11.17.09

Gemini version available ♊︎

Impact of Microsoft Negligence/Incompetence (Links)

Posted in Microsoft, Security, Windows at 10:24 pm by Dr. Roy Schestowitz

Coldsteam guard

Summary: How Microsoft’s lack of desire to secure (maybe inability) affects the Internet — as newly-assembled links

Does Microsoft care about their customers’ security? (on this latest negligence/liability issue, see [1, 2])

A few days before the launching of Microsoft’s last operating system, FSFE wondered about users’ security since an important vulnerability has been silently ignored. I then asked myself the question, in what way Free Software is different regarding security?

It appears that our allegations were true and should have been taken seriously. As an article in Computerworld reports, Microsoft finally issued a security advisory about that high-risk vulnerability three days ago. The problem is still not fixed though.

What’s important there is that this vulnerability already triggered a warning (en) by the BSI agency more than a month ago! Despite the consequences, Microsoft meanwhile decided not to tell its customers in order to avoid bad publicity around the launching of Windows7.

Most security products fail to perform

Nearly 80 percent of security products fail to perform as intended when first tested and generally require two or more cycles of testing before achieving certification, according to a new ICSA Labs report. The “ICSA Labs Product Assurance Report” – co-authored by the Verizon Business Data Breach Investigations Report research team – details lessons gleaned from testing thousands of security products over 20 years.

The report found the number one reason why a product fails during initial testing is that it doesn’t adequately perform as intended. Across seven product categories core product functionality accounted for 78 percent of initial test failures. For example, an anti-virus product failing to prevent infection and for firewalls or an IPS product not filtering malicious traffic.

Age of cyber warfare is ‘dawning’

Compiled by security firm McAfee, it bases its conclusion on analysis of recent net-based attacks.

Spam net snared a quarter million bots, says conqueror

Over five days, 487,340 unique IP addresses reported to the ad-hoc server. Using findings derived from last year’s take-down of the separate Srizbi botnet, FireEye estimates that the figure translates to 248,590 unique machines.

Gang sentenced for UK bank trojan

London’s Southwark Crown Court on Friday imposed sentences of as much as 4 and a half years on the men. According to IDG News, they used a trojan known as PSP2-BBB to stealthily monitor victims’ browsers. It inserted special fields into banking pages that asked for sensitive information and then sent it to the criminals when the user complied.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. Links 20/03/2023: Curl 8.0.0/1 and CloudStack 4.18.0.0 LTS

    Links for the day

  2. Standard Life (Phoenix Group Holdings): Three Weeks to Merely Start Investigating Pension Fraud (and Only After Repeated Reminders From the Fraud's Victims)

    As the phonecall above hopefully shows (or further elucidates), Standard Life leaves customers in a Kafkaesque situation, bouncing them from one person to another person without actually progressing on a fraud investigation

  3. Standard Life Paper Mills in Edinburgh

    Standard Life is issuing official-looking financial papers for companies that then use that paperwork to embezzle staff

  4. Pension Fraud Investigation Not a High Priority in Standard Life (Phoenix Group Holdings)

    The 'Open Source' company where I worked for nearly 12 years embezzled its staff; despite knowing that employees were subjected to fraud in Standard Life's name, it doesn't seem like Standard Life has bothered to investigate (it has been a fortnight already; no progress is reported by management at Standard Life)

  5. Links 20/03/2023: Tails 5.11 and EasyOS 5.1.1

    Links for the day

  6. Links 20/03/2023: Amazon Linux 2023 and Linux Kernel 6.3 RC3

    Links for the day

  7. IRC Proceedings: Sunday, March 19, 2023

    IRC logs for Sunday, March 19, 2023

  8. An Update on Sirius 'Open Source' Pensiongate: It's Looking Worse Than Ever

    It's starting to look more and more like pension providers in the UK, including some very major and large ones, are aiding criminals who steal money from their workers under the guise of "pensions"

  9. Services and Users TRApped in Telescreen-Running Apps

    TRApp, term that lends its name to this article, is short for "Telescreen-Running App". It sounds just like "trap". Any similarity is not purely coincidental.

  10. Links 19/03/2023: Release of Libreboot 20230319 and NATO Expanding

    Links for the day

  11. Great Things Brewing

    We've been very busy behind the scenes this past week; we expect some good publications ahead

  12. Links 19/03/2023: LLVM 16.0.0 and EasyOS Kirkstone 5.1 Releases

    Links for the day

  13. IRC Proceedings: Saturday, March 18, 2023

    IRC logs for Saturday, March 18, 2023

  14. Links 18/03/2023: Many HowTos, Several New Releases

    Links for the day

  15. Links 18/03/2023: Tor Browser 12.0.4 and Politics

    Links for the day

  16. Links 18/03/2023: Docker is Deleting Free Software Organisations

    Links for the day

  17. IRC Proceedings: Friday, March 17, 2023

    IRC logs for Friday, March 17, 2023

  18. New Talk: Richard Stallman Explains His Problem With Rust (Trademark Restrictions), Openwashing (Including Linux Kernel), Machine Learning, and the JavaScript Trap

    Richard Stallman's talk is now available above (skip to 18:20 to get to the talk; the volume was improved over time, corrected at the sender's end)

  19. Links 17/03/2023: CentOS Newsletter and News About 'Mr. UNIX' Ken Thompson Hopping on GNU/Linux

    Links for the day

  20. The European Patent Office's Central Staff Committee Explains the Situation at the EPO to the 'Yes Men' of António Campinos (Who is Stacking All the Panels)

    The EPO’s management is lying to staff (even right to their faces!) and it is actively obstructing attempts to step back into compliance with the law; elected staff representatives have produced detailed documents that explain the nature of some of the problems they’re facing

  21. Links 17/03/2023: Linux 6.2.7 and LibreSSL 3.7.1 Released

    Links for the day

  22. GNU/Linux in Honduras: 10% Market Share? (Updated)

    As per the latest statistics

  23. Links 17/03/2023: Update on John Deere’s Ongoing GPL Violations and PyTorch 2.0

    Links for the day

  24. IRC Proceedings: Thursday, March 16, 2023

    IRC logs for Thursday, March 16, 2023

  25. RMS: A Tour of Malicious Software, With a Typical Cell Phone as Example

    Tonight in Europe or this afternoon in America Richard M. Stallman (RMS), who turned 70 yesterday, gives a talk

  26. Skyfall for Sirius 'Open Source': A Second Pension Provider Starts to Investigate Serious (Sirius) Abuses

    Further to yesterday's update on Sirius ‘Open Source’ and its “Pensiongate” we can gladly report some progress following escalation to management; this is about tech and “Open Source” employees facing abuse at work, even subjected to crimes

  27. NOW: Pensions Lying, Obstructing and Gaslighting Clients After Months of Lies, Delays, and Cover-up (Amid Pension Fraud)

    The “Pensiongate” of Sirius ‘Open Source’ (the company which embezzled/robbed many workers for years) helps reveal the awful state of British pension providers, which are in effect enabling the embezzlement to carry on while lying to their clients

  28. Links 16/03/2023: War Escalations and More

    Links for the day

  29. Links 16/03/2023: OpenSSH 9.3 Released and WordPress 6.2 Release Candidate 2, Lapdock News

    Links for the day

  30. IRC Proceedings: Wednesday, March 15, 2023

    IRC logs for Wednesday, March 15, 2023

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts