EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.09

Windows Users Left Vulnerable Over Christmas, as Usual

Posted in Security, Servers, Windows at 5:06 am by Dr. Roy Schestowitz

Boycott Novell on hand

Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year — including the previous one — Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.

This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

“Microsoft IIS vuln leaves users open to remote attack

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don’t know. Schmidt is good, but I don’t know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority — I don’t know.

Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion

[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.

Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game

[...]

In all seriousness, this is certainly just an error on Microsoft’s part – someone meant to type in “800 MS Points” (or $10) and ended up pricing the game at 80 times that.

It could be a human error at the input level, but still…

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox’s share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer’s share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it’s being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that’s Firefox.

More information in:

According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Microsoft's Former Chief Patent Counsel Praises Elevation of Software Patents in Microsoft Case, Adds to Cherry-Picking and Lobbying by Patent Lawyers

    Microsoft, which is renowned (or notorious) for patent extortion against Linux, is still a big contributor to software patenting policy and Shelston IP -- much like Microsoft's front groups -- pretends to speak for small businesses in an effort to spread software patents outside the US (in spite of Alice)



  2. Extremely Dodgy Dealings at the European Patent Office

    Yet another dodgy contract between Battistelli's EPO and private contractors overseas, this time in an effort to whitewash or cleanse the image of the EPO's current regime



  3. The EPO's Media Partners Like Les Echos Already Produce EPO Puff Pieces (Marketing/Stenography)

    EPO promotion disguised as reporting or journalism, as seen in the media partners of the EPO well before these partnerships even begin



  4. Unitary Microsoft: EPO Excludes People Who Are Not Microsoft Customers From UPC Participation

    The EPO just can't help providing special treatment to Microsoft, not only when it comes to patent applications but also when it comes to rejecting stakeholders/applicants who dare not become Microsoft customers



  5. Links 30/5/2016: Linux 4.7 RC1, Best Linux Distros

    Links for the day



  6. Make Nothing, Sue Everybody: The Reality of Patent Trolls Increasingly Understood by the 'Mainstream'

    New patent stories and even extensive coverage at PBS, which dedicated a whole program to these matters but failed to address the core issue, which is software patenting



  7. [ES] Advertencia: La Vigilancia de la EPO Surveillance Puede Haberse Convertido en Más Intrusiva

    BlueCoat, que la EPO usa para oprimir a sus empleados en sus premisas Europeas, acaba de ajustar más y hacerse más intrusiva y los empleados pueden estar en riesgo



  8. [ES] Tarjeta de Victima Termina en Otra Torpeza para Battistelli Seis de su Guardia Pretoriana

    Battistelli esta destruyéndo lo que queda de la reputación de la EPO (después de las décadas que le costó a ella construírla) mientras los medios continúan escrutinando su desastroso régimen



  9. [ES] La EPO esta Excelente, Dice Sitio de ‘Noticias’ Conectado a Ella

    Los caraduras de la ‘revista’ IAM, viejo aliado de la EPO, da la impresión a la gente de que en la EPO todo esta bien y dandy aunque claramente ese no es el caso



  10. New EPO Caricature: Nouveaux Garde-Vélo (New Bicycle Guards)

    A new cartoon poking fun at Battistelli's bicycles and the perceived threat these are under



  11. Battistelli's 'Special Relationship' With Portugal and the 'Inventor of the Year' Charade

    What makes Portugal rather unique when it comes to Mr. Battistelli, who is allegedly desperate for support from smaller countries whose vote is easier to 'win'



  12. Patent Lawyers' Marketing Dominates and Marginalises Meaningful Analyses of Software Patenting in the US

    In an effort to create demand for software patents again, patent lawyers produce a huge heap of so-called 'analyses' which piggyback just one single decision (the exception, not the norm)



  13. A Mix of Patent Aggression and Sanctions/Raids (Using Controversial Patents) Against East Asian Companies

    New stories that demonstrate patent protectionism and show how Western industry, which barely makes anything anymore, relies on patents (software and design patents included) and this self-serving patent regime perpetuates itself even in Asia, where almost everything is actually being manufactured (and often/increasingly designed/developed too)



  14. Rumour: Battistelli Wants to Extend the Term of Topić's EPO Appointment in Spite of Criminal Charges Against Him

    The EPO's 'ringleader', Mr. Battistelli, is trying to keep his confidants (like Mr. Minnoye and Željko Topić) together for several more years to come, even defying rules regarding retirement age



  15. Links 29/5/2016: NetBSD 7.0.1, Genode OS 16.05

    Links for the day



  16. [ES] La Gerencia de la EPO Bajo Creciénte Estres por las Autoridades Legales Croatas, Políticas Alemanas, y los Medios Italianos

    Las cosas no son color rosa como la calma relativa sugiere, y esperamos en las próximas semanas mayores eventos otros que la protesta en todas las sedes de la EPO a través de Europa



  17. [ES] Los Medios de Comunicación Comienzan a Informar al Público Europeo Acercas de las Desventájas de la UPC Mientras que la EPO Acelera su Cabildeo por Ratificación

    La vergonzósa promoción de la UPC por parte de la EPO da otro paso adelánte mientras que venues de la prensa Europea (incluso canales de televisión) comienzan a explorar el arreglo secreto que es negociado por los abogados de patentes (con clientes corpórativos) y las oficinas de patentes, no el público o cualquier grupo que represente los intereses del público en general



  18. [ES] Algunos Detalles Acerca de ¿Cómo el Presidente de la EPO Es Rumoreado Estar Comprando Votos, y el Porqué es Suficientemente Base Para un Despido Inmediato?

    Algo de información tras las cortinas y una detallada explicación de la dependencia finánciera sistemática, creada por Battistelli a un costode €13 millónes o más, la cuál evita una efectiva supervisión de Battistelli



  19. Mishi Choudhary and Mike Masnick Explain Why India Should Reject Software Patents

    Both an Indian activist-lawyer and a widely-recognised author from the US explain to Indians why over-reliance on patents -- and acceptance of patents on software in particular -- is a very bad idea



  20. Microsoft Boosters Pretend Microsoft Fights for Privacy While the Company Uses Malware Tactics to Put Keyloggers on Everyone's Computers

    In spite of malware-inspired tactics that should land Microsoft in courts of law all around the world (as a defendant), Microsoft-friendly circles pretend that the company fights for people's rights like privacy -- all this when Microsoft installs keyloggers on people's PCs without their consent and obviously against their will



  21. Battistelli's Assault on EPO Staff's Right to Strike in Relation to French Politics and That 'Bicycle' Pretext for Crackdowns

    The latest bicycle 'gossip' and how it's being used, based on expectations from EPO staff, to introduce further crackdowns on human/labour rights



  22. Vice-President of the EPO Under Investigation: Treason, Abuse, Violations, Giving and Receiving Bribes

    An English translation of documents involving the Organised Crime Section of the Criminal Police Department in Zagreb, where the Vice-President of the EPO faces criminal charges



  23. EPO Management Warns People About Scams When the EPO's Management is Itself Falling for Scams

    Jesper Kongstad, the Chairman of the Administrative Council of the European Patent Organisation, helps demonstrate that not even the EPO is intelligent enough to spot an obvious scam



  24. Links 28/5/2016: Wine 1.9.11, New Gentoo

    Links for the day



  25. Links 27/5/2016: Android for Raspberry Pi, Google Beats Oracle in Court

    Links for the day



  26. Warning: EPO Surveillance May Have Just Gotten Even More Intrusive

    BlueCoat, which the EPO uses to enable oppression inside its European premises, has just gotten even nastier and staff may be at risk



  27. Victim Card Ends up in Another Blunder for Battistelli and His Six Bodyguards

    Battistelli is wrecking what's left of the EPO's reputation (after decades it took the Office to earn it) as the media continues to scrutinise his appalling regime



  28. Italian Report About EPO Now Available in English

    An English translation of a TV program which earlier this month documented some of the glaring problems at the EPO



  29. The EPO is Doing Great, Says EPO-Connected 'News' Site

    IAM 'magazine', a longtime ally of the EPO, gives people the impression that all is fine and dandy at the EPO even though that's clearly not the case



  30. Microsoft Has Killed Nokia (and Its Own Mobile Ambitions), But Watch What it Does With Patents

    Microsoft announces many more layoffs, having already caused tremendous damage to the Finnish economy, and patents are left astray for Microsoft's favourite patent trolls to pick


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts