EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.09

Windows Users Left Vulnerable Over Christmas, as Usual

Posted in Security, Servers, Windows at 5:06 am by Dr. Roy Schestowitz

Boycott Novell on hand

Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year — including the previous one — Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.

This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

“Microsoft IIS vuln leaves users open to remote attack

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don’t know. Schmidt is good, but I don’t know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority — I don’t know.

Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion

[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.

Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game

[...]

In all seriousness, this is certainly just an error on Microsoft’s part – someone meant to type in “800 MS Points” (or $10) and ended up pricing the game at 80 times that.

It could be a human error at the input level, but still…

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox’s share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer’s share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it’s being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that’s Firefox.

More information in:

According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 30/1/2015: CERN Adopts 64-bit GNU/Linux, Inkscape 0.91 Released

    Links for the day



  2. Apple- and Microsoft-Friendly Media Continues Attacking Android/Linux

    Some of the latest examples where corporate media (funded and run by large corporation) distorts facts, selectively covers facts, and generally serves to protect the Apple-Microsoft duopolist world view



  3. Qualys Admits That Its Scare Campaign (So-called 'GHOST') Somewhat Baseless

    Even the company that bombarded the media with its "GHOST" nonsense admits that this bug, which was fixed two years ago, does not pose much of a threat



  4. European Unitary Patent and Court System in Trouble

    New resistance to the Unitary Patent amid allegations of misconduct in the European patent authorities



  5. Text of Ruling/Decision Against Željko Topić (Regarding Audi as a Bribe)

    The legal loss of Željko Topić laid bear for the public to see even outside Croatia



  6. Media Coverage of Demonstration Against Jesper Kongstad of the Administrative Council (EPO)

    Last week's EPO demonstration has been covered by Danish media, raising awareness of the "banana republic" state of the EPO



  7. Links 29/1/2015: Android Shipments in 2014 Exceed 1,000,000,000, LibreOffice 4.4 is Out

    Links for the day



  8. Corporate Media, Led Astray by Patent Lawyers, Continues to Distort the Reality of Software Patents Post-Alice

    The press of the rich and the powerful continues its attempt to preserve software patents, despite the US Supreme Court's decision to abolish a lot of them on the basis of abstraction



  9. An Estimated 1,000 EPO Employees-Strong Legion Engulfs Danish Consulate to Protest Jesper Kongstad's (of Administrative Council) Protection of Benoît Battistelli

    A large protest waged by staff of the EPO targets one of the key facilitators of Battistelli's terrifying tyranny



  10. Links 28/1/2015: Ubuntu Touch Windowed Mode, NVIDIA Linux Legacy Drivers Updated

    Links for the day



  11. Breaking: EPO Vice-President Željko Topić Loses Defamation Case in Croatia

    The EPO's notorious Vice-President, whose appointment at the EPO is still raising some alarming questions, has just lost his case in Croatia (one of many cases), motivating us to accelerate coverage about the persona known as Željko Topić



  12. Qualys Starts Self-Promotional FUD Campaign, Naming a Bug That Was Already Fixed 2 Years Ago and Distros Have Covered With Patches

    Responding to the media blitz which paints GNU/Linux as insecure despite the fact that bugs were evidently found and fixed



  13. The Openwashing of Microsoft is Now Threatening to Eliminate the Identity of Free Software

    More openwashing of Microsoft, including in the corporate media, shows just to what great an extent and how quickly the old "Microsoft Open Source" Big Lie grows feet



  14. Links 27/1/2015: Plasma 5.2, Dell Precision With GNU/Linux

    Links for the day



  15. Microsoft's Media Attack on Free Software and GNU/Linux

    Brainwash war is still being waged by Microsoft and its friends to convince people that Windows is universally dominant and that Microsoft is now part of the Free software world



  16. Microsoft Accounting Practices After Fire Again, After Previous Abuses and Book-Cooking

    After the infamous IRS brawl comes another confrontation between Microsoft and the SEC, which is unhappy with Microsoft for seemingly cooking the books again



  17. Links 26/1/2015: Debian 8.0 “Jessie” RC1, Linux Kernel 3.19 RC6

    Links for the day



  18. Links 25/1/2015: Android Wear 5.0, Tizen in Bangladesh

    Links for the day



  19. IRC Proceedings: January 11th, 2015 – January 24th, 2015

    Many IRC logs



  20. Links 24/1/2015: Zenwalk Linux Reviewed, Netrunner 14.1 Released

    Links for the day



  21. The Latest 'Microsoft is Open Source' Propaganda a Parade of Lies

    Microsoft myth makers continue their assault on what is objectively true and try to tell the public that Microsoft is a friend of "Open Source"



  22. Apple -- Like Microsoft -- Not Interested in the Security of Its Operating Systems

    Apple neglected to patch known security flaws in Mac OS X for no less than three months and only did something about that vector of intrusion when the public found out about it



  23. As Battistelli Breaks the Rules and Topić Silences Staff, New European Parliament Petition for Tackling the EPO's Abuses is Needed

    The neglected (by EPO) Article 4a of the European Patent Convention (EPC) and the European Parliament petition/complaint against the EPO's crooked management



  24. Links 23/1/2015: Red Hat on IBM Power, Meizu Leaks With Ubuntu

    Links for the day



  25. Links 23/1/2015: Plasma 5.2, Manjaro 0.9-pre1

    Links for the day



  26. Microsoft is Dying Due to Free Software, Tries to Infect GNU/Linux With .NET and to Infect Moodle in Schools With Microsoft Office and OOXML Lock-in

    'Free' drugs (a proprietary software analogy) the new strategy of Microsoft in its latest battle against Free software, especially in schools where choice is a rarity (if not an impossibility), with the premeditated intention of forming dependency/addiction among young people



  27. Microsoft Symptoms of a Dying Company: More Boosters Depart, Back Doors Revealed, Microsoft's Outlook Cracked

    Bad news for Microsoft shortly before the marketing extravaganza served to cover much of it up



  28. The Collapse of European Patent Office Management Culminates With Resignations

    No blood is spilled, but even the management of the EPO is falling apart as the Director of Internal Communication is said to have just resigned



  29. New LCA Talk: Open Invention Network's Deb Nicholson on Software Patents and Patent Trolls

    Deb Nicholson's LCA talk is now publicly accessible



  30. Links 22/1/2015: GNU/Linux Sysadmin Opportunities, TraceFS Introduced

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts