EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.09

Windows Users Left Vulnerable Over Christmas, as Usual

Posted in Security, Servers, Windows at 5:06 am by Dr. Roy Schestowitz

Boycott Novell on hand

Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year — including the previous one — Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.

This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

“Microsoft IIS vuln leaves users open to remote attack

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don’t know. Schmidt is good, but I don’t know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority — I don’t know.

Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion

[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.

Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game

[...]

In all seriousness, this is certainly just an error on Microsoft’s part – someone meant to type in “800 MS Points” (or $10) and ended up pricing the game at 80 times that.

It could be a human error at the input level, but still…

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox’s share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer’s share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it’s being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that’s Firefox.

More information in:

According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 22/7/2014: Linux 3.16 RC 6, New UberStudent

    Links for the day



  2. Links 20/7/2014: Jolla in India, Mega Censored in Italy

    Links for the day



  3. Longtime Mono Booster Joins Microsoft-linked Xamarin

    Jo Shields almost joins Microsoft, settling instead for its proxy, Xamarin



  4. Linux Foundation Welcomes Patent Aggressor Red Bend Software

    The Linux Foundation's AllSeen Alliance welcomes as a member a company that uses software patents to sue Free/Open Source software



  5. Matt Levy From Patent Progress (and CCIA) Does Not Really Want Patent Progress

    Matthew ('Matt') Levy moved into a foe of patent progress last year, but he still runs a site calls Patent Progress, in which he diverts all attention to patent trolls (as large corporations such as Microsoft like to do)



  6. Attacking FOSS by Ignoring/Overlooking Issues With Proprietary Software

    The biasing strategy which continues to be used to demonise Free/Open Source software (FOSS) along with some new examples



  7. Links 19/7/2014: CRUX 3.1 is Out, CyanogenMod Competes With Google Now

    Links for the day



  8. Microsoft's Massive Layoffs Go Far Beyond Nokia; Nokia's Android Phones Axed by Microsoft's Elop

    Microsoft's rapid demise and permanent exit from Nokia's last remaining Linux platform (after Microsoft had killed two more)



  9. Patents on Software Already Being Invalidated in Courts Owing to SCOTUS Ruling on 'Abstract' Patents

    The Federal Circuit Appeals Court has just "invalidated a software patent for being overly abstract," says a patents expert



  10. OpenSUSE 'Community' is Crumbling, AttachMSFT Killed SUSE's Potential (Except as Microsoft Tax)

    Not much too see in the land of SUSE and Attachmate, or formerly the company known as Novell



  11. Links 18/7/2014: Slackware Turns 21, Spotify Switches to Ubuntu

    Links for the day



  12. Links 16/7/2014: Manjaro 0.8.10 Third Update, SIA Migrates to Red Hat

    Links for the day



  13. Microsoft's Latest Round of Massive/Bulk/Large-scale Layoffs

    Microsoft boosters are preparing 'damage control' pieces ahead of massive layoffs at Microsoft



  14. Secrecy Allows British Government to be Manipulated by Microsoft for Spyware Behind Closed Doors

    Dependence on malicious software from NSA ally Microsoft is highly dependent, at least in Britain, on government secrecy and vain refusal to comply with Freedom of Information (FOI) requests



  15. Software Patent Applications Already Being Rejected in the US Owing to SCOTUS Ruling, Some Patent Lawyers Are Fuming

    Good news on the software patents front as the USPTO starts rejecting software patent applications, based on patent lawyers' words



  16. Links 15/7/2014: New Plasma, Google Announces Project Zero

    Links for the day



  17. Interest in Free Software Coverage and 9 Months With Tux Machines

    Thoughts about the level of interest in Free/Open Source software (FOSS) and growth of at least some sites that focus on GNU/Linux



  18. White House Backs Away From Appointing Patents Zealot to Top USPTO Position

    Philip Johnson is no longer poised to become the Director of the USPTO, which is basically an establishment that provides protectionism to primarily US-based corporations



  19. Professor James Bessen Presents the Case Against Software Patents After Important SCOTUS Ruling

    The debate about software patents in the Unites States continues, with academia on one side and greedy patent lawyers on the other



  20. Software Patents Demising in the US as Microsoft Patent Attacks on Android/Linux Suffer a Huge Setback

    M-Cam's assessment of Microsoft's bundle of extortion (using software patents) shows toothlessness, irrespective of the SCOTUS decision to effectively annul "abstract" software patents



  21. Links 13/7/2014: KDE Activity Surge

    Links for the day



  22. Pro-Microsoft Spin in Microsoft-Funded News Networks

    The rogue media (misinformation) campaign of Microsoft benefits from networks which have been paid by Microsoft over the years



  23. Cronyism at Play: European Hostility Towards Free/Libre Software Despite Espionage and Moles

    Europe continues to be held hostage with back doors, lock-in, and massive payments to foreign powers, despite evidence that these powers are destructive and hostile



  24. Wirelessly-Controlled Contraceptives and Other Villainous Bill Gates Initiatives

    Remote controls for people's reproductive systems are now in the making and Bill Gates is a prominent investor in the technology



  25. Links 12/7/2014: CrossOver, New Wine

    Links for the day



  26. Links 10/7/2014: LXLE 14.04 in Headlines, Plasma 5

    Links for the day



  27. OpenDocument Format (ODF) Still Alive and Kicking

    Caligra, WebODF and various influential nations' departure from Microsoft Office will help famous projects such as OpenOffice.org and LibreOffice make ODF the only international standard for editable documents exchange



  28. The Effect of Corporate Media Bias: FOSS Demonisation and Microsoft Openwashing

    A set of very recent examples where the corporate press produces FOSS-hostile articles (or pro-Microsoft articles) by citing biased sources of convenience



  29. The NSA's Top (and First) PRISM Partner, Microsoft, Lies to Governments and Businesses as Office Gets Banned in China

    Developments in China reveal that security and privacy threats posed by reliance on Microsoft are so great that a ban becomes inevitable and continues to expand (Microsoft put on more and more block lists and blacklists)



  30. Microsoft's Propaganda Machine Tries to Shift Security Debate Amid Serious Catastrophes

    Observations and analysis of some recent deception in corporate news sites (like Condé Nasty), trying to pretend that Microsoft is secure, that Microsoft is pursuing security, and that FOSS and Android security or privacy are inherently poor


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts