Bonum Certa Men Certa

Windows Users Left Vulnerable Over Christmas, as Usual

Boycott Novell on hand



Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year -- including the previous one -- Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.



This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

"Microsoft IIS vuln leaves users open to remote attack



A researcher has identified a vulnerability in the most recent version of Microsoft's Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension ".asp." By appending ";.jpg" or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.


How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don't know. Schmidt is good, but I don't know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority -- I don't know.


Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion



[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.


Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game



[...]

In all seriousness, this is certainly just an error on Microsoft's part - someone meant to type in "800 MS Points" (or $10) and ended up pricing the game at 80 times that.


It could be a human error at the input level, but still...

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox's share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer's share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it's being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that's Firefox.


More information in:



According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Recent Techrights' Posts

[Video] Richard Stallman's New Talk in Germany Covers What Free Software Means, Why LLMs are "Bullshit", and Lots More (Web3 Summit 2024 Berlin)
Closing Keynote Day 3 - Dr. Richard Stallman - Web3 Summit 2024 Berlin
On Losing the Job at Google After Talking About Committing Acts of Violence Against Colleagues
We still have a highly toxic element trying to enter and fracture our community
[Meme] Patent Monopolies as Bribes at the European Patent Office (EPO)
bloggers who report crime are being threatened with lawsuits by several law firms hired by the EPO to cover up crimes
New EPO Letter Expressing Concerns About EPO Violating Its Charter, Clearly Violating Rules (Possibly Bribing Siemens With Monopolies) and Granting Loads of Fake Patents to Make More Money
Why does the EU tolerate the EPO's crimes and how much longer will this go on for?
[Meme] EPO 'Hush Money' to Companies That Point Out EPO Breaks the Rules
A bribed doorman: "We have patent examiners, but if you say the right words, we'll bypass them for you"
Certificate Authorities (CAs) Are Serving the Authorities, Not You
The centralised CAs "model" is not working
Rage in the Propaganda Machine
There has never been a better time to quit social control media
The Free Software Movement Must Not Assume That Truth and Science Always Win
Sometimes the bad people and the liars get ahead
Peter Eckersley and 'Afterlife'
It's better to look after one's health at present than to pursue all sorts of perceived 'insurance' policies
 
The Best Interface is Outdoors, It's Nature!
Not everything should be replaced by or emulated by digital devices
Terms of Service (TOS) Under Scrutiny - Part XVII - A Personal Perspective
The bottom line is, it's possible to reduce (albeit not entirely eliminate) how many things one signs, presses "OK" on and so on
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 08, 2024
IRC logs for Sunday, September 08, 2024
Always Taking Things Up a Notch
Nothing will stop us
[Meme] EPO Keeps Masking Its Corruption With "Diversity and Inclusion" (Hiring the Wife of a Friend of Someone Who Bribed His Way Into EPO Presidency)
chain of nepotism
Very Large EPO Applicants Now Threaten a Boycott of the EPO (the EPO Management is Trying to Bribe Them to Change Their Plans/Minds While Hiding It From Staff)
If corruption prevails to this extent, it will have severe international effect
Gemini Links 09/09/2024: Gemini Application Developer Guide and ROOPHLOCH 2024
Links for the day
Links 09/09/2024: 'Dieselgate' Criminal Trial Starts Late, Mass Layoffs at Volkswagen
Links for the da
NIST is Threatening to Sue You With Patents on Mathematics (That Aren't Even Legal in the First Place) If They Don't Like You
They're asserting monopolies on mathematics
Gemini Links 08/09/2024: WebDAV, OpenBSD, Pocket Reform, and More
Links for the day
Links 08/09/2024: Super Typhoon and Lots of Climate Journalism
Links for the day
Terms of Service (TOS) Under Scrutiny - Part XVI - When Radio is No Longer "Read-Only" (Listening Mode) Because Someone Listens and Sells Your Data
Who would want to put up with this?
Terms of Service (TOS) Under Scrutiny - Part XV - "Zoom's terms of service change sparks worries over AI uses" (and More)
Then they wonder why users get all grumpy?
redhat.com is Promoting Revisionism and Lies Regarding the Origin of the Term "Open Source"
debunked many times before
Software Patents Against GNU/Linux Again
Patent extortion against OpenShift and Red Hat Enterprise Linux
IBM is Cutting - Almost in Half - Its Office Space in Austin, So Expect Many Layoffs (RAs)
IBM reduces office space by 187,00 square feet or 37%
IRC Proceedings: Saturday, September 07, 2024
IRC logs for Saturday, September 07, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Gemini Links 07/09/2024: Self Hosting (Not "CLOUD") and Site Reliability Engineering
Links for the day
They Used to Say Avoid Nginx (or NGINX) Because It's Russian. Now You Can Say Avoid It Because It's Microsoft.
Thankfully we quit using NGINX when we shut down our HTTP proxy for Gemini
Instead of Telegram People Should Use Free Software (Telegram Was Always Unsafe for Use)
"Modern" so-called 'smart' 'phones' are compromised at the OS level or baseband side
The Arrest of Pavel Durov is Changing Telegram
Remember that Telegram's founder, who is also French, cannot leave France until he satisfies those who detained him
The Growth of GNU/Linux is Now a Mainstream Topic With Widespread Awareness
We can do less counting (of baskets and eggs) and more advocacy
Techrights is a Demonstrably Popular Site, Reporting Suppressed Facts. Those Vouching for Its 'Unpopularity' Express a Desire Rather Than a Condition or a Fact.
Our 100% source protection record will hold up
John Pilger's Site Relaunches, Wikileaks' Site Has Not Been Updated in Years
We have long hoped that, more so after the release of Assange, Wikileaks will have some kind of "relaunch" or recovery
A Terms of Service (TOS) Notion of "Consent"
We're well past the true notion of real consent
Terms of Service (TOS) Under Scrutiny - Part XIV - Zoom the Beast
breakdown of the Zoom TOS and corresponding privacy statement
Links 07/09/2024: Qualcomm May Buy Parts of Intel, YouTube Deletes Channels for the US Government
Links for the day
No, Mastodon is Not Growing, Social Control Media is Generally Waning
Our sister site pulled the plug on the whole thing over a year ago, seeing it was mostly a source of online abuse
A Loss for Fake Security, a Win for Net Autonomy
Crucifixion of domains has been ramping up this past week; it's a cautionary signal
Links 07/09/2024: UK Police Raid Journalist's Home, Epoch Times Setbacks, and Karma
Links for the day
FSFE: Donate to Us to Co-Fund With Microsoft the Unpaid Underage Labour, YH4F
Latest from FSFE
Links 07/09/2024: China's Financial "Bond" to Africa and Attempts to Postpone Trump Criminal Cases
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 06, 2024
IRC logs for Friday, September 06, 2024
linuxsecurity.com is Still Spamming the Web
This is not harmless to Linux and it definitely merits a shun
Gemini Links 07/09/2024: Freedom in Bareness, Reactions in Addictive Social Control Media
Links for the day