02.18.10

Here Come Many More Microsoft Windows Attacks

Posted in Microsoft, Security, Windows at 6:01 pm by Dr. Roy Schestowitz

Computer danger

Summary: A lot of security headaches caused to lot of people, all due to Microsoft Windows being so vulnerable

Yesterday we wrote about Microsoft's risk that impacts people's lives. Blame Microsoft’s utter negligence [1, 2, 3] for it. Where there is deliberate negligence there is also liability and responsibility.

It has been surprising to some network experts that the Internet has yet not come under an attack that fragments or altogether suspends it at root level [1, 2]. It’s not as though it is impossible; it’s just that nobody has dared to trigger it just yet and the United States considers bombing (in the physical sense) any botmaster who may attempt this. According to this latest report, the United States is not prepared for an attack from Windows botnets.

During the simulated cyber attack that took place yesterday in Washington and was recorded by the CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens.

Already, there are some notable attacks that show up in the news. Here is an article that will appear in the New York Times tomorrow:

A malicious software program has infected the computers of more than 2,500 corporations around the world, according to NetWitness, a computer network security firm.

It’s a John Markoff article, so neither Microsoft nor Windows are mentioned, as usual. Under some pressure he once made an exception. Here is a similar report from Reuters:

Virus has breached 75,000 computers: study

A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness.

Here is another Windows disaster unfolding:

City of Norfolk hit with code that takes out nearly 800 PCs

Malicious code that mysteriously found its way onto an internal virtual print server took out nearly 800 computers used by the city of Norfolk, Virginia, last week.

The code apparently was activated when workers shut down their computers, said Hap Cluff, IT director for the city of Norfolk. “It was triggered by the action of logging off,” he said. ”

The code nearly wiped out the C drives of the 784 affected computers and essentially deleted the Windows operating system. The contents of the system folders on those machines, normally about 1.5GB in size, shrunk to 500 MB, he said.

Yes, all the above indicates that it’s a Windows problem. More here:

Hap Cluff, director of the information technology department for the City of Norfolk, said the incident began on Feb. 9, and that the city has been working ever since to rebuild 784 PCs and laptops that were hit (the city manages roughly 4,500 systems total).

Wonderful, eh? Here is an article about source of vulnerabilities, based on data that we mentioned in yesterday's post about security.

Just as they did last year, over thirty international security organisations have come together, to publish a list of the 25 most dangerous programming errors leading to vulnerabilities that can be exploited for cybercrime and espionage. The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors has been updated with a number of improvements to how the errors are graded, prioritised and categorised. For example, new “Focus Profiles” allow readers to quickly see the listed errors sorted for particular professionals’ interests.

As we pointed out yesterday, Microsoft is not well positioned here and its general programming practices and use cases (e.g. clicking attachment to execute) are part of the problem. One might add to this the fact that Microsoft’s patches vulnerabilities poorly and sloppily, often hiding known flaws until they are actively exploited.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2010/02/18/windows-security-headaches-again/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

3 Comments

  1. Needs Sunlight said,

    February 19, 2010 at 2:13 am

    Gravatar

    Hmm “Blame Microsoft’s utter negligence”? It’s no longer MIcrosoft’s fault at this point. The company’s complete product line is well known. Now it is the fault of the managers who allow Microsoft product in their work environment and the fault of the employees that roll out Microsoft products.

    Look at it this way. It’s perfectly fine to manufacture and sell lead salts. It’s not fine to use them as artificial sweeteners.

    Roy Schestowitz Reply:

    Blame false advertising then. I am going to have some posts on the subject shortly.

    Robotron 2084 Reply:

    It’s not the fault of any one group. Everyone is to blame to some extent, including users and the computer experts who try to help them. This article from Reuters talks about users who become so baffled by computer jargon that they become completely turned off to learning about security.

    http://www.reuters.com/article/idUSTRE61I2OB20100219

What Else is New


  1. Was Microsoft Ever First in the Market?

    Confronting the false belief that Microsoft ever innovates anything of significance or is "first" in some market/s



  2. Links 1/8/2021: 4MLinux 37.0, IBM Fluff, and USMCA Update

    Links for the day



  3. Microsoft Knows That When Shareholders Realise Azure Has Failed the Whole Boat Will Sink

    The paranoia at Microsoft is well justified; they've been lying to shareholders to inflate share prices and they don't really deliver the goods, just false hopes and unfulfilled promises



  4. [Meme] Nobody and Nothing Harms Europe's Reputation Like the EPO Does

    Europe’s second-largest institution, the EPO, has caused severe harm/damage to Europe’s economy and reputation; its attacks on the courts and on justice itself (even on constitutions in the case of UPC — another attempt to override the law and introduce European software patents) won’t be easily forgotten; SUEPO has meanwhile (on Saturday, link at the bottom in German) reminded people that Benoît Battistelli and António Campinos have driven away the EPO’s most valuable workers or moral compass



  5. IRC Proceedings: Saturday, July 31, 2021

    IRC logs for Saturday, July 31, 2021



  6. [Meme] When it Comes to Server Share, Microsoft Azure is Minuscule (But Faking It)

    Don't believe the lies told by Microsoft's charlatans and frauds; Azure has been a total failure and that's why there are layoffs as well



  7. [Meme] Mozilla Has Turned From Technical to Marketing

    Way back, long before Mozilla and Firefox got hijacked by politics (turning Mozilla into a VPN reseller that lies about its stance on privacy), geeks were driving the company, not corporate lawyers and spying/marketing people



