Bonum Certa Men Certa

Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day

Nine O Nine



Summary: Vista 7 as exposed as the naked emperor; Internet Explorer received similar treatment as users are under attack and no remedy is available

OVER the past week and a half we wrote several posts about the illusion of security in Vista 7. Among those posts:

  1. Vista 7 Exploit is Out (Zero-Day Vulnerability)
  2. If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?
  3. Microsoft Won't Secure Firefox/Chrome Users, Shows More Negligence


Reports about this subject continued to come and only an advisory (not a patch) came from Microsoft. Regarding another serious crack that led to security issues in vista 7, reports suggest that it "comes as no surprise," proving yet again that Microsoft does not give a damn about security.

There is now the following serious incident which leads to invaluable harm. No report seems to say which platform is to blame, but the University of East Anglia is not necessarily a docile Windows shop, not based on its Web site anyway. It actually abandoned Solaris for GNU/Linux when Sun began roaming the streets looking for love. Does anyone know what mail systems are used at the University of East Anglia?

A 61MB ZIP file was posted on a Russian FTP server late last night, local time. It contains over a thousand emails, and around three thousand other items including source code and data files. Emails are peppered with disparaging remarks and a crude cartoon of sceptical scientists is also included in the archive - suggesting the hacker roamed wide across the University's servers.


More at The Guardian.

A spokesperson for the University of East Anglia said: "We are aware that information from a server used for research information in one area of the university has been made available on public websites. Because of the volume of this information we cannot currently confirm that all this material is genuine. This information has been obtained and published without our permission and we took immediate action to remove the server in question from operation. We are undertaking a thorough internal investigation and have involved the police in this inquiry."


Regardless of what this "server in question" actually runs, Microsoft is taking a weird approach to security, suggesting/recommending a different architecture (not platform) as a cure for executables that exploit Windows by design, not just by compilation.

Meanwhile we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco]

According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.


More information at IDG:

The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer.


No fix is available yet, except a download that's called Firefox or Fedora. But Microsoft does not want people to say the "F" word, so it will probably deliver a patch very soon.

To Free software's credit, it rarely waits for attacks to occur before addressing security vulnerabilities.

More on Vista 7 insecurity:



Recent Techrights' Posts

SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Garden Season Starts Today
Outdoor time, officially...
More Information About Public Talks That Richard Stallman Gave This Week in Europe
Two talks in Switzerland
Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
Engadget writes for bots now, not for humans
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries