| Events |
|
|
|
|
|
|
|
|
| Services |
|
|
|
|
| Interact |
|
|
|
|
|
|
| About Us |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reasons to Avoid Microsoft
![[Bug]](gfx/bug.gif "Bug")
![[Education]](gfx/edu.gif "Education")
![[Government]](gfx/fed.gif "Government")
![[Fear, Uncertainty, Doubt]](gfx/fud.gif "Fear, Uncertainty, Doubt")
![[Security Hole]](gfx/hole.gif "Security Hole")
![[MSN Hotmail]](gfx/hotmail.gif "MSN Hotmail")
![[MS Internet Explorer]](gfx/ie.gif "MS Internet Explorer")
![[MS IIS Webserver]](gfx/iis.gif "MS IIS Webserver")
![[MSN Instant Messenger]](gfx/im.gif "MSN Instant Messenger")
![[License]](gfx/lic.gif "License")
![[Linux/Open Source]](gfx/linux.gif "Linux/Open Source")
![[Monopoly]](gfx/monopoly.gif "Monopoly")
![[MS Outlook]](gfx/outlook.gif "MS Outlook")
![[Piracy]](gfx/piracy.gif "Piracy")
![[Privacy]](gfx/priv.gif "Privacy")
![[Virus/Worm]](gfx/virus.gif "Virus/Worm")
![[MS XBox]](gfx/xbox.gif "MS XBox")
![[MS Windows XP]](gfx/xp.gif "MS Windows XP")
![[WOW!]](gfx/wow.gif "WOW!")
Show All
Security Hole
These pages are a compilation of links and quotes to news articles and
others sources that might help convince you to switch to Linux.
Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
- With Exploits Out, MS Braces for Worm Attack
(eWeek,
2006.08.10)
A network worm attack exploiting a critical Microsoft Windows
vulnerability appears inevitable... An exploit module [exists] that
could launch attacks against all unpatched Windows 2000 systems and
some versions of Windows XP. ... "The nature of the vulnerability
itself is something that should be taken very seriously. The fact that
exploits were out even before Patch Day and now that public code is
available for anyone to download and use, that's enough to treat this
as a high-priority issue..."
- Flaw finders lay siege to Microsoft Office
(The Register,
2006.07.22)
So far this year, the software giant has detailed at least 24
Office flaws found by outside researchers in its monthly bulletins,
six times the number of Office flaws found in all of 2005. The count
also surpasses the 20 flaws that Microsoft has fixed so far this
year in Internet Explorer, a perennial favorite among vulnerability
researchers. ... While a vulnerability in a remote network service could
be exploited to create a worm and tends to worry system administrators
more, the rash of attacks leveraging the Office vulnerabilities to
compromise specific companies underscores the seriousness of the
current threat. ... While Office files require some user interaction
to compromise a victim's system, most workers are now accustomed to
receiving such files, especially if attached to an e-mail that appears
to be genuine...
- Hacked Ad Seen on MySpace Served Spyware to a Million
(Washington Post,
2006.07.20)
An online banner advertisement that ran on MySpace.com and other sites
over the past week used a Windows security flaw to infect more than a
million users with spyware when people merely browsed the sites with
unpatched versions of Windows... online criminal groups have been using
the flaw to install adware, keystroke loggers and all manner of invasive
software for the past seven months. This stuff bombards the user with
pop-up ads and tracks their Web usage. Only a little more than half
of the anti-virus programs [tested] flagged the various programs that
the Trojan tried to download as malicious or suspicious.
- Symantec sees an Achilles' heel in Vista
(Symantec,
2006.07.18)
Some of Microsoft's efforts to make Windows Vista its most stable and
secure operating system ever could cause instability and new security
flaws, according to a Symantec report. ... Aside from security flaws,
features supported by Vista's new networking technology could expose
a PC running the operating system, according to Symantec's report.
- Yamanner - JavaScript worm that targets Yahoo! Mail
(F-Secure,
2006.06.13)
The Yamanner worm does not send itself as an attachment, it resides
inside the e-mail body. The worm activates automatically by just
opening an infected e-mail message with Internet Explorer.
