Bonum Certa Men Certa

If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive



Summary: Microsoft's inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?



The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it's too late. SJVN argues:

I do wonder sometimes about Microsoft's quality assurance. No, I tell a lie. I always wonder about Microsoft's quality assurance. As in, "How can they keep making mistakes like this?" In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit's code: "'Most Secure Os Ever' --> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL"

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.


This is not just "embarrassingly bad", it is practically very bad because exploit code is already out there while Microsoft is still "investigating".

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.


Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet?

On Vista 7 insecurity:



Recent Techrights' Posts

[Video] To Combat Efforts to Cancel or Kill the Career (and Reputation) of the People Who Made GNU/Linux We Must Rally the Community
nobody speaks better for projects and for licences than their own founders
Electronic Frontier Foundation Incorporated is Run by/for Corporations Now (Members' Money is Less Than a Quarter of the Money EFF Receives)
Facebook bribes
 
Links 09/12/2023: Dictator's Nomination in Russia
Links for the day
The EFF Should Know Better, But It Is Promoting Mass Surveillance by Facebook (an Endorsement of Lies)
What is going on at the EFF?
Feedback Desired
Feedback can be sent by E-mail
A Message in Support of Richard Stallman, Condemning Those Who Misportray Him
message about Richard Stallman (RMS)
Links 09/12/2023: Many 'Open'AI Employees Strongly Dislike Microsoft, Many Impending Strikes
Links for the day
IRC Proceedings: Friday, December 08, 2023
IRC logs for Friday, December 08, 2023
Over at Tux Machines...
GNU/Linux news
Open Source Initiative (OSI) is Microsoft, It Presents Microsoft-Controlled Projects Like They're Everything That Exists in the World
They're not assessing the real data, they keep track only of projects foolish enough to choose slavery under Microsoft
Links 08/12/2023: Cyber Resilience Act in EU and Denmark Embracing 'Blasphemy Law'
Links for the day
Linus Torvalds Cannot Easily 'Offend' Companies Anymore, But Weeks Ago He Explained Why (Linux Support and Hardware Documentation Has Significantly Improved)
new clip
Links 08/12/2023: Tidal and Simplilearn Layoffs
Links for the day
IRC Proceedings: Thursday, December 07, 2023
IRC logs for Thursday, December 07, 2023
[Video] The Media Facilitates Microsoft's Abuse, Bribes, and Growing Threats to National Security
The failure of the media to properly and independently explain what's happening will continue to doom the media
[Video] The Next Ten Years of Techrights in a World With Changing Threats and Technological Landscapes (or Trends That Are Buzzwords/Cargo Cults)
The video of today talks about the site's (and capsule's plan) for the future
Wikipedia is Vandalism, Brought to You by Microsoft and Bill Gates
Reprinted with permission from Ryan Farmer
Lennart Poettering and Fellow Microsofters Turn GNU/Linux Into Windows, Expect Poor Reliability With systemd-bsod
turning Linux into Microsoft Windows
The Effort to Silence (Squash) GNU/Linux Advocates and Press Coverage
If nobody even mentions it anymore, does it still exist?
Links 07/12/2023: Climate Events Occupied by Their Enemy, Workers Going on Strike
Links for the day
IRC Proceedings: Wednesday, December 06, 2023
IRC logs for Wednesday, December 06, 2023
A Googlebombing Campaign Targeting "Gemini" Takes on E-mail, Too
Google can do Googlebombing too (the term is even named after it)
[Video] Microsoft Without a So-called 'Common Carrier' (Windows Monoculture)
Windows Has Fallen
Rumour: Major Finance Layoffs at Microsoft Next Week
If the rumour is true, we'll be hearing barely anything from the mainstream media next week
Links 07/12/2023: More EPO Patents Squashed, More Pfizer COVID-19 Vaccine "Glitches" Found
Links for the day
Still Not 'Canceled'
Ted Ts'o, Jan Kara, Linus Torvalds last month
Google is Googlebombing the Term "Gemini"
Could Google not pick a name that's already "taken"?