Bonum Certa Men Certa

Windows Users Left Vulnerable Over Christmas, as Usual

Boycott Novell on hand



Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year -- including the previous one -- Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.



This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

"Microsoft IIS vuln leaves users open to remote attack



A researcher has identified a vulnerability in the most recent version of Microsoft's Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension ".asp." By appending ";.jpg" or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.


How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don't know. Schmidt is good, but I don't know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority -- I don't know.


Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion



[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.


Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game



[...]

In all seriousness, this is certainly just an error on Microsoft's part - someone meant to type in "800 MS Points" (or $10) and ended up pricing the game at 80 times that.


It could be a human error at the input level, but still...

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox's share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer's share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it's being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that's Firefox.


More information in:



According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Recent Techrights' Posts

SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Garden Season Starts Today
Outdoor time, officially...
More Information About Public Talks That Richard Stallman Gave This Week in Europe
Two talks in Switzerland
Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
Engadget writes for bots now, not for humans
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries