control Media [sic], which unlike the media rewards people for brigading otherwise OK or reasonable people
- Upgrading IRCd
- We use the latest Debian BTW
- The Free Software Community is Under Attack (Waged Mostly by Lawyers, Not Developers)
- Licensing and legalese may seem "boring" or "complicated" (depending on where one stands w.r.t. development), but it matters a great deal
- Jonathan Cohen, Charles Fussell & Debian embezzlement
- Reprinted with permission from disguised.work
- Grasping at Straws in IBM (Red Hat Layoff Rumours in 2024)
- researching rumours around Red Hat layoffs
- GNU/Linux Continues to Get More Prevalent Worldwide (Also on the Desktop)
- Desktops (or laptops) aren't everything, but...
- Who is a real Debian Developer?
- Reprinted with permission from Daniel Pocock
- Links 16/04/2024: Many More Layoffs, Broadcom/VMware Probed (Antitrust)
- Links for the day
- Links 16/04/2024: Second Sunday After Easter and "Re-inventing the Wheel"
- Links for the day
- Upcoming Themes and Articles in Techrights
- we expect to have already caught up with most of the administrivia and hopefully we'll be back to the prior pace some time later this week
- Links 16/04/2024: Levente "anthraxx" Polyák as Arch Linux 2024 Leader, openSUSE Leap Micro 6 Now Alpha, Facebook Blocking News
- Links for the day
- Where is the copyright notice and license for Debian GNU/Linux itself?
- Reprinted with permission from Daniel Pocock
- Halász Dávid & IBM Red Hat, OSCAL, Albania dating
- Reprinted with permission from the Free Software Fellowship
- Apology & Correction: Daniele Scasciafratte & Mozilla, OSCAL, Albania dating
- Reprinted with permission from the Free Software Fellowship
- Next Week Marks a Year Since Red Hat Mass Layoffs, Another Round Would be "Consistent With Other Layoffs at IBM."
- "From anon: Global D&I team has been cut in half."
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, April 15, 2024
- IRC logs for Monday, April 15, 2024