| Events |
|
|
|
|
|
|
|
|
| Services |
|
|
|
|
| Interact |
|
|
|
|
|
|
| About Us |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reasons to Avoid Microsoft
![[Bug]](gfx/bug.gif "Bug")
![[Education]](gfx/edu.gif "Education")
![[Government]](gfx/fed.gif "Government")
![[Fear, Uncertainty, Doubt]](gfx/fud.gif "Fear, Uncertainty, Doubt")
![[Security Hole]](gfx/hole.gif "Security Hole")
![[MSN Hotmail]](gfx/hotmail.gif "MSN Hotmail")
![[MS Internet Explorer]](gfx/ie.gif "MS Internet Explorer")
![[MS IIS Webserver]](gfx/iis.gif "MS IIS Webserver")
![[MSN Instant Messenger]](gfx/im.gif "MSN Instant Messenger")
![[License]](gfx/lic.gif "License")
![[Linux/Open Source]](gfx/linux.gif "Linux/Open Source")
![[Monopoly]](gfx/monopoly.gif "Monopoly")
![[MS Outlook]](gfx/outlook.gif "MS Outlook")
![[Piracy]](gfx/piracy.gif "Piracy")
![[Privacy]](gfx/priv.gif "Privacy")
![[Virus/Worm]](gfx/virus.gif "Virus/Worm")
![[MS XBox]](gfx/xbox.gif "MS XBox")
![[MS Windows XP]](gfx/xp.gif "MS Windows XP")
![[WOW!]](gfx/wow.gif "WOW!")
Show All
Security Hole
These pages are a compilation of links and quotes to news articles and
others sources that might help convince you to switch to Linux.
- Microsoft IE Flaw Exploited by Hackers to Steal Info From Google
(Dailytech.com,
2010.01.15)
In this case the flaw wasn't overly severe, but the attackers were
unusually sophisticated and struck out at businesses, looking to steal
their data. Writes Dmitri Alperovitch, a vice president of research
with McAfee, 'We have never seen attacks of this sophistication in the
commercial space. We have previously only seen them in the government
space.'
- New Attack Fells Internet Explorer
(Network World,
2009.11.23)
A hacker has posted attack code that could be used to break into a
PC running older versions of Microsoft's Internet Explorer browser.
... Security consultancy Vupen Security has also confirmed that the
attack works, saying it worked on a Windows XP Service Pack 3 system
running IE 6 or IE7. Neither company was able to confirm that the
attack worked on Microsoft's latest browser, IE 8. ... Together,
IE 6 and IE 7 command close to 40 percent of the browser market.
- Major IE8 flaw makes 'safe' sites unsafe
(The Register,
2009.11.20)
The latest version of Microsoft's Internet Explorer browser contains
a bug that can enable serious security attacks against websites that
are otherwise safe. The flaw in IE 8 can be exploited to introduce
XSS, or cross-site scripting, errors on webpages that are otherwise
safe... Ironically, the flaw resides in a protection added by Microsoft
developers to IE 8 that's designed to prevent XSS attacks against
sites.
- Sneaky Microsoft Add-On Put Firefox Users At Risk
(Slashdot.org,
2009.10.16)
[T]he 'Windows Presentation Foundation' plugin that Microsoft slipped
into Firefox last February apparently left the popular browser open to
attack. ... once installed, the .NET add-on was virtually impossible
to remove from Firefox. The usual 'Disable' and 'Uninstall' buttons
in Firefox's add-on list were grayed out on all versions of Windows
except Windows 7... Several sites posted complicated directions on
how to scrub the .NET add-on...
- Attacks Against Unpatched Microsoft Bug Multiply
(Slashdot.org,
2009.07.14)
Attacks exploiting the latest Microsoft vulnerability are quickly
ramping up in quantity and intensity, several security companies warned
today as they rang alarms about the developing threat.
- Federal Web sites knocked out by cyber attack
(Associated Press,
2009.07.08)
A widespread and unusually resilient computer attack that began July
4 knocked out the Web sites of several government agencies, including
some that are responsible for fighting cyber crime [...] Denial of service
attacks against Web sites are not uncommon, and are usually caused
when sites are deluged with Internet traffic so as to effectively
take them off-line. Mounting such an attack can be relatively easy
using widely available hacking programs, and they can be made far more
serious if hackers infect and use thousands of computers tied together
into "botnets."
- PC Invader Costs Kentucky County $415,000
(The Washington Post,
2009.07.07)
Cyber criminals based in Ukraine stole $415,000 from the coffers of
Bullitt County, Kentucky this week. The crooks were aided by more than
two dozen co-conspirators in the United States, as well as a strain of
malicious software capable of defeating online security measures put
in place by many banks. [...] the unauthorized transfers appear to have
been driven by "some kind computer virus." ... the criminals stole
the money using a custom variant of a keystroke logging Trojan [...]
[An] interesting feature of this malware... is that it creates a
direct connection between the infected Microsoft Windows system and
the attackers, allowing the bad guys to log in to the victim's bank
account using the victim's own Internet connection.
- Microsoft warns of serious computer security hole
(Associated Press,
2009.07.06)
The vulnerability disclosed Monday affects Internet Explorer users
whose computers run the Windows XP or Windows Server 2003 operating
software. It can allow hackers to remotely take control of victims'
machines. The victims don't need to do anything to get infected except
visit a Web site that's been hacked. Security experts say criminals
have been attacking the vulnerability for nearly a week. Thousands of
sites have been hacked to serve up malicious software that exploits
the vulnerability.
- Microsoft Update Quietly Installs Firefox Extension
(The Washington Post,
2009.05.29)
A routine security update for a Microsoft Windows component installed
on tens of millions of computers has quietly installed an extra
add-on for an untold number of users surfing the Web with Mozilla's
Firefox Web browser. ...'this update adds to Firefox one of the most
dangerous vulnerabilities present in all versions of Internet Explorer:
the ability for Web sites to easily and quietly install software on
your PC.' ... Microsoft tells us that the only way to get rid of this
thing is to modify the Windows registry, an exercise that -- if done
imprecisely -- can cause Windows systems to fail to boot up.
- Microsoft's advice on Downadup leaves users open to attack, says US-CERT
(ComputerWorld,
2009.01.21)
Microsoft Corp.'s advice on disabling Windows' "Autorun" feature is
flawed, the U.S. Computer Emergency Readiness Team (US-CERT) said today,
and it leaves users who rely on its guidelines to protect their PCs
against the fast-spreading Downadup worm open to attack. ... The problem
is that Downadup, which as of last week had infected nearly 9 million
PCs worldwide, tries to spread using USB-based devices, typically flash
drives. ... One security researcher said he was surprised that Microsoft
didn't catch its recommendation errors, particularly in light of the
ongoing Downadup attacks. "Seems unbecoming of Microsoft not to have
been the one posting this information on a blog of theirs,"... He also
bemoaned the need to edit the registry to disable Autorun. "Not only
[is] editing the registry outside the [reach] of most people, but now we
have learned that the information from the source is not complete."
- Windows worm trickery for Vista
(BBC News,
2009.01.21)
The worm is unusually clever in the way that it determines what server
to contact... 'This makes it impossible and/or impractical for us good
guys to shut them all down'... [The virus] has spread to an estimated
9m computers globally.
- 1 in 3 Windows PCs Still Vulnerable To Worm Attack
(Slashdot.org,
2009.01.16)
The worm that has infected several million Windows PCs, Downadup or
'Conficker,' is having a field day because nearly a third of all systems
remain unpatched 80 days after Microsoft rolled out an emergency fix.
- Microsoft confirms that all versions of IE have critical new bug
(ComputerWorld,
2008.12.12)
[Microsoft] adds IE6 and IE8 Beta 2 to the list, recommends disabling
.dll to stay safe. The unpatched bug in Internet Explorer 7 (IE7)
that hackers are now exploiting also exists in older versions of the
browser, including the still-widely-used IE6, Microsoft Corp. said
late yesterday.
Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
- Security loophole found in Windows operating system
(EurekAlert,
2007.11.12)
The significance of the loophole: emails, passwords, credit card
numbers, if they were typed into the computer, and actually all
correspondence that emanated from a computer using 'Windows 2000'
is susceptible to tracking. ... The researchers found the security
loophole in the random number generator of Windows. This is a program
which is, among other things, a critical building block for file and
email encryption, and for the SSL encryption protocol which is used by
all Internet browsers. For example: in correspondence with a bank or
any other website that requires typing in a password, or a credit card
number, the random number generator creates a random encryption key,
which is used to encrypt the communication so that only the relevant
website can read the correspondence. The research team found a way
to decipher how the random number generator works and thereby compute
previous and future encryption keys used by the computer, and eavesdrop
on private communication.
- Hacker, Microsoft duke it out over Vista desin flaw
(ZDNet 'Tracking the hackers' blog,
2007.02.13)
![[]](gfx/vista.gif)
[A security hacker] stumbled upon a 'very severe hole' in the design
of UAC (User Account Control) and found out -- from Microsoft officials
-- that the default no-admin setting isn't even a security mechanism
anymore. ... [UAC] assumes that all setup programs (application
installers) should be run with administrator privileges. ... 'That
means if you download some freeware Tetris game, you will have to
run its installer as administrator, giving it not only full access
to all your file system and registry, but also allowing it to load
kernel drivers.'
- Internet Explorer Unsafe for 284 Days in 2006
(Washington Post 'Security Fix' Blog,
2007.01.03)
For a total 284 days in 2006 (or more than nine months out of the
year), exploit code for known, unpatched critical flaws in [IE] was
publicly available on the Internet. Likewise, there were at least 98
days last year in which no software fixes from Microsoft were available
to fix IE flaws that criminals were actively using to steal personal
and financial data from users. ... In contrast, [the Open Source Mozilla
Firefox browser] experienced a single period lasting just nine days
last year in which exploit code for a serious security hole was posted
online before Mozilla shipped a patch to remedy the problem.
- Virus writers target web videos
(BBC News,
2006.10.31)
Security firms are reporting more and more instances of booby-trapped
Windows codecs - file compressors - required to play some video
formats. Some of the codecs let users play types of net-based video,
but also have spyware and adware wrapped inside. Others, say experts,
are outright fakes that just want to infect victims with data-stealing
programs.
- New Windows attack can kill firewall
(Network World,
2006.10.30)
Hackers have published code that could let an attacker disable the
Windows Firewall on certain Windows XP machines. The code, which was
posted on the Internet early Sunday morning, could be used to disable
the Windows Firewall on a fully patched Windows XP PC that was running
Windows' Internet Connection Service... ypically used by home and
small-business users.
- IE7 flaw a canary in the coalmine?
(iTWire,
2006.10.20)
Internet Explorer 7 is supposed to be one of the big ones for
Microsoft, a catchup browser five years in the making. Aside from
the catchup features, it was the tighter security that was always
going to be the clincher for many users, particularly in the business
world. However, the perception of a more secure browsing experience with
IE7 is already under strain with the discovery of a flaw just hours
after release. ... one could question the entry of Microsoft into the
security space on the eve of the release of Vista in the first place
... why [would] an operating system vendor in the process of releasing
a supposedly rock solid secure system [...] believe there's money to
be made out of security products for that system[?]
- IE7 Vulnerability Discovered
(Slashdot.org,
2006.10.19)
Not 24 hours after the release of IE7, Secunia reports Internet
Explorer Arbitrary Content Disclosure Vulnerability. So much for the
'you wanted it easier and more secure' slogan found on Microsoft's
IE Website.
- Onerous Vista Activation -- A Time Bomb?
(PC Magazine,
2006.10.16)
There has been a lot of chatter recently over some of the newer
activation and validation schemes that Microsoft may or may not
implement with its new Vista operating system. ... Microsoft wants to
put yet another layer into the mix, and this layer -- Windows Genuine
Advantage -- could become a problem if the layer itself is ever targeted
by a virus or Trojan horse. ... I'm more worried about some joker
creating a virus or exploit that turns the good cop [WGA] into a bad
cop, and I can only imagine the destruction and hassle that will ensue.
First of all, this policeman program is also a traffic cop. Aside from
having the potential ability to turn your operating system off so that
it cannot work at all, it is the program that allows your OS to be
upgraded. There will be no patches for an exploit against the program
that turns off upgrades. Once a virus that makes the cop refuse to
authenticate Vista hits the Net, then how can the problem be fixed?
- Vista & Longhorn Server.s .Improved. Security
(The NeoSmart Files,
2006.10.12)
[If] an operating system doesn't get more secure as it progresses and
evolves, there is certainly something fishy going on. ... So what's
the problem? Windows "Longhorn" Server is! While Windows Vista.s
security has steadily improved build-by-build, and while Longhorn.s
kernel and applications may be more secure, Windows Longhorn Server
as a whole most certainly isn.t. Why? Because it never prompts you to
set an Administrator password!
- Tracking down hi-tech crime
(BBC News,
2006.10.08)
If every hour a burglar turned up at your house and rattled the locks
on the doors and windows to see if he could get in, you might consider
moving to a safer neighbourhood. And while that may not be happening
to your home, it probably is happening to any PC you connect to the
net. ... When we put this machine online it was, on average, hit by
a potential security assault every 15 minutes. None of these attacks
were solicited, merely putting the machine online was enough to attract
them. The fastest an attack struck was mere seconds... Often once a
machine has fallen under someone else's control, a keylogger will be
installed to capture information about everything that the real owner
does -- such as login to their online bank account.
- Three's a charm for MS06-042?
(InfoWorld,
2006.09.12)
It's patch Tuesday again, and Microsoft's hoping three's a charm for
its wayward Cumulative [Internet Explorer] patch, MS06-042. The company
quietly re-released (actually re-re-released) [the patch] today to fix yet
another security hole introduced by the [previous] software update. ...
the [Internet Explorer] patch was updated [...] to fix another remote code
execution vulnerability ... That's almost identical to the problem
introduced in the original version of the patch...
Next 25 Articles
Collection originally created by, donated to LUGOD by,
and maintained by
Bill Kendrick.
Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are
trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.
|
|
