Eye on Security: Windows is Vulnerable, GNU/Linux is Not
- Dr. Roy Schestowitz
- 2010-06-11 21:17:22 UTC
- Modified: 2010-06-11 21:17:22 UTC
Summary: Today's examples of security weaknesses in Windows (which help justify Google's recent abandonment of Windows on the desktop)
●
Microsoft Security Vulnerability Disclosed (no
silent patches yet?)
Microsoft was left racing to patch a Windows Help and Support Center vulnerability after Tavis Ormandy, an information security researcher who's charged with keeping Google's products secure, Thursday publicly disclosed both the bug as well as proof-of-concept attack code.
Ormandy reportedly informed Microsoft of the vulnerability on Saturday, June 5, and Microsoft acknowledged receipt the same day. Five days later, however, Ormandy went public with a posting to the Full Disclosure mailing list. Later that day, Microsoft issued its own vulnerability announcement.
●
Bug gives attackers complete control of Windows PCs [
via]
A security researcher has warned of a vulnerability in older versions of the Windows operating system that allows attackers to take full control of a PC by luring its user to a booby-trapped website.
The flaw resides in the Windows Help and Support Center, a feature that provides users with online technical support. Malicious hackers can exploit the weakness of Windows by embedding commands in web addresses that activate the feature's remote assistance tool, which allows administrators to execute commands over the internet. The exploit works in XP and Server 2003 versions of Windows and possibly others.
●
Malware Squared
Use browsers and operating systems that are more secure. Get away from the monopoly OS that is the main target of attacks. Cut down your risk by a factor of 1000 or so by a single step, migrating to GNU/Linux. It makes sense.
Recent Techrights' Posts
- [Meme] The Heart of Staff Rep
- Rowan heartily grateful
- Microsoft's Windows Falls to All-Time Low and Layoffs Reported by Managers in the Windows Division
- One manager probably broke an NDA or two when he spoke about it in social control media
-
- Gemini Links 18/04/2024: Google Layoffs Again, ByteDance Scandals Return
- Links for the day
- Gemini Links 18/04/2024: Trying OpenBSD and War on Links Continues
- Links for the day
- IRC Proceedings: Wednesday, April 17, 2024
- IRC logs for Wednesday, April 17, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- North America, Home of Microsoft and of Windows, is Moving to GNU/Linux
- Can it top 5% by year's end?
- Management-Friendly Staff Representatives at the EPO Voted Out (or Simply Did Not Run Anymore)
- The good news is that they're no longer in a position of authority
- Microsofters in 'Linux Foundation' Clothing Continue to Shift Security Scrutiny to 'Linux'
- Pay closer attention to the latest Microsoft breach and security catastrophes
- Links 17/04/2024: Free-Market Policies Wane, China Marks Economic Recovery
- Links for the day
- Gemini Links 17/04/2024: "Failure Is An Option", Profectus Alpha 0.5 From a Microsofter Trying to Dethrone Gemini
- Links for the day
- How does unpaid Debian work impact our families?
- Reprinted with permission from Daniel Pocock
- When you give money to Debian, where does it go?
- Reprinted with permission from Daniel Pocock
- How do teams work in Debian?
- Reprinted with permission from Daniel Pocock
- Joint Authors & Debian Family Legitimate Interests
- Reprinted with permission from Daniel Pocock
- Bad faith: Debian logo and theme use authorized
- Reprinted with permission from Daniel Pocock
- Links 17/04/2024: TikTok Killing Youth, More Layoff Rounds
- Links for the day
- Jack Wallen Has Been Assigned by ZDNet to Write Fake (Sponsored) 'Reviews'
- Wallen is selling out. Shilling for the corporations, not the community.
- Links 17/04/2024: SAP, Kwalee, and Take-Two Layoffs
- Links for the day
- IRC Proceedings: Tuesday, April 16, 2024
- IRC logs for Tuesday, April 16, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- Inclusion of Dissent and Diversity of Views (Opinions, Interpretations, Scenarios)
- Stand for freedom of expression as much as you insist on software freedom
- Examining Code of Conduct violations
- Reprinted with permission from the Free Software Fellowship
- Ruben Schade's Story Shows the Toxicity of Social Control Media, Not GNU/Linux
- The issue here is Social Control Media [sic], which unlike the media rewards people for brigading otherwise OK or reasonable people
- Upgrading IRCd
- We use the latest Debian BTW
- The Free Software Community is Under Attack (Waged Mostly by Lawyers, Not Developers)
- Licensing and legalese may seem "boring" or "complicated" (depending on where one stands w.r.t. development), but it matters a great deal
- Jonathan Cohen, Charles Fussell & Debian embezzlement
- Reprinted with permission from disguised.work
- Grasping at Straws in IBM (Red Hat Layoff Rumours in 2024)
- researching rumours around Red Hat layoffs
- GNU/Linux Continues to Get More Prevalent Worldwide (Also on the Desktop)
- Desktops (or laptops) aren't everything, but...
- Who is a real Debian Developer?
- Reprinted with permission from Daniel Pocock
- Links 16/04/2024: Many More Layoffs, Broadcom/VMware Probed (Antitrust)
- Links for the day
- Links 16/04/2024: Second Sunday After Easter and "Re-inventing the Wheel"
- Links for the day
- Upcoming Themes and Articles in Techrights
- we expect to have already caught up with most of the administrivia and hopefully we'll be back to the prior pace some time later this week
- Links 16/04/2024: Levente "anthraxx" Polyák as Arch Linux 2024 Leader, openSUSE Leap Micro 6 Now Alpha, Facebook Blocking News
- Links for the day
- Where is the copyright notice and license for Debian GNU/Linux itself?
- Reprinted with permission from Daniel Pocock
- Halász Dávid & IBM Red Hat, OSCAL, Albania dating
- Reprinted with permission from the Free Software Fellowship
- Apology & Correction: Daniele Scasciafratte & Mozilla, OSCAL, Albania dating
- Reprinted with permission from the Free Software Fellowship
- Next Week Marks a Year Since Red Hat Mass Layoffs, Another Round Would be "Consistent With Other Layoffs at IBM."
- "From anon: Global D&I team has been cut in half."
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, April 15, 2024
- IRC logs for Monday, April 15, 2024