- Internet Explorer Window Loading Race Condition Address Bar Spoofing
(Secunia,
2006.04.04)
[A] vulnerability in Internet Explorer [has been discovered] which can
be exploited by malicious people to conduct phishing attack.
- Microsoft Confirms IE Under Attack
(Microsoft Watch,
2006.03.25)
[An] unpatched flaw in Internet Explorer [discovered last week is]
already being exploited by hackers who are using hijacked Web servers
and compromised Web sites to launch a wave of attacks against Microsoft
browser users.
- Invasion of the Computer Snatchers
(Washingtonpost.com,
2006.02.19)
Hackers are hijacking thousands of PCs to spy on users, shake down
online businesses, steal identities and send millions of pieces of
spam. If you think your computer is safe, think again. ... At the
moment, [the hacker interviewed] controls more than 13,000 computers
in more than 20 countries. This morning he installs spyware on just
a few hundred of the 2,000 PCs that he has commandeered in the last
few hours
- Microsoft warns of file-trashing worm
(Network World,
2006.01.31)
Microsoft has published a security advisory warning Windows users of
a file-trashing worm that has been circulating via e-mail for several
weeks. The worm, which is programmed to destroy a wide variety of
files on the third day of every month, has been circulating since
mid-January, and is estimated to have infected between 250,000 and
300,000 systems worldwide.
- Two New Windows Metafile Bugs Found
(PC World,
2006.01.09)
Just days after Microsoft patched a critical vulnerability in the way
the Windows operating system renders certain types of graphics files,
a hacker has published details of two new flaws that affect the same
part of the operating system.
- Critical Windows Patch Fights Takeover Attacks
(eWeek,
2005.11.08)
Three image-rendering flaws in the Windows operating system could put
millions of Internet-connected users at risk of PC takeover attacks,
Microsoft Corp. warned on Tuesday. The flaws could be exploited via
any software that displays images, including the widely used Microsoft
Outlook, Microsoft Word and Internet Explorer programs.
- Microsoft probes report of IE flaw
(CNet News,
2005.09.28)
A new flaw in Internet Explorer could be exploited to launch
spoof-based attacks, or access and change data on vulnerable PCs,
security experts have warned. ... An attacker could spoof a legitimate
Web site, access data from the Web browser's cache or stage a so-called
man-in-the-middle attack, which taps into traffic between a user
and another Web site... Fully-patched computers running Windows XP
with Service Pack 2 and Internet Explorer 6.0 are vulnerable to this
issue...
- IE flaw puts Windows XP SP2 at risk
(CNet News,
2005.09.16)
A flaw has been discovered in Internet Explorer that could enable a
remote attack on systems running Windows XP with Service Pack 2...
- Microsoft Investigates New XP SP2 Flaw
(eWeek,
2005.07.15)
Microsoft has acknowledged that it is working on a patch for
a potentially serious security hole in fully patched versions of
Windows XP Service Pack 2. ... The flaw warnings come just days after
Microsoft released three bulletins to fix "critical" security holes
affecting users of its widely used Microsoft Word and Internet Explorer
products.
- The 12-minute Windows Heist
(Slashdot.org,
2005.06.30)
[There's] a 50 percent chance unprotected Windows PCs will be compromised
within 12 minutes of going online. ... almost 8,000 new viruses [were
released] in the first half of 2005 ... up 59 percent on the same period last
year.
- Computers' Insecure Security
(BusinessWeek,
2005.06.17)
[Windows users] may not be as secure as [they] think. Hackers are
increasingly finding flaws in the very programs designed to prevent
attacks -- computer-security software.
- RSA: Microsoft on 'rootkits': Be afraid, be very afraid
(ComputerWorld,
2005.02.17)
Microsoft Corp. security researchers are warning about a new generation
of powerful system-monitoring programs, or 'rootkits,' that are almost
impossible to detect using current security products and could pose
a serious risk to corporations and individuals. ... Some newer rootkits
are able to intercept queries or 'system calls' that are passed to the
kernel and filter out queries generated by the rootkit software. The
result is that typical signs that a program is running, such as an
executable file name, a named process that uses some of the computer's
memory, or configuration settings in the operating system's registry,
are invisible to administrators and to detection tools...
- Hackers Tune In to Windows Media Player
(eWeek,
2005.01.10)
Hackers are using the newest [Digital Rights Management] technology in
Microsoft's Windows Media Player to install spyware, adware, dialers
and computer viruses on unsuspecting PC users. Security researchers
have detected the appearance of two new Trojans ... in video files
circulating on P2P (peer-to-peer) networks. ... 'In this case, they're
using technology meant to secure content.' ... [These] files can [also]
be distributed via e-mail, FTP or other Internet download avenues.
'All told, the infection added 58 folders, 786 files and an incredible
11,915 registry entries to my test computer. Not one of these programs
had showed me any license agreement, nor had I consented to their
installation on my computer...'
- IE Plagued by 'Extremely Critical' Flaws
(TechNewsWorld,
2005.01.10)
Secunia recommends users drop IE and use an alternative browser. ...
Millions of Internet Explorer 6 users are at risk from three 'extremely
critical' security holes that give hackers open access to PCs
running the browser -- even if Windows XP Service Pack Two has been
installed. ... '[A] very critical vulnerability has been developed that
can compromise a user's system without the need for user interaction
besides visiting the malicious page.'
- Microsoft Internet Explorer Multiple Vulnerabilities
(Secunia,
2005.01.07)
Some vulnerabilities have been discovered in Internet Explorer, which
can be exploited by malicious people to compromise a user's system,
conduct cross-site/zone scripting and bypass a security feature in
Microsoft Windows XP SP2. ... Vulnerability 1 and 2, or 3 alone,
in combination with an inappropriate behaviour where the ActiveX
Data Object (ADO) model can write arbitrary files can be exploited
to compromise a user's system. This has been confirmed on a fully
patched system with Internet Explorer 6.0 and Microsoft Windows XP
SP2. Solution: Use another product.
- Symantec: Phel Trojan horse attacks on Windows XP
(Computer World,
2004.12.30)
The Trojan is capable of remotely controlling a user's system even
if the latest Windows XP Service Pack, SP2, has been installed.
- Three new Windows security holes come at a bad time
(USA Today,
2004.12.24)
Three new vulnerabilities have been discovered in Microsoft's Windows
operating system, leaving computers running that OS open to possible
hacker attacks -- including PCs running the recently released XP SP2
(Service Pack 2).
- Who Profits from Security Holes?
(Benjamin Edelman's website,
2004.11.18)
How bad is this problem? How much junk can get installed on a user's
PC by merely visiting a single site? I set out to see for myself --
by visiting a single web page taking advantage of a security hole
(in an ordinary fresh copy of Windows XP), and by recording what
programs that site caused to be installed on my PC. In the course of
my testing, my test PC was brought to a virtual stand-still -- with
at least 16 distinct programs installed. I was not shown licenses or
other installation prompts for any of these programs, and I certainly
didn't consent to their installation on my PC.
- Security company warning of vulnerabilities in Windows XP SP2
(PC Pro,
2004.11.12)
A US security company is warning that it has found ten 'serious'
vulnerabilities in Windows XP systems with SP2 installed. ... [a]
successful attacker could 'silently' gain remote control of an SP2
machine when the target system is used to browse the Internet. ... 'A
security patch of Windows operating system without changing the rules
of the game will not be enough to fight the recent complex malicious
code attacks such as Scob, Mydoom, and others.'
- Bofra worm sets trap for unwary
(The Register,
2004.11.10)
Bofra-A poses as photos from an adult webcam in an attempt to
fool users into clicking on a link. Clicking on the link causes
the targeted PC to run malicious script hosted on a previously
infected computer. ... Once a new system is infected, the worm
sets up an embedded web server... Infected PCs establish an IRC
session... allowing hackers to control compromised machines. The worm
also harvests to further its propagation. Unlike standard bulk-mailing
worms, Bofra does not send copies of itself within infected email but
a HTTP link that points to the host that sent the infected email.
Next 25 Articles
Collection originally created by, donated to LUGOD by,
and maintained by
Bill Kendrick.
Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are
trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.
|
|
