03.12.10

Microsoft’s Latest Harms to the Web and Shallow Press Coverage That Neglects to Name Culprits

Posted in Microsoft, Security, Windows at 3:40 pm by Dr. Roy Schestowitz

Duck gossip

Summary: Coverage about security issues is abundant, but the cause of many of these issues is simply not named

MANY companies in the West had their security measures superseded and breached due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft is now warning that Internet Explorer is under another attack:

In an advisory, the company warned that a new vulnerability was being targeted in attacks against Internet Explorer 6 and 7. IE 8 is not believed to be affected. According to Microsoft, the vulnerability is due to an invalid pointer reference being used within IE and can be exploited by tricking users into visiting a malicious or compromised Web page.

This is a Windows problem because Internet Explorer is a part of Windows, which therefore inherits all the weaknesses of one piece of software that ought to have been isolated. The consequences of Windows’ insecurity can also be seen in the following news:

1. Vodafone ships malware infested mobiles

Upon further investigation, the phone was found to be infected with not one but three nasties, including the Conficker worm, a Mariposa bot client and a Lineage password divulger. The firm found that the Mariposa bot client was calling home to receive further instructions.

With a “password divulger”, banks are at risk:

2. Online banking fraud losses rise 14%”

Number of ‘phishing’ attacks have risen to 51,000 from just 1,700 five years ago, according to the UK Cards Association

Also:

3. Twitter Fights Phishing, Malware with Link Scanning Service

Twitter has announced it will begin scanning links posted by users to thwart phishing attacks and the spread of malware on the site.

Notice how the articles typically neglect to say that such malware only affects Windows users. On we move to:

4. 10 Reasons Why Security Problems Persist at Microsoft

News Analysis: As much as Microsoft would like security problems to just go away, they won’t. The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil. But there are many things that Microsoft should do to improve the situation. We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it.

[...]

2. Windows is an easy target

Windows is a nightmare when it comes to security. The operating system is filled with holes that, over the years, have been patched with varying degrees of success. Windows 7 is the most secure operating system Microsoft has released to date, but it’s probably rife with flaws that Microsoft hasn’t heard of yet. And no doubt hackers are ceaselessly searching for them. Unless Microsoft does something drastic with the next iteration of Windows, its operating system woes will likely continue.

We do not agree with the article as a whole, but it does raise some important points. The security weaknesses of Windows produce botnets rather easily:

5. Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world’s most nefarious cyber operations.

This is a Windows botnet (but it doesn’t even say “Windows botnet”). What’s sickening is that Microsoft is only mentioned in this article where it’s given credit. It says: “Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace.”

Giving Microsoft credit for the Waledac takedown [1, 2, 3, 4] is like giving DuPont credit for some minimal cleanup after the Bhopal disaster. Microsoft employees are given credit for fighting a problem that they themselves created. It’s truly amazing, especially given that those Windows botnets are costing huge amounts of money that is hard to estimate (dependent upon definitions and methods).

Here is the EFF discussing Microsoft’s takedown of an important Web site, not a Windows botnet.

We often criticize DMCA takedown abuse here at EFF, but last week’s Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft’s practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome.

We have already covered this in another post. Microsoft can stop people who leak evidence of its warrantless spying, whereas those who empty bank accounts through compromised Windows PCs are not a priority. There are hundreds of millions of them.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2010/03/12/coverage-about-security-issues/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    March 13, 2010 at 4:02 pm

    Gravatar

    Reporters should not let Microsoft and banks get away with blaming the victim. I’ve been hearing this kind of thing for about a decade.

    “Fraudsters are now relying on the weakest link in the chain, and that is online banking customers themselves,” a spokesman for the UK Cards Association said. “Banks would never approach customers by email asking for their bank details, but people still fall for this scam.”

    Banks like to blame their customers so that they can make customers eat losses. People familiar with bank transactions know that the system is easy to defraud. People familiar with Windows know that half of Windows PCs are part of a botnet which all have the ability to log passwords. It would be surprising if a majority of credit fraud was the result of anything customers did, other than bank and use Windows.

What Else is New


  1. Links 18/6/2021: Mir 2.4, ActivityWatch 0.11, Microsoft Breaks Its Own Repos

    Links for the day



  2. [Meme] When the 'Court' Drops

    As the EPO sneakily outsourced courts to American companies and parties in dispute depend on their ISP for “access to justice” there’s a catastrophic impact on the very concept of justice or the right to be heard (sometimes you don’t hear anything and/or cannot be heard)



  3. The EPO's Virtual Injustice and Virtual ('News') Media

    A discussion of this morning's post (part 10 in a series) about the shallow media/blog coverage that followed or accompanied last month's notorious EPO hearing



  4. Links 18/6/2021: LibreOffice 7.2 Beta, Elementary OS 6.0 Beta 2, and Linux Mint 20.2 “Uma” Beta

    Links for the day



  5. The Self-Hosting Song

    Cautionary tales about outsourcing one's systems to companies that could not care less about anyone but themselves



  6. IRC Proceedings: Thursday, June 17, 2021

    IRC logs for Thursday, June 17, 2021



  7. [Meme] Swedish Justice

    The EPO‘s patent tribunals have been mostly symbolic under the Benoît Battistelli and António Campinos regimes; giving them back their autonomy (and removing those who help Battistelli and Campinos attack their autonomy) is the only way to go now



  8. Virtual Injustice -- Part 10: Vapid and Superficial Coverage in the 'IP' Blogosphere

    The media has come under attack by Benoît Battistelli; during the term of António Campinos most of the media critical of the EPO has mostly vanished already; so one needs to look carefully at comments and social control media



  9. Links 18/6/2021: RasPad 3 and Pushing Rust Into the Linux Kernel

    Links for the day



  10. Heli Pihlajamaa Promoting Software Patents to Patent Maximalists

    "Ms Pyjamas" from the EPO is promoting illegal software patents to a bunch of patent zealots (CIPA)



  11. The Lying by Team UPC, Led Again by Kevin Mooney

    Team UPC, or specifically Mr. Mooney, lies to the public about the prospects of the UPC; similarly, EPO and EU officials keep bringing up false claims about the UPC, so while the UPC itself has likely died for good the lies have not



  12. Links 17/6/2021: Cutelyst 3 and Lenovo Move Towards ThinkPad BIOS Configuration From Within Linux

    Links for the day



  13. Too Much Noise and/or Distraction and General Loss of Focus (on the Real and Urgent Issues, Such as the Ongoing Anti-FSF 'Coup')

    The media is full of Microsoft fluff and technical blog posts still focus on the Freenode fiasco, among other things that don't matter all that much; but we certainly need to talk about steps undertaken to undermine the FSF's power because long-term ramifications may be huge



  14. [Meme] The Enlarged Bored People With Presidential Decrees

    The laughable state of the EPO‘s EBA (or EBoA) is rarely commented on anymore, not even in so-called ‘IP’ blogs; maybe they’re just so eager to see patents on everything, even European software patents, so tyrants who destroy the courts (with UPC lobbying and removal of EBA independence) don’t bother them so much anymore



  15. Response to Misinformation From EPO Officials

    Opponents of European software patents are clearly being mischaracterised by EPO officials, who also use meaningless buzzwords to promote such patents; as an aside or footnote that relates to our ongoing series we’re making this quick video, which is days late



  16. [Meme] Tilting the Scales for Software Patents

    Shovelling up lots of patents, even worthless patents such as software patents, dooms the EPO (EPC violations, lawlessness), dooms European professionals, but the wrong people have been put in charge and courts are being intimidated by them



  17. Virtual Injustice -- Part 9: Heli, the EPO's Nordic Ice-Queen

    Team Campinos is full of people who instead of grasping and working to promote innovation are boosting the agenda of litigation (scientists are not being employed)



  18. IRC Proceedings: Wednesday, June 16, 2021

    IRC logs for Wednesday, June 16, 2021



  19. Links 17/6/2021: elementary OS 6 Beta 2 and JingPad Linux Tablet Crowdfunding

    Links for the day



  20. Techrights Statement on IRC

    Freenode needs to explain what the hell happened this week and why communities that make up the network weren't informed or consulted



  21. IRC Proceedings: Tuesday, June 15, 2021

    IRC logs for Tuesday, June 15, 2021



  22. Virtual Injustice -- Part 8: A Well-Connected 'IP' Maximalist

    The EPO‘s lobbying for European software patents goes all the way to the top, including António Campinos and his circle



  23. Links 16/6/2021: Alpine 3.14.0 and DXVK 1.9

    Links for the day



  24. Links 15/6/2021: Debian Installer Bullseye RC 2 and Zink Updates

    Links for the day



  25. IRC Proceedings: Monday, June 14, 2021

    IRC logs for Monday, June 14, 2021



  26. Virtual Injustice -- Part 7: Musical Chairs and Revolving Doors

    Cross pollination in Alicante and Munich serves to show that people aren't picked for their skills and experience; it's like a private club or a clique



  27. Hardly Shocking and Not At All Surprising That Thugs Who Run the EPO Hired External Thugs to Help Them Oppress Aggrieved Staff

    With the EPO's management flooding the bank accounts of aggressive law firms (at our expense) we need to ask serious questions about how such a "Mafia" (what EPO staff calls the management) managed to metastasise inside Europe's second-largest institution and how to remove this "Mafia" as soon as possible (some arrests too are well overdue)



  28. [Meme] There Are No Elections in Mafia-Type Regimes; It's About Family and Friends...

    With no real concept or notion of "elections" (the so-called 'mafia' members choose their successors and colleagues) the EPO's patent examiners clearly need outside intervention, e.g. inquest by the EU authorities (the EPC died and maybe the EPO too; it's unregulated and it grants false patents that harm Europe because the courts don't function, either)



  29. Today's Linux Standing for the Opposite of What Linux Users Stand for

    The so-called 'Linux' Foundation or the "Corporate Linux Foundation" is alienating many of the original users of GNU/Linux and it still insults their intelligence; it's rewriting history, it still distorts the objectives, and before we know Linux will perish and lose momentum because all the excitement associated with the brand will fizzle away



  30. Links 14/6/2021: Kdenlive 21.04.2 and Raspberry Pi 400 Support in Linux

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts