EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.09

Windows Users Left Vulnerable Over Christmas, as Usual

Posted in Security, Servers, Windows at 5:06 am by Dr. Roy Schestowitz

Boycott Novell on hand

Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year — including the previous one — Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.

This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

“Microsoft IIS vuln leaves users open to remote attack

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don’t know. Schmidt is good, but I don’t know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority — I don’t know.

Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion

[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.

Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game

[...]

In all seriousness, this is certainly just an error on Microsoft’s part – someone meant to type in “800 MS Points” (or $10) and ended up pricing the game at 80 times that.

It could be a human error at the input level, but still…

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox’s share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer’s share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it’s being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that’s Firefox.

More information in:

According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. PTAB is Safe, the Patent Extremists Just Try to Scandalise It Out of Sheer Desperation

    The Leahy-Smith America Invents Act (AIA), which gave powers to the Patent Trial and Appeal Board (PTAB) through inter partes reviews (IPRs), has no imminent threats, not potent ones anyway



  2. Update on the EPO's Crackdown on the Boards of Appeal

    Demand of 35% increases from the boards serves to show that Battistelli now does to the 'independent' judges what he already did to examiners at the Office



  3. The Lobbyists Are Trying to Subvert US Law in Favour of Patent Predators

    Mingorance, Kappos, Underweiser and other lobbyists for the software patents agenda (paid by firms like Microsoft and IBM) keep trying to undo progress, notably the bans on software patents



  4. Patent Trolls Based in East Texas Are Affected Very Critically by TC Heartland

    The latest situation in Texas (United States District Court for the Eastern District of Texas in particular), which according to new analyses is the target of legal scrutiny for the 'loopholes' it provided to patent trolls in search of easy legal battles



  5. Alice Remains a Strong Precedential Decision and the Media Has Turned Against Software Patents

    The momentum against the scourge of software patents and the desperation among patent 'professionals' (people who don't create/develop/invent) is growing



  6. Harm Still Caused by Granted Software Patents

    A roundup of recent (past week's) announcements, including legal actions, contingent upon software patents in an age when software patents bear no real legitimacy



  7. Links 18/11/2017: Raspberry Digital Signage 10, New Nano

    Links for the day



  8. 23,000 Posts

    23,000 blog posts milestone reached in 11 years



  9. BlackBerry Cannot Sell Phones and Apple Looks Like the Next BlackBerry (a Pile of Patents)

    The lifecycle of mobile giants seems to typically end in patent shakedown, as Apple loses its business to Android just like Nokia and BlackBerry lost it to Apple



  10. EFF and CCIA Use Docket Navigator and Lex Machina to Identify 'Stupid Patents' (Usually Software Patents That Are Not Valid)

    In spite of threats and lawsuits from bogus 'inventors' whom they criticise, EFF staff continues the battle against patents that should never have been granted at all



  11. The Australian Productivity Commission Shows the Correct Approach to Setting Patent Laws and Scope

    Australia views patents on software as undesirable and acts accordingly, making nobody angry except a bunch of law firms that profited from litigation and patent maximalism



  12. EPO 'Business' From the United States Has Nosedived and UPC is on Its Death Throes

    Benoît Battistelli and Elodie Bergot further accelerate the ultimate demise of the EPO (getting rid of experienced and thus 'expensive' staff), for which there is no replacement because there is a monopoly (which means Europe will suffer severely)



  13. Links 17/11/2017: KDE Applications 17.12, Akademy 2018 Plans

    Links for the day



  14. Today's EPO and Team UPC Do Not Work for Europe But Actively Work Against Europe

    The tough reality that some Europeans actively work to undermine science and technology in Europe because they personally profit from it and how this relates to the Unitary Patent (UPC), which is still aggressively lobbied for, sometimes by bribing/manipulating the media, academia, and public servants



  15. Links 16/11/2017: WordPress 4.9 and GhostBSD 11.1 Released

    Links for the day



  16. The Staff Union of the EPO (SUEPO) is Rightly Upset If Not Shocked at What Battistelli and Bergot Are Doing to the Office

    The EPO's dictatorial management is destroying everything that's left (of value) at the Office while corrupting academia and censoring discussion by threatening those who publish comments (gagging its own staff even when that staff posts anonymously)



  17. EPO Continues to Disobey the Law on Software Patents in Europe

    Using the same old euphemisms, e.g. "computer-implemented inventions" (or "CII"), the EPO continues to grant patents which are clearly and strictly out of scope



  18. Links 16/11/2017: Tails 3.3, Deepin 15.5 Beta

    Links for the day



  19. Benoît Battistelli and Elodie Bergot Have Just Ensured That EPO Will Get Even More Corrupt

    Revolving door-type tactics will become more widespread at the EPO now that the management (Battistelli and his cronies) hires for low cost rather than skills/quality and minimises staff retention; this is yet another reason to dread anything like the UPC, which prioritises litigation over examination



  20. Australia is Banning Software Patents and Shelston IP is Complaining as Usual

    The Australian Productivity Commission, which defies copyright and patent bullies, is finally having policies put in place that better serve the interests of Australians, but the legal 'industry' is unhappy (as expected)



  21. Patent Trial and Appeal Board (PTAB) Defended by Technology Giants, by Small Companies, by US Congress and by Judges, So Why Does USPTO Make It Less Accessible?

    In spite of the popularity of PTAB and the growing need/demand for it, the US patent system is apparently determined to help it discriminate against poor petitioners (who probably need PTAB the most)



  22. Declines in Patent Quality at the EPO and 'Independent' Judges Can No Longer Say a Thing

    The EPO's troubling race to the bottom (of patent quality) concerns the staff examiners and the judges, but they cannot speak about it without facing rather severe consequences



  23. The EPO is Now Corrupting Academia, Wasting Stakeholders' Money Lying to Stakeholders About the Unitary Patent (UPC)

    The Unified Patent Court/Unitary Patent (UPC) is a dying project and the EPO, seeing that it is going nowhere fast, has resorted to new tactics and these tactics cost a lot of money (at the expense of those who are being lied to)



  24. Links 15/11/2017: Fedora 27 Released, Linux Mint Has New Betas

    Links for the day



  25. Patents Roundup: Packet Intelligence, B.E. Technology, Violin, and Square

    The latest stories and warnings about software patents in the United States



  26. Decline of Skills Level of Staff Like Examiners and Impartiality (Independence) of Judges at the EPO Should Cause Concern, Alarm

    Access to justice is severely compromised at the EPO as staff is led to rely on deficient tools for determining novelty while judges are kept out of the way or ill-chosen for an agenda other than justice



  27. Links 14/11/2017: GNU/Linux at Samsung, Firefox 57 Quantum

    Links for the day



  28. Microsoft: Sheltering Oneself From Patent Litigation While Passing Patents for Trolls to Attack GNU/Linux

    Another closer look at Provenance Asset Holdings and what exactly it is (connection to AST, part of the cartel Microsoft subsidises to shield itself)



  29. The Patent Trolls' Lobby is Losing the Battle for Europe

    The situation in Europe is looking grim for patent trolls, for their policies and the envisioned system (which they lobbied for) isn't coming to fruition and their main casualty is the old (and functioning) EPO



  30. Unitary Patent (UPC) is Dead to the EPO and ANSERA is Not the Answer as Patent Quality Declines and Talented Staff Leaves

    EPOPIC comes to an end and the EPO does not mention the UPC 'content' in it; ANSERA, in the meantime, raises more questions than it answers and IP Kat makes a formal query


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts