These pages are a compilation of links and quotes to news articles and
others sources that might help convince you to switch to Linux.
Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
Really critical hole in Microsoft Web software
(The Register,
2002.11.21)
ust one day after raising the threshold beyond which it considers security
vulnerabilities 'critical,' Microsoft Corp released a security advisory
saying there is a 'critical' hole in its browsers and web servers that could
cause serious problems, even if it is patched. ... 'This vulnerability is
rated critical because an attacker could take over an IIS server or an
Internet Explorer client and run code,' Microsoft warned. ... To make matters
worse, it is currently possible to make patched systems vulnerable again,
Microsoft said. A malicious attacker would be able to reintroduce the
vulnerable control with just a specially [written] HTML document.
Users that have their browsers configured to trust Microsoft-signed ActiveX
controls by default would have the vulnerability reintroduced without their
knowledge.
Microsoft discloses 'critical' security flaws - Office, IE lapses put millions in danger of being hacked
(CNN,
2002.Aug.23)
Microsoft Corp. said ... that 'critical' security lapses in its Office
software and Internet Explorer Web browser put tens of millions of users
at risk of having their files read and altered by online attackers. ...
[An] attacker, using e-mail or a Web page, could... alter data and
wipe out the hard drive as well as view file and clipboard contents on
a user's system. ... In addition [they] reported vulnerabilities in the
three latest versions of [Internet Explorer] that allows infiltrators
to read files.
MS security hole extravaganza
(The Register,
2002.Jun.13)
MS has been sitting on a number of security holes which it's decided
to dump on us all at once. ... MS soft-pedals the severity in classic
form, labeling this one "Moderate." But the eEye bulletin rightly points
out that a target machine can be owned with a single session if the attacker
knows what he's doing. ... Apparently, users had trusted the MS
patch to fix their systems properly. Well it didn't... Apparently, the
[previously reported Gopher exploit] is a bit worse than MS had originally
thought, and affects not [just] IE...
Security Flaw Found in Explorer
(Yahoo! Finance,
2002.Jun.04)
A security flaw in Microsoft's Internet Explorer browser could allow a
hacker to take control of a remote computer if its user clicks a link...
[A] hacker could take over a user's computer simply by having the user
click on a link... That one click would install and run any program the
hacker chose on the victim's computer, and the victim might never know. ...
All versions of Internet Explorer are believed to be vulnerable...
The pop-up ad campaign from hell
(Salon,
2002.May.07)
It's the latest in Web marketing innovation: Hijacked Web surfers, exploited
Web browser vulnerabilities and malicious spyware all wrapped up together.
... Thousands of unsuspecting visitors to a family entertainment site are
discovering a cornucopia of unwanted, potentially malicious software on
their computers -- the result of a pop-up ad campaign, a booby-trapped
Web site, [and] a compromised Web browser... code in the pages at
[the malicious website] exploited a known flaw in [the] Internet Explorer
browser to covertly download the first of 10 files onto visitors'
computers. ... 'When you exploit a security bug to get your program
onto someone's PC, you've crossed the boundary into what we consider
malicious'...
Using the backbutton in IE is dangerous
(BugTraq,
2002.Apr.14)
IE allows urls containing the javascript protocol in the history list.
Code injected in the url will operate in the same zone/domain as the last
url viewed. The javascript url can be set to trigger when a user presses
the backbutton.
Microsoft: Can't pull IE from Windows
(CNN,
2002.Mar.05)
Allchin admitted to lawyers for the states that Microsoft violated the
law... The company faces several allegations of violations that involve
infringing on consumer choice and unfairly hurting competitors.
Removing IE would kill Win2k, WinXP, MS, says Redmond
(The Register,
2002.Mar.04)
Both Windows XP and Windows 2000 will be rendered inoperable, and
Microsoft will be unable to develop future new operating systems, if
it is forced to separate IE from the operating system, according to court
filings the company made on Friday. ... [An] mail from Bill Gates from
February 1997 [said] it would be important to leverage the OS to make
people use IE instead of Navigator, and there was much else that suggested
bolting the two together was a predatory decision, rather than a technical
one.
Three new MS security holes - two nasty
(The Register,
2002.Feb.22)
[A bug in] Microsoft XML Core Services ... [means] that an attacker
could request data from the user's local drive. ... a defective
ISAPI filter in Commerce Server 2000 ... can lead to a root compromised.
... [a problem in] VBscript in Internet Explorer ... could allow an
attacker to read files on a victim's local drive, or eavesdrop on his
browsing session. ... This could enable an attacker to glean personal
information like login names and passwords, and credit card details.
Active exploitation of Windows IE javascript vulnerability
(is|media,
2002.Feb.13)
...it can present users with random pop-up advertising of a questionable
nature. ... it moves a user's home page or search page preference so it
displays the site through a third-party, potentially exposing the user to
additional ads or malicious software everytime they either use a default
search or open a new browser window ... [and] prevents the user from
adjusting their home page or search preferences, effectively locking them
into the change. ... it is recommended users install any and all vendor
supplied patches or switch to Netscape 6.2/Mozilla 0.9.8, browsers that
do not appear to be vulnerable to this problem, primarily since they
are not known to be vulnerable to the same flaw IE is. Since it changes
take place in the Windows registry, only Windows users appear to be at
risk.
Castles Built on Sand: Why Software is Insecure
(Security Focus,
2002.Jan.30)
Internet Explorer is one of many examples of insecure software. Some call
Internet Explorer the browser that made the Internet accessible to the
masses. Others call it an accident waiting to happen (again and again). ...
Within nine days of its release the very first exploit for IE 3.0 was
discovered... [Until Microsoft makes security a programming priority],
organizations that base their operations on bug-weakened software will
continue to be castles built on sand.
Microsoft To Plug Devastating Browser Download Hole
(Newsbytes,
2001.Dec.11)
[There is a] flaw in [Internet Explorer] that could allow an attacker
to silently download and execute malicious programs on the computers of
users who view a specially constructed Web page or e-mail message. ...
The vulnerability affects IE for Windows versions 5, 5.5, and 6 ...
as a result of the security flaw, a malicious Web site could 'relatively
easily and unnoticeably ... spread virii, install DDoS zombies or
backdoors, format hard disks, and so on'... The flaw is particularly
dangerous because it can be exploited using ordinary Web page
code, without help from JavaScript or other scripting
programs... the IE download flaw [is] 'a very serious problem' and
potentially one of the most severe ever to affect the browser. ...
Microsoft initially denied that the ability to 'spoof' file types in
IE represented a security vulnerability...
Cookie Data in IE Can Be Exposed or Altered Through Script Injection
(Microsoft Tech Net,
2001.Nov.8)
Who should read this bulletin: Customers using Microsoft Internet Explorer.
Impact of vulnerability: Exposure and altering of data in cookies.
Maximum Severity Rating: High.
Tim Berners-Lee on Microsoft's Latest Browser Tricks
(SiliconValley.com,
2001.Oct.26)
'I have fought since the beginning of the Web for its openness:
that anyone can read Web pages with any software running on any
hardware. ... When I see any Web site claim to be only readable using
particular hardware or software, I cringe... Amaya, the browser which W3C
[itself] develops ... and which arguably has the best W3C compliance,
is blocked from www.msn.com.' What has Microsoft learned from its
antitrust experiences? 'I can't answer that one.'
New Windows XP Feature Can Re-Edit Others' Sites
(Wall Street Journal,
2001.Jun.7)
One key test of Windows XP will be whether its features do more to
benefit consumers or Microsoft's business plan. ...
The feature ... allows Microsoft's Internet Explorer Web browser
... to turn any word on any Web site into a link to Microsoft's own
Web sites and services, or to any other sites Microsoft favors.
... [Smart Tags] mean that the company that controls the Web browser
is using that power to actually alter others' Web sites to its own
advantage.
Windows XP may steer users' Web choices
(C|Net News,
2001.Jun.6)
'Wouldn't that be something?' [Gartner analyst Michael Silver] said.
'You spend millions of dollars designing a Web site, and Microsoft has
a Smart Tag that sends (users) to one of (Microsoft's) own sites.'
Impact of vulnerability: Run code of attacker's choice.
IE 5.5 Tracking Default Bookmarks
(Slashdot.org,
2000.Sep.13)
[The] default bookmarks in Microsoft Explorer 5.5 [...] go via
a redirection via Microsoft.
IE Feature Can Track Web Surfers Without Warning
(c|net News,
2000.Sep.11)
Privacy advocates complain [...] that Web sites could uniquely
identify visitors as they return over time--without any warning
from IE.
Collection originally created by, donated to LUGOD by,
and maintained by
Bill Kendrick.
Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are
trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.
Hosting provided by: Sunset Systems
Sunset Systems offers preconfigured Linux
systems, remote system administration and
custom software development.
LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617 Contact Us
LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.
Sponsored in
part by: For donating some give-aways for our meetings.
![[Bug]](gfx/bug.gif "Bug"){kind=small}
![[Education]](gfx/edu.gif "Education"){kind=small}
![[Government]](gfx/fed.gif "Government"){kind=small}
![[Fear, Uncertainty, Doubt]](gfx/fud.gif "Fear, Uncertainty, Doubt"){kind=small}
![[Security Hole]](gfx/hole.gif "Security Hole"){kind=small}
![[MSN Hotmail]](gfx/hotmail.gif "MSN Hotmail"){kind=small}
![[MS Internet Explorer]](gfx/ie.gif "MS Internet Explorer"){kind=small}
![[MS IIS Webserver]](gfx/iis.gif "MS IIS Webserver"){kind=small}
![[MSN Instant Messenger]](gfx/im.gif "MSN Instant Messenger"){kind=small}
![[License]](gfx/lic.gif "License"){kind=small}
![[Linux/Open Source]](gfx/linux.gif "Linux/Open Source"){kind=small}
![[Monopoly]](gfx/monopoly.gif "Monopoly"){kind=small}
![[MS Outlook]](gfx/outlook.gif "MS Outlook"){kind=small}
![[Piracy]](gfx/piracy.gif "Piracy"){kind=small}
![[Privacy]](gfx/priv.gif "Privacy"){kind=small}
![[Virus/Worm]](gfx/virus.gif "Virus/Worm"){kind=small}
![[MS XBox]](gfx/xbox.gif "MS XBox"){kind=small}
![[MS Windows XP]](gfx/xp.gif "MS Windows XP"){kind=small}
![[WOW!]](gfx/wow.gif "WOW!"){kind=small}
