| Events |
|
|
|
|
|
|
|
|
| Services |
|
|
|
|
| Interact |
|
|
|
|
|
|
| About Us |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reasons to Avoid Microsoft
![[Bug]](gfx/bug.gif "Bug")
![[Education]](gfx/edu.gif "Education")
![[Government]](gfx/fed.gif "Government")
![[Fear, Uncertainty, Doubt]](gfx/fud.gif "Fear, Uncertainty, Doubt")
![[Security Hole]](gfx/hole.gif "Security Hole")
![[MSN Hotmail]](gfx/hotmail.gif "MSN Hotmail")
![[MS Internet Explorer]](gfx/ie.gif "MS Internet Explorer")
![[MS IIS Webserver]](gfx/iis.gif "MS IIS Webserver")
![[MSN Instant Messenger]](gfx/im.gif "MSN Instant Messenger")
![[License]](gfx/lic.gif "License")
![[Linux/Open Source]](gfx/linux.gif "Linux/Open Source")
![[Monopoly]](gfx/monopoly.gif "Monopoly")
![[MS Outlook]](gfx/outlook.gif "MS Outlook")
![[Piracy]](gfx/piracy.gif "Piracy")
![[Privacy]](gfx/priv.gif "Privacy")
![[Virus/Worm]](gfx/virus.gif "Virus/Worm")
![[MS XBox]](gfx/xbox.gif "MS XBox")
![[MS Windows XP]](gfx/xp.gif "MS Windows XP")
![[WOW!]](gfx/wow.gif "WOW!")
Show All
Security Hole
These pages are a compilation of links and quotes to news articles and
others sources that might help convince you to switch to Linux.
Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
- Microsoft Warns on Windows Security Flaws
(AP News,
2004.02.10)
Microsoft Corp. warned customers Tuesday about unusually serious security
problems with its Windows software that could let hackers quietly break into
their computers to steal files, delete data or eavesdrop on sensitive
information. ... Microsoft... learned about the flaws more than six months
ago from researchers... A Microsoft security executive... said the flawed
software was 'an extremely deep and pervasive technology in Window'...
'This is one of the most serious Microsoft vulnerabilities ever released...
The breadth of systems affected is probably the largest ever. This is
something that will let you get into Internet servers, internal networks,
pretty much any system.' ...[Some] computer systems that control critically
important power or water utilities were vulnerable.
- Microsoft Probes Flaw That Could Help Fraudsters Create Fake Web Sites
(InformationWeek,
2003.12.11)
The vulnerability lets attackers display any URL name they wish in the address and status bars of Internet Explorer, allowing them to collect sensitive information. ... This flaw would make it appear to Internet users that they're visiting a banking Web site, for example, when that site is actually a front for fraudsters attempting to collect sensitive financial information.
- Microsoft Probes Reports of New Holes in Explorer
(Yahoo! News,
2003.11.28)
Two [of the seven] holes are critical and could allow an attacker to run a
program that would delete files, crash the machine or take control of it
from a remote location...
- Mail Server Flaw Opens Exchange to Spam
(CNet,
2003.11.14)
Administrators of e-mail systems based on Microsoft's Exchange might have
spammers using their servers to send unsolicited bulk e-mail under their
noses, a consultant warned this week.
- AOL Hacks Subscribers' Computers
(Slashdot.org,
2003.10.24)
![[]](gfx/privacy.gif)
[AOL is] going into subscribers' machines, without asking and making
[security] adjustments themselves! Though the short term result will
probably be good, there are all sorts of implications when your ISP
just reaches out and decides how your PC should be configured without
your knowledge.
- Buffer Overrun in Messenger Service Could Allow Code Execution
(Microsoft TechNet,
2003.10.15)
Customers should disable the Messenger Service immediately...
A security vulnerability exists in the Messenger Service that could allow
arbitrary code execution on an affected system. ... The attacker could then
take any action on the system, including installing programs, viewing,
changing or deleting data, or creating new accounts with full privileges.
- IE full of holes, unsafe: Security experts
(ZDNet Australia,
2003.10.09)
The comments come after a glut of critical vulnerabilities were discovered
in Internet Explorer and a delay of nearly four weeks between the very
public disclosure of a critical vulnerability in the browser and the
roll-out of a software patch. ... 'Recent exploits of Microsoft software has
made it unsafe to surf the Web... it will be very difficult for some users
to even know their computer is infected with a virus or otherwise
compromised'... 'Internet Explorer was a poorly thoughtout product.
In their effort to become the number one browser, by cramming every feature
possible, they have in essence forgotten about security and made a system so
flexible that its even flexible to hackers'...
- Linux vs. Windows Viruses
(SecurityFocus,
2003.10.02)
To mess up a Linux box, you need to work at it; to mess up your Windows box,
you just need to work on it. ...even if Linux becomes the dominant desktop
computing platform, and Mac OS X continues its growth in businesses and
homes, these Unix-based OS's will never experience all of the problems
we're seeing now with email-borne viruses and worms in the Microsoft world.
... Even worse, Microsoft's email software is able to infect a user's
computer when they do something as innocuous as read an email! Don't
believe me? Take a look at [these 6 Microsoft Security Bulletins],
for instance. ...due to the strong separation between normal users and
the privileged root user, our Linux user would have to be running as
root to really do any damage to the system. ...Linux and Mac OS X
establish a more secure footing than Microsoft Windows, one that makes
it far harder for viruses to take hold in the first place, but if one
does take hold, harder to damage the system, but if one succeeds in
damaging the system, harder to spread to other machines and repeat the
process.
- To Fix Software Flaws, Microsoft Invites Attack
(New York Times,
2003.09.29)
On Sept. 10, after Mr. Kean's team completed another E.R. mission,
Microsoft issued an emergency warning of a critical vulnerability in its
Windows operating systems and released a patch - its 39th so far this year.
What particularly worries computer professionals about the warning is that
the security hole in Windows is the same kind of flaw, in the same feature
of the operating system, that was exploited in August by the notorious
Blaster worm.
- Three New Critical RPC Flaws Found
(eWeek,
2003.09.10)
Nearly a month to the day after the Blaster worm began tearing through
the Internet... [Microsoft] said that there are three newly identified
flaws in the RPC protocol in Windows, two of which are quite similar to
the one that Blaster attacks. ... An attacker who exploits one of the
[flaws] would be able to run any code he chose on a vulnerable machine.
- Microsoft Issues Five New Security Warnings
(InformationWeek,
2003.09.03)
Four of the problems affect Microsoft's Office desktop software. The critical
flaw in Visual Basic for Applications could be exploited by a hacker to execute
code on a targeted PC, according to Microsoft.
- Microsoft software "riddled with vulnerabilities", trade body claims
(the inquirer,
2003.08.28)
The US Computer and Communications Industry Association (CCIA) has urged the US
Department of Homeland Security to avoid using Microsoft software. ...
It accuses Microsoft of being more interested in economic marketing and
competition than security...
- Microsoft Windows: Insecure by Design
(The Washington Post,
2003.08.24)
The usual theory has been that Windows gets all the attacks because almost
everybody uses it. ... Even if that changed, Windows would still be an easier
target [than Mac OS X or Linux]. In its default setup, Windows XP on the
Internet amounts to a car parked in a bad part of town, with the doors unlocked,
the key in the ignition and a Post-It note on the dashboard saying, 'Please don't
steal this.' ... Because Microsoft blew off security concerns for so long, millions
of PCs remain unpatched, ready for the next Windows-transmitted disease.
- Windows Update flaw 'left PCs open' to MSBlast
(ZDNet UK,
2003.08.15)
A flaw in Windows Update caused some organisations - including the US Army -
to wrongly believe they were protected from MSBlast...
'If you go to Microsoft's site and say, 'tell me if I am up to date', and it
says 'you are up to date', but you are not, what are you supposed to do?'...
- Online document search reveals secrets
(New Scientist,
2003.08.15)
Many documents published online may unintentionally reveal sensitive
corporate or personal information, according to a US computer researcher.
After downloading the Word files, Byers used [freely available tools]
to convert them to plain text. He then wrote a simple script to locate text
that was not displayed in the original Word format. Byers discovered a wealth
of deleted text and potentially sensitive information including people's
names, email headers, network paths and text from related documents.
- Voting machine fails inspection
(CNet News,
2003.07.24)
University researchers delivered a serious blow to the current crop of
electronic voting systems in an analysis of one such system's source code
in which they concluded that a voter could cast unlimited ballots without
detection. ... For one, the manufacturer chose Windows CE as the operating
system--a bad choice from a security standard, [Avi Rubin,
an associate professor of computer science at Johns Hopkins University] said.
'Windows has a long history of new releases of patch just about every week,'
he said. 'You can't run voting machines on Windows.'
- 'Critical' flaw found in Windows
(BBC News,
2003.07.24)
If exploited, the flaw could allow a malicious hacker to run their own
specially crafted computer code to plant a virus or even take over a
machine. ... Embarrassingly for Microsoft one of the products affected is
Windows Server 2003. ... The instruction could get into a computer by being
put on a webpage. It can also be put into an e-mail message that uses web
formatting.
- Cracking Windows passwords in seconds
(CNet,
2003.07.22)
If your passwords consist of letters and numbers, beware.
Swiss researchers released a paper on Tuesday outlining a way to speed the
cracking of alphanumeric Windows passwords, reducing the time to break such
codes to an average of 13.6 seconds, from 1 minute 41 seconds. ...
'Windows passwords are not very good ... The problem with Windows passwords
is that they do not include any random information.'
- Virus Leaks Files From University Hall
(The Harvard Crimson,
2003.06.27)
[Administrators'] personal correspondence -- including a memo concerning
a case before the Administrative Board -- found its way to mere
acquaintances. The administrative glasnost was not intentional, however,
caused instead by a computer virus that swept across the Internet in early
June and infected a number of University Hall machines. ...
Harvard students reported receiving a variety of seemingly misaddressed,
unusual messages... at least one message, sent from an infected machine on
the second floor of University Hall and received by at least three Harvard
undergraduates, contained a confidential memo [between the Secretary and
Dean of the Faculty].
- New BugBear worm still spreading
(MSNBC News,
2003.06.05)
Malicious program specifically targets financial institutions...
The new worm spread to 115 countries just hours after its release...
'[It] is likely to be more damaging than any virus seen so far this year...'
[It] uses a particularly nasty flaw in Microsoft's Internet Explorer program
and its implementation by Microsoft's Outlook e-mail reader that allows the
virus to infect machines whenever a victim simply previews an e-mail message
loaded with the program.
- Restricted Zone: the OUTLOOK EXPRESS
(LUGOD Mailing Lists,
2003.05.21)
Silent delivery and installation of an executable on a target
computer. No client input other than opening an email or newsgroup post.
This can be achieved with the default setting of Outlook Express:
RESTRICTED ZONE.
- Hijacking .NET
(Slashdot.org,
2003.05.21)
Private members are, in essence, pieces of code that you don't want other
programmers to access. You use them to support your own code, and you make
public the pieces that you want to make available to other developers.
Typically, a language ensures that a member marked as private is hidden from
anyone who doesn't have your source code, but Appleman shows how in .NET it's
not so.
- Flaw exposes Microsoft ID service
(BBC News,
2003.05.09)
Microsoft has admitted that for the last seven months up to 200 million
Passport accounts have been vulnerable to plundering by thieves and malicious
hackers. ... The vulnerability lets a criminal get access to a Passport
account using a specific web address and a trigger phrase. ...
Passport is closely tied to Microsoft's Windows XP, Hotmail and instant
messaging products. ... Criminals exploiting the flaw could have gained
access to personal information, credit card details and online mail
accounts. ... [The researcher who discovered the flaw] sent 10 messages to
Microsoft detailing the vulnerability but got no response. Microsoft only
reacted when information about the flaw was posted online.
- Microsoft Shell Light-Weight Utility Library Denial of Service
(Secunia,
2003.04.23)
A vulnerability identified in a library included in Windows XP and Internet
Explorer version 4.0 and newer can be exploited to cause a DoS (Denial of
Service) on certain applications. [...] An example was provided in the
original advisory... [it is simple, plain HTML that can be included in any
web page or e-mail]
- Latest Windows flaw: 2000 users advised not to patch
(The Age,
2003.04.17)
Microsoft has released details of another vulnerability [...]
which can be exploited by malicious users on a vulnerable system
to escalate their privileges. ... Patches have been issued for the
Windows versions which have the flaw... However [a warning has been made
to] users of Windows 2000 systems to avoid applying the patch as it
contains a number of files which have not been listed in the Knowledge
Base article pertaining to the flaw.
Next 25 Articles
Collection originally created by, donated to LUGOD by,
and maintained by
Bill Kendrick.
Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are
trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.
|
|
