l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2012 May 28 09:01

Reasons to Avoid Microsoft


[Bug] [Education] [Government] [Fear, Uncertainty, Doubt] [Security Hole] [MSN Hotmail] [MS Internet Explorer] [MS IIS Webserver] [MSN Instant Messenger] [License] [Linux/Open Source] [Monopoly] [MS Outlook] [Piracy] [Privacy] [Virus/Worm] [MS XBox] [MS Windows XP] [WOW!]
Show All

[Security Hole]

Security Hole


These pages are a compilation of links and quotes to news articles and others sources that might help convince you to switch to Linux.

  • Microsoft IE Flaw Exploited by Hackers to Steal Info From Google (Dailytech.com, 2010.01.15)
    [MS Internet Explorer] [Security Hole] [Privacy] In this case the flaw wasn't overly severe, but the attackers were unusually sophisticated and struck out at businesses, looking to steal their data. Writes Dmitri Alperovitch, a vice president of research with McAfee, 'We have never seen attacks of this sophistication in the commercial space. We have previously only seen them in the government space.'

  • New Attack Fells Internet Explorer (Network World, 2009.11.23)
    [Security Hole] A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. ... Security consultancy Vupen Security has also confirmed that the attack works, saying it worked on a Windows XP Service Pack 3 system running IE 6 or IE7. Neither company was able to confirm that the attack worked on Microsoft's latest browser, IE 8. ... Together, IE 6 and IE 7 command close to 40 percent of the browser market.

  • Major IE8 flaw makes 'safe' sites unsafe (The Register, 2009.11.20)
    [Security Hole] [MS Internet Explorer] [WOW!] The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe. The flaw in IE 8 can be exploited to introduce XSS, or cross-site scripting, errors on webpages that are otherwise safe... Ironically, the flaw resides in a protection added by Microsoft developers to IE 8 that's designed to prevent XSS attacks against sites.

  • Sneaky Microsoft Add-On Put Firefox Users At Risk (Slashdot.org, 2009.10.16)
    [Security Hole] [T]he 'Windows Presentation Foundation' plugin that Microsoft slipped into Firefox last February apparently left the popular browser open to attack. ... once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual 'Disable' and 'Uninstall' buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7... Several sites posted complicated directions on how to scrub the .NET add-on...

  • Attacks Against Unpatched Microsoft Bug Multiply (Slashdot.org, 2009.07.14)
    [Security Hole] Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat.

  • Federal Web sites knocked out by cyber attack (Associated Press, 2009.07.08)
    [Government] [Security Hole] A widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several government agencies, including some that are responsible for fighting cyber crime [...] Denial of service attacks against Web sites are not uncommon, and are usually caused when sites are deluged with Internet traffic so as to effectively take them off-line. Mounting such an attack can be relatively easy using widely available hacking programs, and they can be made far more serious if hackers infect and use thousands of computers tied together into "botnets."

  • PC Invader Costs Kentucky County $415,000 (The Washington Post, 2009.07.07)
    [Government] [Security Hole] Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks. [...] the unauthorized transfers appear to have been driven by "some kind computer virus." ... the criminals stole the money using a custom variant of a keystroke logging Trojan [...] [An] interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.

  • Microsoft warns of serious computer security hole (Associated Press, 2009.07.06)
    [Security Hole] The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software. It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked. Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability.

  • Microsoft Update Quietly Installs Firefox Extension (The Washington Post, 2009.05.29)
    [Security Hole] A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser. ...'this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC.' ... Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up.

  • Microsoft's advice on Downadup leaves users open to attack, says US-CERT (ComputerWorld, 2009.01.21)
    [Security Hole] Microsoft Corp.'s advice on disabling Windows' "Autorun" feature is flawed, the U.S. Computer Emergency Readiness Team (US-CERT) said today, and it leaves users who rely on its guidelines to protect their PCs against the fast-spreading Downadup worm open to attack. ... The problem is that Downadup, which as of last week had infected nearly 9 million PCs worldwide, tries to spread using USB-based devices, typically flash drives. ... One security researcher said he was surprised that Microsoft didn't catch its recommendation errors, particularly in light of the ongoing Downadup attacks. "Seems unbecoming of Microsoft not to have been the one posting this information on a blog of theirs,"... He also bemoaned the need to edit the registry to disable Autorun. "Not only [is] editing the registry outside the [reach] of most people, but now we have learned that the information from the source is not complete."

  • Windows worm trickery for Vista (BBC News, 2009.01.21)
    [Security Hole] [WOW!] The worm is unusually clever in the way that it determines what server to contact... 'This makes it impossible and/or impractical for us good guys to shut them all down'... [The virus] has spread to an estimated 9m computers globally.

  • 1 in 3 Windows PCs Still Vulnerable To Worm Attack (Slashdot.org, 2009.01.16)
    [Security Hole] [WOW!] The worm that has infected several million Windows PCs, Downadup or 'Conficker,' is having a field day because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix.

  • Microsoft confirms that all versions of IE have critical new bug (ComputerWorld, 2008.12.12)
    [Security Hole] [MS Internet Explorer] [Microsoft] adds IE6 and IE8 Beta 2 to the list, recommends disabling .dll to stay safe. The unpatched bug in Internet Explorer 7 (IE7) that hackers are now exploiting also exists in older versions of the browser, including the still-widely-used IE6, Microsoft Corp. said late yesterday.


    Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38

  • Security loophole found in Windows operating system (EurekAlert, 2007.11.12)
    [Security Hole] The significance of the loophole: emails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using 'Windows 2000' is susceptible to tracking. ... The researchers found the security loophole in the random number generator of Windows. This is a program which is, among other things, a critical building block for file and email encryption, and for the SSL encryption protocol which is used by all Internet browsers. For example: in correspondence with a bank or any other website that requires typing in a password, or a credit card number, the random number generator creates a random encryption key, which is used to encrypt the communication so that only the relevant website can read the correspondence. The research team found a way to decipher how the random number generator works and thereby compute previous and future encryption keys used by the computer, and eavesdrop on private communication.

  • Hacker, Microsoft duke it out over Vista desin flaw (ZDNet 'Tracking the hackers' blog, 2007.02.13)
    [] [Security Hole] [WOW!] [A security hacker] stumbled upon a 'very severe hole' in the design of UAC (User Account Control) and found out -- from Microsoft officials -- that the default no-admin setting isn't even a security mechanism anymore. ... [UAC] assumes that all setup programs (application installers) should be run with administrator privileges. ... 'That means if you download some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing it to load kernel drivers.'

  • Internet Explorer Unsafe for 284 Days in 2006 (Washington Post 'Security Fix' Blog, 2007.01.03)
    [Security Hole] [Privacy] [MS Internet Explorer] [WOW!] For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in [IE] was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users. ... In contrast, [the Open Source Mozilla Firefox browser] experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem.

  • Virus writers target web videos (BBC News, 2006.10.31)
    [Security Hole] [Virus/Worm] Security firms are reporting more and more instances of booby-trapped Windows codecs - file compressors - required to play some video formats. Some of the codecs let users play types of net-based video, but also have spyware and adware wrapped inside. Others, say experts, are outright fakes that just want to infect victims with data-stealing programs.

  • New Windows attack can kill firewall (Network World, 2006.10.30)
    [WOW!] [Security Hole] Hackers have published code that could let an attacker disable the Windows Firewall on certain Windows XP machines. The code, which was posted on the Internet early Sunday morning, could be used to disable the Windows Firewall on a fully patched Windows XP PC that was running Windows' Internet Connection Service... ypically used by home and small-business users.

  • IE7 flaw a canary in the coalmine? (iTWire, 2006.10.20)
    [MS Internet Explorer] [Security Hole] Internet Explorer 7 is supposed to be one of the big ones for Microsoft, a catchup browser five years in the making. Aside from the catchup features, it was the tighter security that was always going to be the clincher for many users, particularly in the business world. However, the perception of a more secure browsing experience with IE7 is already under strain with the discovery of a flaw just hours after release. ... one could question the entry of Microsoft into the security space on the eve of the release of Vista in the first place ... why [would] an operating system vendor in the process of releasing a supposedly rock solid secure system [...] believe there's money to be made out of security products for that system[?]

  • IE7 Vulnerability Discovered (Slashdot.org, 2006.10.19)
    [MS Internet Explorer] [Security Hole] Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the 'you wanted it easier and more secure' slogan found on Microsoft's IE Website.

  • Onerous Vista Activation -- A Time Bomb? (PC Magazine, 2006.10.16)
    [Security Hole] [WOW!] There has been a lot of chatter recently over some of the newer activation and validation schemes that Microsoft may or may not implement with its new Vista operating system. ... Microsoft wants to put yet another layer into the mix, and this layer -- Windows Genuine Advantage -- could become a problem if the layer itself is ever targeted by a virus or Trojan horse. ... I'm more worried about some joker creating a virus or exploit that turns the good cop [WGA] into a bad cop, and I can only imagine the destruction and hassle that will ensue. First of all, this policeman program is also a traffic cop. Aside from having the potential ability to turn your operating system off so that it cannot work at all, it is the program that allows your OS to be upgraded. There will be no patches for an exploit against the program that turns off upgrades. Once a virus that makes the cop refuse to authenticate Vista hits the Net, then how can the problem be fixed?

  • Vista & Longhorn Server.s .Improved. Security (The NeoSmart Files, 2006.10.12)
    [Security Hole] [WOW!] [If] an operating system doesn't get more secure as it progresses and evolves, there is certainly something fishy going on. ... So what's the problem? Windows "Longhorn" Server is! While Windows Vista.s security has steadily improved build-by-build, and while Longhorn.s kernel and applications may be more secure, Windows Longhorn Server as a whole most certainly isn.t. Why? Because it never prompts you to set an Administrator password!

  • Tracking down hi-tech crime (BBC News, 2006.10.08)
    [MS Windows XP] [Security Hole] [WOW!] If every hour a burglar turned up at your house and rattled the locks on the doors and windows to see if he could get in, you might consider moving to a safer neighbourhood. And while that may not be happening to your home, it probably is happening to any PC you connect to the net. ... When we put this machine online it was, on average, hit by a potential security assault every 15 minutes. None of these attacks were solicited, merely putting the machine online was enough to attract them. The fastest an attack struck was mere seconds... Often once a machine has fallen under someone else's control, a keylogger will be installed to capture information about everything that the real owner does -- such as login to their online bank account.

  • Three's a charm for MS06-042? (InfoWorld, 2006.09.12)
    [MS Internet Explorer] [Security Hole] It's patch Tuesday again, and Microsoft's hoping three's a charm for its wayward Cumulative [Internet Explorer] patch, MS06-042. The company quietly re-released (actually re-re-released) [the patch] today to fix yet another security hole introduced by the [previous] software update. ... the [Internet Explorer] patch was updated [...] to fix another remote code execution vulnerability ... That's almost identical to the problem introduced in the original version of the patch...

Next 25 Articles

Collection originally created by, donated to LUGOD by, and maintained by Bill Kendrick.

Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.