EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.27.09

Windows Users Left Vulnerable Over Christmas, as Usual

Posted in Security, Servers, Windows at 5:06 am by Dr. Roy Schestowitz

Boycott Novell on hand

Summary: Users of IIS on Windows Server are served another blow while they are on vacation; other minor news from the past week

JUST ABOUT every year — including the previous one — Microsoft clients are left to be worried about their computers. Statistics suggest that roughly one in two Windows PCs is a zombie PC.

This Christmas is no exception, but the main victim appears to be users of Windows Server with IIS. Microsoft already neglects Windows Server when it comes to security [1, 2, 3] and now comes this (reported on Christmas Day):

“Microsoft IIS vuln leaves users open to remote attack

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

How predictable. This begs for an explanation: why did the US government choose a Microsoft veteran to head security for example?

Howard Schmidt is still being analysed and Bruce Schneier writes:

I head this rumor two days ago, and The New York Times is reporting today.

Reporters are calling me for reactions and opinions, but I just don’t know. Schmidt is good, but I don’t know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority — I don’t know.

Speaking of this additional Microsoft influence in the United States, Amico has just hired a Microsoft veteran.

Amico Engages Former Intel and Microsoft Software Developer for North American Expansion

[...]

Mr. Glass has over 20 years of experience in software development and has previously provided services for top companies such as British Telecom, Intel, Cisco Systems, Barclays and Microsoft.

Microsoft employees write buggy code. To give an example from several days ago, watch what Xbox is up to:

Microsoft Accidentally Charges $800 for Arcade Game

[...]

In all seriousness, this is certainly just an error on Microsoft’s part – someone meant to type in “800 MS Points” (or $10) and ended up pricing the game at 80 times that.

It could be a human error at the input level, but still…

Looking at something a little different now, Motley Fool, a Microsoft fan site for the most part, is worried about the continued decline of Internet Explorer, which represented a form of Microsoft grip on the Web.

StatCounter, an analytics firm, says that Firefox’s share of the browser market now stands at 32.06%, up almost seven percentage points from last November. Internet Explorer’s share fell more than 12 percentage points over the same period.

[...]

Microsoft investors have reason to worry. This is a war, and it’s being fought in the browser. The most functional environment for cloud computing will win this conflict. Going by the trend in the numbers, users increasingly believe that’s Firefox.

More information in:

According to some of the latest figures, Microsoft loses share in both Web browsers and Web servers. Security problems are among the catalysts spurring this trend.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 24/4/2014: OpenPower Foundation, Core Infrastructure Initiative

    Links for the day



  2. Microsoft's and Bill Gates' Biggest Patent Troll (Intellectual Ventures) Suffers Setback and Nokia is Dead While Patents Scattered to Microsoft Patent Proxies

    Microsoft's patent collectors (trolls) are to have a feast with Nokia patents while Intellectual Ventures, Microsoft's largest patent proxy, continues to attack companies including Motorola



  3. Patent Racketeering Continues With Nadella: Motorola the Latest to Join the FUD Campaign

    Nadella continues Ballmer's campaign of intimidation and alienation, showing that nothing has changed at Microsoft, not even the FUD



  4. Links 23/4/2014: GNOME Maps Application, LG in Headlines

    Links for the day



  5. Links 22/4/2014: More GNU/Linux Gains, Syria Updates

    Links for the day



  6. Links 21/4/2014: New Games for GNU/Linux, Some NatSec Politics

    Links for the day



  7. Site Focus for The Remainder of the Year

    What we plan for the rest of 2014 and why



  8. Links 20/4/2014: EFF FOSS, Easter Drone Strikes, Copyright Industry Fear of Google

    Links for the day



  9. Links 19/4/2014: Slow Easter News Day

    Links for the day



  10. Links 18/4/2014: New KDE, Kubuntu, and More

    Links for the day



  11. Some Perspective on Heartbleed®

    Our views on the whole Heartbleed® bonanza, which seems like partly a PR stunt (for multiple stakeholders)



  12. Microsoft is Leaving Windows -- Including Vista 8.1 -- Vulnerable to Non-Government Crackers, Not Only to NSA

    Microsoft makes it ever more evident that securing users of Windows is not at all a priority, and perhaps not even a desire



  13. Links 17/4/2014: Android RDP, New Ubuntu, RHEL 7 Milestone

    Links for the day



  14. Racing to 1984: Mass Surveillance, Cracking, 'Targeted' Assassinations, and Illegal Torture

    Links for the day



  15. More Microsoft Subsidies to Patent Troll Intellectual Ventures

    Microsoft hands money to Bill Gates' close friend who is the world's largest patent troll



  16. Aiding Microsoft Under the Disguise of 'Pro-FOSS'

    Not everything which is FOSS necessary becomes, by virtue of existence, a positive contribution, as we are constantly reminded by projects that help proprietary software and/or restrictions get a strong grip on FOSS



  17. Links 16/4/2014: Red Hat PR, Ubuntu LTS Imminent

    Links for the day



  18. Links 15/4/2014: Lots of PCLinuxOS Releases, Ukraine Updates

    Links for the day



  19. Apple and Microsoft Actively Lobbying Against Patent Reform in the US

    Apple and Microsoft are reportedly intervening/interfering with US law in order to ensure that the law is Free/libre software-hostile



  20. Lawsuit by Microsoft Shareholder Targets Fine for Crimes Rather Than the Crimes Themselves

    A new lawsuit by a Microsoft shareholder shows everything that's wrong with today's model of accountability, where those who are responsible for crimes are accused of not avoiding fines rather than committing the crimes



  21. Public Institutions Must Dump PRISM-Associated Software

    Another reminder that taxpayers-subsidised services should refuse, as a matter of principle, to pay anything for -- let alone deploy -- proprietary software with back doors



  22. GNU/Linux News: The Opportunities Amid XP EOL

    Links for the day



  23. Microsoft Gets Its Money's Worth From Xamarin: PlayStation 4 Now Polluted by Microsoft

    The Trojan horse of Microsoft, Xamarin, is pushing .NET into Microsoft's console competitor



  24. After Brendan Eich Comes Chris Beard

    Having removed Brendan Eich using bullying and blackmail tactics, his foes inside Mozilla achieved too little as we have yet another man (coming from inside Mozilla) acting as CEO



  25. Healthcare News: Free Software in Health, Humanitarian Causes

    Links for the day



  26. Links 14/4/2014: MakuluLinux, Many Games, More Privacy News and Pulitzer Prize for NSA Revelations

    Links for the day



  27. TechBytes Episode 87: Catching up With Surveillance (NSA, GCHQ et al.)

    The first audio episode in a very long time covers some of the latest happenings when it comes to privacy and, contrariwise, mass surveillance



  28. Server News: KVM, ElasticHosts, Other GNU/Linux Items, and Open Network Linux

    Links for the day



  29. Hardware News: Freedom, Modding, Hackability on the Rise

    Links for the day



  30. Distributions News: GNU/Linux Distros

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts