Bonum Certa Men Certa
IRC: #boycottnovell @ FreeNode: November 22nd, 2009 | Microsoft Can Only Wish it Was as Popular as Linux (on Phones)

Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day

Nine O Nine



Summary: Vista 7 as exposed as the naked emperor; Internet Explorer received similar treatment as users are under attack and no remedy is available

OVER the past week and a half we wrote several posts about the illusion of security in Vista 7. Among those posts:

  1. Vista 7 Exploit is Out (Zero-Day Vulnerability)
  2. If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?
  3. Microsoft Won't Secure Firefox/Chrome Users, Shows More Negligence


Reports about this subject continued to come and only an advisory (not a patch) came from Microsoft. Regarding another serious crack that led to security issues in vista 7, reports suggest that it "comes as no surprise," proving yet again that Microsoft does not give a damn about security.

There is now the following serious incident which leads to invaluable harm. No report seems to say which platform is to blame, but the University of East Anglia is not necessarily a docile Windows shop, not based on its Web site anyway. It actually abandoned Solaris for GNU/Linux when Sun began roaming the streets looking for love. Does anyone know what mail systems are used at the University of East Anglia?

A 61MB ZIP file was posted on a Russian FTP server late last night, local time. It contains over a thousand emails, and around three thousand other items including source code and data files. Emails are peppered with disparaging remarks and a crude cartoon of sceptical scientists is also included in the archive - suggesting the hacker roamed wide across the University's servers.


More at The Guardian.

A spokesperson for the University of East Anglia said: "We are aware that information from a server used for research information in one area of the university has been made available on public websites. Because of the volume of this information we cannot currently confirm that all this material is genuine. This information has been obtained and published without our permission and we took immediate action to remove the server in question from operation. We are undertaking a thorough internal investigation and have involved the police in this inquiry."


Regardless of what this "server in question" actually runs, Microsoft is taking a weird approach to security, suggesting/recommending a different architecture (not platform) as a cure for executables that exploit Windows by design, not just by compilation.

Meanwhile we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco]

According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.


More information at IDG:

The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer.


No fix is available yet, except a download that's called Firefox or Fedora. But Microsoft does not want people to say the "F" word, so it will probably deliver a patch very soon.

To Free software's credit, it rarely waits for attacks to occur before addressing security vulnerabilities.

More on Vista 7 insecurity:



IRC: #boycottnovell @ FreeNode: November 22nd, 2009 | Microsoft Can Only Wish it Was as Popular as Linux (on Phones)

Recent Techrights' Posts

Microsoft Front Group Starts the Year by Championing Underage (or Child) Labour
the fake 'FSF'
Chatbots Are Not Data-Driven, They're Human-Censored and Rely on Wage Slaves (and Sometimes Unpaid Volunteers)
This is the Microsoft wage slavery
Gemini Links 12/01/2025: No Country For Old Men, Burned Homes, and "Planet P is Clean"
Links for the day
Slopwatch: Brittany Day and Brian Fagioli Are Still at It, Googlebombing "Linux" With LLM Slop (Taking Away Traffic From the Articles They're Plagiarising)
Some more sites that used to cover GNU/Linux have turned into slopfarms
 
Microsoft is Tight With Money: It's About the Salaries ('Cost' of the Workers)
a question of cost, not skill
Google Got People Sort of Addicted to Android So It Can Cash in (Services, App Store, Advertising) Decades Later
This is not software freedom
The Free Software Foundation Reaches 370k Dollars in Funding, Due Date is January 17th When Richard Stallman is Guest of Honour in Lausanne (Switzerland)
Even fellow board members seem unaware of it
Record Lows for Windows (Microsoft) in Botswana
The market share of Vista 11 is seen as going down
Preserving Deleted Articles About Bill Gates Talking Like a Drug Dealer About Computer Users
Now it's 2025. Different challenge.
Links 13/01/2025: Disinformation, Social Control Media Actively Promoting Nazism, and Catchup With Ukraine
Links for the day
TPM Boosters Inside Debian (TPM Isn't About Security, It is About Control Over Users and Their Machines)
We're not rushing to any conclusions
Aaron Swartz Died 12 Years Ago After a Vicious Government Campaign to Stop Him
The Aaron Swartz story is a reminder of the importance of having verifiable/verified information out there for the general public to see
Links 13/01/2025: GitLab Enshittification and Minimalism and Efficiency with Gemini Protocol
Links for the day
Links 13/01/2025: Hardware, Health, and Conflicts
Links for the day
Microsoft Appears to Have Fallen to Only 15% in Maldives
This is a problem for Microsoft
Rumours of IBM Canada Layoffs
We'll keep a vigilant eye on this
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 12, 2025
IRC logs for Sunday, January 12, 2025
Bots Covering Debian Releases
It would be quite safe to guess that chatbots were at least partly leveraged for that text
Links 12/01/2025: Microsoft Admits It's Laying Off Staff Only Where Staff is "Expensive" (Race to the Bottom)
Links for the day
[Meme] Being High on Drugs Isn't Happiness (Likewise, Being a "Star" in Social Control Media is Temporary)
Many entities - or people - will regret telling everybody "follow me on Twitter"
[Meme] They Say That RMS Says the "F" Word (Freedom) Too Much...
About 32.7k US dollars are now left for the FSF to raise (in 6 days)
Links 12/01/2025: More Sanctions Against Russia, SCOTUS Signals Fentanylware (TikTok) Ban Will Stay
Links for the day
[Meme] A Jihad Against Servers the User Controls
We need to strive for and work towards greater control by users over "their" servers
Microsoft Azure-Only Bugs in "Linux" Can "Compromise the System."
From ubuntu.com and linux.org a few days ago
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 11, 2025
IRC logs for Saturday, January 11, 2025
Gemini Links 12/01/2025: DHL Express Does Not Deliver, Oddmuse Update
Links for the day
Links 11/01/2025: Social Control Media Facing Sanctions, Carter Respected at Funeral
Links for the day
If TikTok (China) Has the Rights of American Persons, Then ByteDance Can be Sentenced to Death
TikTok - like Julian Assange - does not enjoy any protections of the First Amendment and since it's not a person it would lack these protections as an American company, too
After a Year of Layoffs in Microsoft Nigeria (and Microsoft in Africa at Large) Windows Falls to New Lows and Bing Falls to 0.46% "Market Share"
Of course Microsoft gave bribes in Nigeria to suppress GNU/Linux adoption
An Important Lesson About Patents and Patent Maximalism (They Drive People and Companies Away)
This previously happened in Texas, where companies perceived their presence (in any form) to be a liability as patent trolls could drag them to friendly courts and win "damages"
When It Comes to Fentanylware (TikTok), a Digital Weapon of a Hostile Entity, Common Dreams is Jumping the Shark Again (Years After It Ran Out of Steam or Money)
Or maybe it likes the agenda promoted (curated) by Fentanylware (TikTok) and its parent company, Bytedance or Chinese Community Party (CPP)
BetaNews is Now Officially a Spamfarm With Phantom Authors and Fake Text (SPAM and Linkspam Made With LLM Slop)
That's it, the site is virtually dead now (maybe that was the plan all along)
Hazem Abbas of medevel is Ruining His Site With LLM Slop
Some of his articles are original, but now everything is suspect
[Meme] Real and Fake (or "several influential "open source" organizations [which] have come to be dominated by large companies")
The Free Software Foundation has not sold out
Free Software Foundation: Anchoring the FSF in its values
Original by Free Software Foundation
GNU/Linux Surges to All-Time Highs in Greenland, Windows Sinks to All-Time Lows
a lot of GNU/Linux gets detected there lately
Microsoft's "Donald Trump First" Doctrine
national deficits growing
Microsoft in Trouble as Azure Breaks and Only Days After Promising Investment in "Datacentres" Construction of Actual Datacentres Paused (Expect More Azure Layoffs Very Soon)
No wonder many people who got trapped inside Azure quit Azure, which keeps bleeding (losses and layoffs)
Gemini Links 11/01/2025: Wildfire, Militia and the Mole, IRC vs Social Control Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, January 10, 2025
IRC logs for Friday, January 10, 2025