EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.09

Windows Users Left Vulnerable Over Christmas, as Usual

Posted in Security, Servers, Windows at 5:06 am by Dr. Roy Schestowitz

Boycott Novell on hand

Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year — including the previous one — Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.

This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

“Microsoft IIS vuln leaves users open to remote attack

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don’t know. Schmidt is good, but I don’t know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority — I don’t know.

Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion

[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.

Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game

[...]

In all seriousness, this is certainly just an error on Microsoft’s part – someone meant to type in “800 MS Points” (or $10) and ended up pricing the game at 80 times that.

It could be a human error at the input level, but still…

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox’s share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer’s share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it’s being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that’s Firefox.

More information in:

According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 23/8/2016: GNOME 3.22 Beta, Android 7.0 Nougat

    Links for the day



  2. The Linux Foundation Gives Microsoft (Paid-for) Keynote Position While Microsoft Extorts (With Patents) Lenovo and Motorola Over Linux Use

    This morning's reminder that Nadella is just another Ballmer (with a different face); Motorola and Lenovo surrender to Microsoft's patent demands and will soon put Microsoft spyware/malware on their Linux-powered products to avert costly legal battles



  3. Not Just President Battistelli: EPO Vice-Presidents Are Still Intentionally Misrepresenting EPO Staff

    Evidence serving to show that EPO Vice-Presidents are still intentionally misrepresenting EPO staff representatives and misleading everyone in order to defend Battistelli



  4. Battistelli the Liar Causes a Climate of Confrontation in French Politics, Lies About Patent Quality (Among Many Other Things)

    Battistelli's lies are coming under increased scrutiny inside and outside the European Patent Office (EPO), where patent quality has been abandoned in order to artificially elevate figures



  5. The Collapse of Software Patents and Patent Law Firms Trying to “Overcome” Alice

    The United States continues its gradual crackdown on software patents (which are viewed as abstract and thus unpatentable), whereas in Europe things are murkier than ever



  6. Apple's Patent Wars Against Android/Linux Make Patent Trolls Stronger

    Apple's insistence that designs should be patentable could prove to be collectively expensive, as patent trolls would then use a possible SCOTUS nod to launch litigation campaigns



  7. Links 22/8/2016: Linux 4.8 RC3, Linux Mint 18 “Sarah” KDE Beta

    Links for the day



  8. Links 21/8/2016: Apple and Microsoft Down, Systemd Spreading to Mount

    Links for the day



  9. Links 20/8/2016: Android Domination, FSFE summit 2016

    Links for the day



  10. Patents Roundup: Trolls Dominate Litigation, PTAB Crushes Patents, Patent Box Regime Persists, and OIN Explains Itself

    Another roundup of patent news from around the Web with special focus on software patenting



  11. The Cost/Toll of the 'New' EPO and Where All That Money Goes or Comes From

    The European Patent Office has become a servant of the rich and powerful (including large foreign corporations) and even its own employees now pay the price associated with misguided new policies (or 'reforms' as Battistelli habitually refers to these)



  12. Links 19/8/2016: Linux Mint With KDE, Linux Foundation's PNDA

    Links for the day



  13. The End of an Era at the USPTO as Battistelli-Like (EPO) Granting Policies Are Over

    The United States is seeing the potency of patents -- especially software patents (which make up much of the country's troll cases) -- challenged by courts and by the Patent Trial and Appeal Board (PTAB)



  14. Battistelli's European Patent Office Goes to the United States to Speak About the UPC and Software Patents

    The European Patent Office is showing its utter contempt -- not just disregard -- for the very fundamental rules that put it in its place and brought it into existence



  15. Turkey Subjected to the European Patent Convention (EPC) But Benoît Battistelli is Not?

    The ‘constitutional crisis’ at the European Patent Office in the context of Turkey, which has signed "the EPC and as such recognises the competence and the decisions of the institutions which have been introduced in the convention."



  16. Links 18/8/2016: EFF Slams Vista 10, Linux Foundation Makes PNDA

    Links for the day



  17. Links 17/8/2016: GNOME and Debian Anniversaries

    Links for the day



  18. Personal Audio LLC and Patent Troll Jim Logan Demonstrate the Harms of Software Patents and Why They Must Never Spread to Europe

    Jim Logan of Personal Audio (a notorious Texas-based patent troll) is still fighting with his bogus patent, having already caused enormous damage with a single software patent that should never have been granted in the first place (due to prior art, not just Alice)



  19. The Patent Microcosm Hopes That the Originators of Software Patents Will Undermine the Patent Trial and Appeal Board

    Now that the actions of the Patent Trial and Appeal Board (PTAB), which have been consistently upheld by the CAFC in precedential decisions, are suddenly being questioned the patent microcosm gets all giddy and tries to undermine PTAB (again)



  20. That Time When the Administrative Council Helped Battistelli Crush Oversight (Audit Committee) and What ILO Said About It a Month Ago

    Things are becoming ever more troublesome at the EPO as the Administrative Council enjoys inaction from the International Labour Organization (ILO), in spite of its role in destroying much-needed oversight at the behest of Battistelli



  21. The EPO's Administrative Council Keeps Postponing Debate About Grounds for Firing the President

    A recollection of events prior to the latest Administrative Council meeting, where Benoît Battistelli's failings and accountability for failing to correct them never even came up



  22. A Surge of Staff Complaints About the European Patent Office Drowns the System, Disservice to Justice Noted

    Self-explanatory graphs about the state of the justice [sic] system which is prejudiced towards/against EPO workers, based on internal reports



  23. Links 16/8/2016: White House Urged by EFF on FOSS, Go 1.7 Released

    Links for the day



  24. Links 15/8/2016: Linux 4.8 RC2, Glimpses at OpenMandriva Lx 3.0

    Links for the day



  25. Clawing Back the Staff Benefits at the European Patent Office (EPO)

    Staff of the EPO is leaving (or retiring) in droves as abusive management continues to be the norm and staff benefits are being taken away or gradually revoked



  26. The Patent Microcosm is Panicking and Spinning Alice/§ 101 Because US Software Patents Are Still Dying

    A look at recent developments in the software patents scene in the United States, with increased focus on (or fear of) the Patent Trial and Appeal Board



  27. 21,000 Posts in Techrights in Less Than a Decade

    This post is the 21,000th post and the next one will make it more than twenty-one thousand posts in total. We are turning 10 in November.



  28. Patent Microcosm Shuts Out the Poor: Unified Patent Court (UPC) Promotion by Practising Law Institute (PLI) Only for the Wealthy

    The people who are profiting from patent feuds, disputes, lawsuits etc. are still trying to muscle their will into European law and they keep the general public out of it by locking down (or pricing out of reach) their meetings where they influence/lobby decision-making officials



  29. The United States Has a Growing Patent Trolls Epidemic as Very High Proportion of Lawsuits Filed by Them

    A look at the high proportion of patent lawsuits that are filed by entities that make nothing at all and thus serve no role whatsoever in innovation



  30. Pushers of Software Patents Outside the United States (Which is Belatedly Squashing These Patents)

    How patent law firms are distorting the debate about software patents in hope of attracting business from gullible people who misunderstand the harsh (and worsening) reality of software patenting


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts