Bonum Certa Men Certa

Microsoft Connects With Governments as More Vulnerabilities Surface, Microsoft Can Be Sued in the UK for Security Problems

The White House



Summary: Microsoft faces new challenges as security problems continue to be found even in the latest version of Windows and a UK High Court ruling indicates that Microsoft is now liable

NOW that one in two Windows PCs is believed to be a zombie PC Microsoft becomes a national and international problem. The latest Vista 7 vulnerability is a sign that things are not improving and Microsoft will start working privately/secretly with government in its disclosure of vulnerabilities [1, 2, 3, 4]. Will hidden/silent patches also be shared with governments? Last week there was an erroneous suspicion in Slashdot citing a blog with a semi-false alarm about a new security hole.



If you're relying on the password encryption in Microsoft Dynamics GP -- formerly Great Plains -- to meet your PCI requirements, stop what you're doing and listen up. It's been revealed that its encryption algorithm is about as simple as it can be: a substitution cypher.


Look at the original source to see how Microsoft responded to the blogger by spinning and having the blogger state: "I must correct this and clarify. By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager. Here’s what happened: I reset the LESSONUSER’s passwords with SQL Enterprise Manager and afterward I was able to login to SQL Enterprise Manager with the LESSONUSER’s credentials. Some flag most have been updated when I reset the password – I need to investigate this further (this was all done in a Test environment). This was a BIG oversight on my part and I apologize for this. I really should have tested this out more before posting that statement. (Thank you Mark and others that pointed this out to me)."

Other known flaws are being addressed.

Microsoft, the software giant based in Redmond (USA), released two critical security updates on May 11, 2010, patching vulnerabilities within its e-mail applications as well as the Visual Basic for Applications designed to implement software programming language built into Microsoft Office.


"New Exploit Resists Windows Security Software," reports IDG:

"This is definitely very serious," said Alfred Huger, vice president of engineering at Immunet, a Palo Alto, Calif.-based antivirus company. "Probably any security product running on Windows XP can be exploited this way." Huger added that Immunet's desktop client is not vulnerable to the argument-switch attacks because the company's software uses a different method to hook into the Windows kernel.

According to Matousec, nearly three-dozen Windows desktop security titles, including ones from Symantec, McAfee, Trend Micro, BitDefender, Sophos and others, can be exploited using the argument-switch tactic. Matousec said it had tested the technique on Windows XP SP3 and Vista SP1 on 32-bit machines.


Here is security guru Bruce Schneier commenting on the news that Microsoft's EULA is no longer an excuse for security flaws [1, 2], at least in the UK where Schneier's employer is based.

The British High Court ruled that a software vendor's EULA -- which denied all liability for poor software -- was not reasonable.


Microsoft claims no liability [1, 2, 3, 4] in its EULA and other places. From now on it may be possible to sue Microsoft UK when its inherently-flawed software leads to big damages (as it does all the time).

Comments

Recent Techrights' Posts

Be a Navalny
We salute Mr. Navalny
 
Gemini at 3,800+
total number of known capsules at above 3.8k
Mozilla Firefox is Back in ~2% Territories, Jeopardising Its Status as Web Browser to Test/Target/Validate With
Some new stats
Now Only Has Adoption of Windows Vista 11 Flatlined/Plateaued, Now It is Going Down!
Did many people delete Vista 11 and install GNU/Linux instead?
[Meme] Russian Standards of Law: The Executive Branch Decides Everything
the president's kangaroo court
Up Next: The Tricky Relationship Between the Administrative Tribunal of the ILO and the European Patent Organisation (EPO)
We've moved from presidents who run a republic by consent to corrupt, unqualified, dictatorial officials who bribe for the seat (buying the votes)
IRC Proceedings: Saturday, March 02, 2024
IRC logs for Saturday, March 02, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Beware Imposter Sites of Techrights (Not Techrights.com or Techrights.org)
Only trust pages accessed through the domains controlled by us
Italy visa & residence permit: Albanian Outreachy, Wikimedia & Debian tighten control over woman
Reprinted with permission from Daniel Pocock
Links 02/03/2024: Actual Journalists Under Attack, More Software Patents Being Challenged
Links for the day
Gemini Links 02/03/2024: NixOS on GPD, Meson Woes
Links for the day
statCounter March 2024 Statistics (Preliminary)
Notice Asia
Links 02/03/2024: More Lawsuits Against Microsoft, Facebook Killing Hard-To-Find News
Links for the day
ZDNet (Red Ventures) Works for Microsoft (Redmond), Many Of Its Pages Are Spam/Advertisements Paid for by Microsoft
Here is the "smoking gun"
Wikipedia Demotes CNET Due to Chatbot-Generated Spew as 'Articles'; It Should Do the Same to ZDNet (Also Red Ventures, Also Microsoft Propaganda)
Redmond Ventures?
IBM Sends Money to Microsoft
Red Hat basically helps sponsor the company that's a attacking our community
The Direction WordPress (GPL) Has Taken is an Embarrassment
it comes with strings attached
When the Cancer 'Metastasises'
We had a red flag
March in Techrights (EPO Litigation and More)
One theme we'll explore a lot when it comes to GNU/Linux is the extent to which communities truly serve communities
Don't Forget to Also Follow Tux Machines
We've split the material
Yandex Usage Has Surged Since the Invasion of Ukraine, Microsoft Fell to 0.7% (It Was 1.7% Before the 'Bing Chat' Hype Campaign)
In Soviet Russia, Bing searches user
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, March 01, 2024
IRC logs for Friday, March 01, 2024
Sellout Completed: Linux Foundation Converging With the Gates Foundation
not a joke
Hitler Rants Parodies on Steve Ballmer
Parody created using clips from Downfall (Der Untergang)
With Windows This Low (27% of the "OS" Market), Steve Ballmer Would Have Thrown Another Chair
The media produced many puff pieces about Nadella at 10 (as CEO), but what has he done for Windows? Nothing.
[Meme] The Naked President
EPO Suffers From Shrinkage
Attacks on the EPC: Reality and Fiction
EPO leaks
Understanding Cardinal George Pell prosecution, Institutional abuse & Debian cybertorture
Reprinted with permission from Daniel Pocock
Links 01/03/2024: Many More Layoffs, "Funerals" for Software Patents in the US
Links for the day
Gemini Links 01/03/2024: OFFLFIRSOCH 2024 and Dark Streets Tech Demo
Links for the day
Links 01/03/2024: Navalny Funeral and Media Under Attack
Links for the day
Gemini Links 01/03/2024: Making Art and the Concept of Work Management
Links for the day
Schriftleitergesetz: Hiding the Holocaust with censorship
Reprinted with permission from Daniel Pocock
[Meme] His Lips Moved
Here is your national "news" for today
statCounter: GNU/Linux Exceeded 6% in Asia Last Month (Compared to 4% Just 12 Months Earlier)
numbers may be biased
What the End of Journalism Looks Like
All on the same day
Links 01/03/2024: Microsoft 'Retiring' More Services and Raspberry Pi Celebrates 3rd Birthday (Launched on February 29th, 2012)
Links for the day
Women's Empowerment
Sponsored by Bill Gates
Gemini Links 01/03/2024: Speed Bumps and Analog Stuff
Links for the day
[Meme] Those Greedy EPO Examiners
Says the litigation industry, charging 300 euros an hour per attorney
EPO Discriminates Against Families of Its Own Workers, the Union Explains Legal Basis Upon Which It's Likely Illegal and Must be Challenged
To the Council, the EPO boasts about its wealth (seeking to impress by how much breaking the law "pays off")
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 29, 2024
IRC logs for Thursday, February 29, 2024
Links 01/03/2024: Misuse of Surveillance Against UK-Based Journalism, EPO Conflict Now in the Media
Links for the day
Taking a Break From Paid Promotion of the Illegal, Unconstitutional Kangaroo Court for Patents (UPC)
JUVE returns to its 'roots'?