  8. Over 1,500 (Known/Unorphaned) Gemini Capsules and Over 160,000 Page Requests in gemini.techrights.org During July

    Techrights is expanding at gemini:// (Gemini space) and over 1,500 capsules are reported to have been found (less than 4 months ago it was about 1,000)



  9. Links 31/7/2021: Kernel Additions and Linux Mint 20.3 Release Date

    Links for the day



  10. Microsoft Azure Stagnating

    Reprinted with permission from Mitchel Lewis, former Microsoft employee



  11. For 17 Days (and Counting) António Campinos Has Failed to Respond to Call for Compliance With the Law

    Team Campinos has been so arrogant and so evasive that there’s no indication (yet) that it will follow court orders (Willy ‘Guillaume’ Minnoye openly bragged about ignoring court orders and he's still cheering for the EPO's abuses); therefore, staff of the EPO takes collective action



  12. Raw: Elodie Bergot Breaking the Law by Threatening Against the Exercise of Fundamental Rights

    Over the years we saw a number of rude letters from Elodie Bergot, the grossly under-qualified spouse of a friend of Vichyite Benoît Battistelli; most of these we never published (we already have these and can always publish if the need arises), but those paranoid and insecure “Mafia”-like ‘cabal’ need to be exposed for the mobsters they are; for nearly a decade they’ve illegally bullied EPO staff in clear violation of the law (and for over 3 years António Campinos has kept those bullies on board); why does Europe do nothing and why is it never holding high-profile abusers accountable (only low-level facilitators)? Is it because the EU too is being infiltrated by them?



  13. Linspire Should Be Avoided in 2021 Just Like It Was Avoided 14 Years Ago

    The brand "Linspire" was brought back, but the agenda seems to be more or less the same, namely pushing proprietary software and serving Microsoft's commercial agenda (in 'Linux' clothing)



  14. The Death of Freenode Would Be Freenode's Own Fault

    Freenode is going dark and now it’s asking people to create accounts at IRC.com (just to get back into the network that they may have already occupied for decades) as if Freenode owns “IRC” as a whole



  15. Links 31/7/2021: KDE Progress and Activision Catastrophe

    Links for the day



  16. IRC Proceedings: Friday, July 30, 2021

    IRC logs for Friday, July 30, 2021



  17. The Smartest Meter of All

    Yesterday a lady came over to take our power readings (electric/gas meter); secure these people's jobs as they help protect people's privacy (dignity) at home



  18. [Meme] A Web of False Dichotomies

    A reminder that Techrights is fully available (all blog posts and wiki pages) in gemini://



  19. Freenode Shrinks by Another Quarter and Gemini Continues to Grow (For Techrights at Least)

    Freenode continues to perish faster than we've imagined; it's a good thing that we've had contingencies set up; regarding the monopolised and increasingly centralised Web, we're still making baby steps towards weaning ourselves off it



  20. Links 31/7/2021: Wine 6.14 and Chrome 93 Beta

    Links for the day



  21. European Media Does Not Care About Europe's Second-Largest Institution Crushing Basic Laws and Fundamental Rights

    New video about the latest publication from SUEPO (the EPO’s staff union); it was published yesterday, seeing that the “Mafia” (what EPO staff actually calls the management!) hasn’t done anything to comply with a wide-ranging set of court rulings from ILO-AT; why has the media said nothing about this and what does that say about today’s media? The material is all in the public domain, in widely understood languages, and SUEPO spoke about it more than 3 weeks ago.



  22. Links 30/7/2021: Distro Comparisons and Tootle Introduced

    Links for the day



  23. [Meme] Enforcing ILO-AT Rulings...

    We’re still waiting for a statement — any statement (direct or indirect) — from EPO management, seeing that almost a month has passed



  24. 'Open Source' as a Failed Initiative

    A closer look at the dire state of the Open Source Initiative, or OSI, which no longer protects Open Source (let alone software freedom) but instead helps openwashing, Microsoft entrapment, and a coup against the FSF



  25. [Meme] Rowan and António Sittin' on a Tree...

    How much longer can Team Campinos keep issuing tons of noisy and self-congratulatory puff pieces to (perhaps) distract from the elephant in the 10th floor of the Isar building (EPO HQ)? Staff won't wait for eternity.



  26. IRC Proceedings: Thursday, July 29, 2021

    IRC logs for Thursday, July 29, 2021



  27. Half the People in This Letter Are IBM Employees

    IBM seems to be continuing its war on the FSF because IBM wants to own everything (CentOS being ‘canned’ was just part of the plan)



  28. The OSI Song

    The sad demise of OSI, which has become little but a front group of proprietary software companies in pursuit of openwashing services (and outsourcing to proprietary disservices looking to eradicate copyleft)



  29. [Meme] OSI is Doing Just Fine

    So what if OSI is run by someone who raised money from Microsoft (to sell Microsoft a keynote slot in a copyleft event — the thing that Microsoft attacks through GitHub!) while funnelling the OSI's funds to a serial GPL violator?



  30. The OSI's Defunct Elections (Privacy Breach), Conflict of Interest (Nicholson), and Other Lingering Problems

    The above, together with an email from the OSI below, serves to show they’re re-running a bad election and — yet worse! — there appears to be a conflict of interest implicating the OSI’s sole member of staff!


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts