EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.09

Windows Users Left Vulnerable Over Christmas, as Usual

Posted in Security, Servers, Windows at 5:06 am by Dr. Roy Schestowitz

Boycott Novell on hand

Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year — including the previous one — Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.

This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

“Microsoft IIS vuln leaves users open to remote attack

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don’t know. Schmidt is good, but I don’t know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority — I don’t know.

Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion

[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.

Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game

[...]

In all seriousness, this is certainly just an error on Microsoft’s part – someone meant to type in “800 MS Points” (or $10) and ended up pricing the game at 80 times that.

It could be a human error at the input level, but still…

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox’s share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer’s share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it’s being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that’s Firefox.

More information in:

According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Primer to the Crisis and Scandals at the European Patent Office (EPO)

    An introduction to the chaotic state of what used to be the world's leading patent office and quickly became Europe's biggest embarrassment



  2. Workers of the European Patent Office (EPO) Are Going on Strike Again, Almost 90% Voted in Favour

    Thousands of brave EPO employees chose to cast a vote and make it known that they are in favour of another strike



  3. Benoît Battistelli Has Lost the Election at the EPO

    FFPE candidates (or moles from the yellow union) failed to enter the Central Staff Committee in spite of Battistelli's attempt to help them get in



  4. Emerging Threat to Patent Reforms at the USPTO

    Our plan of returning to coverage of US patent affairs in the wake of powerful lobbies that pursue patent maximalism



  5. You Know That the Unitary Patent (UPC) is in Huge Peril When Its Biggest Fans Admit It's Unlikely to Happen Even Next Year

    The tactics of Team UPC turn ugly as they personally target anyone who stands in their way, even a professor/judge who is courageous enough to state the obvious



  6. More Than Six Human Casualties Under Battistelli at the EPO, But the Human Toll Can Become a Lot Worse

    The bigger or much broader picture detailing the high cost of autocracy and mental torture at the EPO, where lives are ruined not only when these are ended and some key buildings pose severe threat to a lot of workers



  7. EPO's Elodie Bergot Calls Staff Suicide Just 'Passing Away', Pretends to Care

    How the EPO continues to mislead if not lie to staff, even when staff commits suicide -- a growing problem for Team Battistelli, whom some insiders hold accountable for these deaths



  8. The Administrative Tribunal of ILO Will Deliver EPO Judgments in Six Days

    Despite its old age (nearly a century), ILO's tradition when it comes to enforcing the law is anything but sterling, yet one can hope that it will stop its unproductive cat-and-mouse game with the EPO, where compliance is rare and actual judgments (not deferrals/referrals) are even rarer



  9. Links 21/6/2017: Red Hat's Numbers Are Up, New Debian Being Studied

    Links for the day



  10. Another Suicide Reported at the EPO While the Paid-for Media Focuses on 'European Inventor Award' Charade

    Puff pieces for Benoît Battistelli published aplenty while the European media refuses to deal with the reality -- not paid-for illusions -- at the European Patent Office



  11. Links 20/6/2017: Chuwi Lapbook, Linux 4.12 RC6, Mesa 17.1.3

    Links for the day



  12. At the European Inventor Award Ceremony Benoît Battistelli Lied to a Lot of Scientists and “Media Partners” About the UPC

    The Liar in Chief, Benoît Battistelli, still lives in a fantasy world or simply lies intentionally, which would be worse



  13. Contact Details for the EPO's Administrative Council Delegations

    List of Heads of Delegation and their E-mail addresses (used to be public information before Benoît Battistelli's oppressive regime or coup)



  14. Don't Forget to Vote for EPO Strike This Week (Thursday)

    A reminder that there's a vote on a strike at the European Patent Office later this week, giving an opportunity to rebut the "vocal minority" myth which Benoît Battistelli likes to spread



  15. European Patent Office (EPO) Whistleblowing Guidelines: Motivation and Impact of Leaks

    Advice on when to leak and what to leak for the desired effect, which is reformatory (though transparency and accountability)



  16. Links 18/6/2017: New Debian Release, Catchup With a Lot of News

    Links for the day



  17. Appalling Press Coverage Regarding the Unitary Patent (UPC)

    How the media has lied (and keeps lying) about the UPC, which the European public neither needs nor wants, putting aside serious constitutional issues that are associated with the UPC



  18. The Writings on the Wall at the European Patent Office: Number of Directors May Soon Decline From 150 to Just 65-70

    Battistelli is seizing more direct and indirect control over the European Patent Office (EPO), which is supposed to eject him with a proposal for replacement already formally prepared for publication



  19. European Patent Office (EPO) Whistleblowing Guidelines

    The first part of a series which offers tips for sending us material/evidence, specifically from the European Patent Office (EPO)



  20. General Consultative Committee of the EPO Warns About Battistelli's Plans

    The General Consultative Committee (GCC) issues a long document (176 pages) which explains to the overseer of the Office how internal rule changes make things even worse



  21. Links 16/6/2017: New Atom Release, Firefox 55 Beta

    Links for the day



  22. Leaked: European Patent Office Still Uses Microsoft Windows XP... in 2017

    The EPO continues to rely on inherently insecure (by design) platforms and Mr. Kraft, Battistelli's CIO, bragged that the actions of the Office "prevented any damage to the EPO and its reputation"



  23. Unitary Patent (UPC) Will Start “Real Soon” Now... Said Team UPC For So Many Years

    The Unitary Patent or Unified Patent Court Agreement (UPCA) is going nowhere fast, but those who spent time and money promoting it for self gain continue to lie to the press with overly optimistic predictions, unrealistic timelines, and Kool-Aid about the supposed 'benefits' of the Unified Patent Court (UPC)



  24. EPO Management Wastes Millions of Euros on a Silly, Gratuitous, Self-Serving Festival While EPO Staff is Planning Another Strike

    Unrest at the European Patent Office (EPO) is growing again, with plans of a strike resulting in a formal vote for a strike next week



  25. Links 15/6/2017: Mir 0.26.3, FreeNAS 11.0

    Links for the day



  26. Software Patents in Europe Are Still Promoted by the EPO, Even in Defiance of the Ban

    The European Patent Office continues to ignore the directive on the patentability of computer-implemented inventions, which had software patents disallowed with an overwhelming majority of 648 to 14 votes at the European Parliament



  27. Leaked: Job Advertisement for Removing Battistelli From the European Patent Office

    In spite of rumours that Benoît Battistelli would pursue elongation of his term, in clear defiance of the rules (again), paperwork is being put forth to replace him



  28. Links 14/6/2017: New BlackArch Linux ISO and Q4OS 1.8.6, Orion

    Links for the day



  29. Even UPC Proponents, Paid by the EPO's PR Firm, Admit That UPC May Never Happen

    Speculations are being floated regarding the cause of the impasse, which is going to result in a very long period of uncertainty and possibly the collapse of the Unified Patent Court (UPC) as it was envisioned by Michel Barnier, Benoît Battistelli and other opportunists



  30. Caricature: Balance of Justice at the European Patent Office

    Balance of justice under Battistelli's regime isn't quite what the Office wants the public and the Dutch authorities to believe


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts