05.24.10

Gemini version available ♊︎

Microsoft Connects With Governments as More Vulnerabilities Surface, Microsoft Can Be Sued in the UK for Security Problems

Posted in Courtroom, Europe, Law, Microsoft, Security, Windows at 8:29 am by Dr. Roy Schestowitz

The White House

Summary: Microsoft faces new challenges as security problems continue to be found even in the latest version of Windows and a UK High Court ruling indicates that Microsoft is now liable

NOW that one in two Windows PCs is believed to be a zombie PC Microsoft becomes a national and international problem. The latest Vista 7 vulnerability is a sign that things are not improving and Microsoft will start working privately/secretly with government in its disclosure of vulnerabilities [1, 2, 3, 4]. Will hidden/silent patches also be shared with governments? Last week there was an erroneous suspicion in Slashdot citing a blog with a semi-false alarm about a new security hole.

If you’re relying on the password encryption in Microsoft Dynamics GP — formerly Great Plains — to meet your PCI requirements, stop what you’re doing and listen up. It’s been revealed that its encryption algorithm is about as simple as it can be: a substitution cypher.

Look at the original source to see how Microsoft responded to the blogger by spinning and having the blogger state: “I must correct this and clarify. By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager. Here’s what happened: I reset the LESSONUSER’s passwords with SQL Enterprise Manager and afterward I was able to login to SQL Enterprise Manager with the LESSONUSER’s credentials. Some flag most have been updated when I reset the password – I need to investigate this further (this was all done in a Test environment). This was a BIG oversight on my part and I apologize for this. I really should have tested this out more before posting that statement. (Thank you Mark and others that pointed this out to me).”

Other known flaws are being addressed.

Microsoft, the software giant based in Redmond (USA), released two critical security updates on May 11, 2010, patching vulnerabilities within its e-mail applications as well as the Visual Basic for Applications designed to implement software programming language built into Microsoft Office.

“New Exploit Resists Windows Security Software,” reports IDG:

“This is definitely very serious,” said Alfred Huger, vice president of engineering at Immunet, a Palo Alto, Calif.-based antivirus company. “Probably any security product running on Windows XP can be exploited this way.” Huger added that Immunet’s desktop client is not vulnerable to the argument-switch attacks because the company’s software uses a different method to hook into the Windows kernel.

According to Matousec, nearly three-dozen Windows desktop security titles, including ones from Symantec, McAfee, Trend Micro, BitDefender, Sophos and others, can be exploited using the argument-switch tactic. Matousec said it had tested the technique on Windows XP SP3 and Vista SP1 on 32-bit machines.

Here is security guru Bruce Schneier commenting on the news that Microsoft’s EULA is no longer an excuse for security flaws [1, 2], at least in the UK where Schneier’s employer is based.

The British High Court ruled that a software vendor’s EULA — which denied all liability for poor software — was not reasonable.

Microsoft claims no liability [1, 2, 3, 4] in its EULA and other places. From now on it may be possible to sue Microsoft UK when its inherently-flawed software leads to big damages (as it does all the time).

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. Needs Sunlight said,

    May 24, 2010 at 2:01 pm

    Gravatar

    Liability lies with the jerks who knowingly deploy Microsoft products, not with Microsoft. The company has made poor products for many years, and those that haven’t learned or act like they haven’t are a real problem. The issue of manslaughter needs to be brought up with them in mind.

    The burden of software liability is something that M$ wants. It’s a variation of the usual extortion or ‘indemnification’ marketing. Like any other tool, the burden is on the user. Or in this case, the user is not the end-user who sits at the screen trying to get some other job done but the IT departments or consulting.

    Few other tools require liability worries by the maker — except in the case of standards. The failure with standards is also small part of the failure with security. However, there is a model already for regular tools to have liability requirements to comply with specific industry standards.

    Forget suing Microsoft for these security failures. It’s products acting as they have been designed: buggy, bloated, and fatally insecure. Sue the socks off of the managers that signed off on the Microsoft roll outs and the ‘IT’ staff that went along with it.

DecorWhat Else is New


  1. Links 26/10/2021: SUSE Linux Enterprise Micro 5.1 and Multi-Distro Benchmarks

    Links for the day



  2. Links 26/10/2021: Vulkan 1.1 Conformance for Raspberry Pi 4 and Tor Browser 10.5.10

    Links for the day



  3. [Meme] Sounds Legit

    When not cheating on the wife, the EPO‘s “doyen” cheats in the exams and makes it into the epi Council, in effect working “[t]owards a common understanding [sic] of quality” with “patent attorneys nominated as “assessors” by the EPO, epi and BusinessEurope” (notorious lobbyists for dictators, litigation, and monopolies, neither business nor science)



  4. [Meme] Mayoral Patent Office Chief

    As it turns out, political 'double-dipping' isn't just a thing in North Macedonia, Austria, and EPOnia



  5. Romania's Patent Office (OSIM): Nine Different Chiefs in Just Eight Years

    The Romanian State Office for Inventions and Trademarks (OSIM), being the equivalent of the U.S. Patent and Trademark Office (USPTO) in the sense that it covers both patents and trademarks, is a very flaky institution with no shortage of scandals; for our English-reading audiences we now have a summary of a decade’s worth of blunders and leadership changes



  6. The EPO’s Overseer/Overseen Collusion — Part XXIV: The Balkan League - Romania

    Romania’s patent office has been in flux this past decade, occasionally led by people with no relevant experience, but rather political connections (like EPO President António Campinos) and sometimes forged documents and fake degrees



  7. IRC Proceedings: Monday, October 25, 2021

    IRC logs for Monday, October 25, 2021



  8. [Meme] “Social Democracy” at the EPO

    Some comments on the current situation at the European Patent Office from Goran Gerasimovski, the new EPO Administrative Council delegate for North Macedonia and Social Democratic candidate for mayor of Centar (a municipality of Skopje)



  9. [Meme] António Campinos Visits the OSIM

    António Campinos visits OSIM Director-General Ionel Muscalu in February 2014



  10. [Meme] [Teaser] Meet the President

    Later today we shall see what Romania did for Battistelli



  11. Links 26/10/2021: Latte Dock 0.10.3 and Linux 5.15 RC7

    Links for the day



  12. Gemini Protocol's Originator: “I Continue to Care About This Project and I Care About the Community That Has Formed Around It.”

    'Solderpunk' is back from a long hiatus; this bodes well for Geminispace, which grew fast in spite of the conspicuous absence



  13. Bulgarian Like Bavarian Serfdom

    Bulgarian politics seem to have played a big role in selecting chiefs and delegates who backed Benoît Battistelli‘s unlawful proposals, which treat workers almost like slaves and ordinary citizens as disposable ‘collaterals’



  14. The EPO’s Overseer/Overseen Collusion — Part XXIII: The Balkan League - Bulgaria

    Today we examine the role of Bulgaria in Benoît Battistelli‘s liberticidal regime at the EPO (as well as under António Campinos, from 2018 to present) with particular focus on political machinations



  15. Links 25/10/2021: New Slackware64-current and a Look at Ubuntu Budgie

    Links for the day



  16. Links 25/10/2021: pg_statement_rollback 1.3 and Lots of Patent Catchup

    Links for the day



  17. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud

    Today we tread slowly and take another step ahead, revealing the nature of only some among many problems that GitHub and Microsoft are hiding from the general public (to the point of spiking media reports)



  18. [Meme] [Teaser] Oligarchs-Controlled Patent Offices With Media Connections That Cover Up Corruption

    As we shall see later today, the ‘underworld’ in Bulgaria played a role or pulled the strings of politically-appointed administrators who guarded Benoît Battistelli‘s liberticidal regime at the EPO



  19. IRC Proceedings: Sunday, October 24, 2021

    IRC logs for Sunday, October 24, 2021



  20. Links 25/10/2021: EasyOS 3.1 and Bareflank 3.0

    Links for the day



  21. The Demolition of the EPO Was Made Possible With Assistance From Countries That Barely Have European Patents

    The legal basis of today's EPO has been crushed; a lot of this was made possible by countries with barely any stakes in the outcome



  22. The EPO’s Overseer/Overseen Collusion — Part XXII: The Balkan League - North Macedonia and Albania

    We continue to look at Benoît Battistelli‘s enablers at the EPO



  23. Links 24/10/2021: GPS Daemon (GPSD) Bug and Lots of Openwashing

    Links for the day



  24. Links 24/10/2021: XWayland 21.1.3 and Ubuntu Linux 22.04 LTS Daily Build

    Links for the day



  25. IRC Proceedings: Saturday, October 23, 2021

    IRC logs for Saturday, October 23, 2021



  26. Links 24/10/2021: Ceph Boss Sage Weil Resigns and Many GPL Enforcement Stories

    Links for the day



  27. GAFAM-Funded NPR Reports That Facebook Let Millions of People Like Trump Flout the So-called Rules. Not Just “a Few”.

    Guest post by Ryan, reprinted with permission



  28. Some Memes About What Croatia Means to the European Patent Office

    Before we proceed to other countries in the region, let’s not forget or let’s immortalise the role played by Croatia in the EPO (memes are memorable)



  29. Gangster Culture in the EPO

    The EPO‘s Administrative Council was gamed by a gangster from Croatia; today we start the segment of the series which deals with the Balkan region



  30. The EPO’s Overseer/Overseen Collusion — Part XXI: The Balkan League – The Doyen and His “Protégée”

    The EPO‘s circle of corruption in the Balkan region will be the focus of today’s (and upcoming) coverage, showing some of the controversial enablers of Benoît Battistelli and António Campinos, two deeply corrupt French officials who rapidly drive the Office into the ground for personal gain (at Europe’s expense!)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts