l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2012 May 28 09:01

Reasons to Avoid Microsoft


[Bug] [Education] [Government] [Fear, Uncertainty, Doubt] [Security Hole] [MSN Hotmail] [MS Internet Explorer] [MS IIS Webserver] [MSN Instant Messenger] [License] [Linux/Open Source] [Monopoly] [MS Outlook] [Piracy] [Privacy] [Virus/Worm] [MS XBox] [MS Windows XP] [WOW!]
Show All

[Security Hole]

Security Hole


These pages are a compilation of links and quotes to news articles and others sources that might help convince you to switch to Linux.


    Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
  • Microsoft Warns on Windows Security Flaws (AP News, 2004.02.10)
    [Security Hole] [WOW!] Microsoft Corp. warned customers Tuesday about unusually serious security problems with its Windows software that could let hackers quietly break into their computers to steal files, delete data or eavesdrop on sensitive information. ... Microsoft... learned about the flaws more than six months ago from researchers... A Microsoft security executive... said the flawed software was 'an extremely deep and pervasive technology in Window'... 'This is one of the most serious Microsoft vulnerabilities ever released... The breadth of systems affected is probably the largest ever. This is something that will let you get into Internet servers, internal networks, pretty much any system.' ...[Some] computer systems that control critically important power or water utilities were vulnerable.

  • Microsoft Probes Flaw That Could Help Fraudsters Create Fake Web Sites (InformationWeek, 2003.12.11)
    [Security Hole] [MS Internet Explorer] [Privacy] [WOW!] The vulnerability lets attackers display any URL name they wish in the address and status bars of Internet Explorer, allowing them to collect sensitive information. ... This flaw would make it appear to Internet users that they're visiting a banking Web site, for example, when that site is actually a front for fraudsters attempting to collect sensitive financial information.

  • Microsoft Probes Reports of New Holes in Explorer (Yahoo! News, 2003.11.28)
    [Security Hole] [MS Internet Explorer] Two [of the seven] holes are critical and could allow an attacker to run a program that would delete files, crash the machine or take control of it from a remote location...

  • Mail Server Flaw Opens Exchange to Spam (CNet, 2003.11.14)
    [Security Hole] Administrators of e-mail systems based on Microsoft's Exchange might have spammers using their servers to send unsolicited bulk e-mail under their noses, a consultant warned this week.

  • AOL Hacks Subscribers' Computers (Slashdot.org, 2003.10.24)
    [Security Hole] [] [AOL is] going into subscribers' machines, without asking and making [security] adjustments themselves! Though the short term result will probably be good, there are all sorts of implications when your ISP just reaches out and decides how your PC should be configured without your knowledge.

  • Buffer Overrun in Messenger Service Could Allow Code Execution (Microsoft TechNet, 2003.10.15)
    [Security Hole] Customers should disable the Messenger Service immediately... A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. ... The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

  • IE full of holes, unsafe: Security experts (ZDNet Australia, 2003.10.09)
    [Security Hole] [MS Internet Explorer] The comments come after a glut of critical vulnerabilities were discovered in Internet Explorer and a delay of nearly four weeks between the very public disclosure of a critical vulnerability in the browser and the roll-out of a software patch. ... 'Recent exploits of Microsoft software has made it unsafe to surf the Web... it will be very difficult for some users to even know their computer is infected with a virus or otherwise compromised'... 'Internet Explorer was a poorly thoughtout product. In their effort to become the number one browser, by cramming every feature possible, they have in essence forgotten about security and made a system so flexible that its even flexible to hackers'...

  • Linux vs. Windows Viruses (SecurityFocus, 2003.10.02)
    [Security Hole] [Linux/Open Source] To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it. ...even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS's will never experience all of the problems we're seeing now with email-borne viruses and worms in the Microsoft world. ... Even worse, Microsoft's email software is able to infect a user's computer when they do something as innocuous as read an email! Don't believe me? Take a look at [these 6 Microsoft Security Bulletins], for instance. ...due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. ...Linux and Mac OS X establish a more secure footing than Microsoft Windows, one that makes it far harder for viruses to take hold in the first place, but if one does take hold, harder to damage the system, but if one succeeds in damaging the system, harder to spread to other machines and repeat the process.

  • To Fix Software Flaws, Microsoft Invites Attack (New York Times, 2003.09.29)
    [Security Hole] On Sept. 10, after Mr. Kean's team completed another E.R. mission, Microsoft issued an emergency warning of a critical vulnerability in its Windows operating systems and released a patch - its 39th so far this year. What particularly worries computer professionals about the warning is that the security hole in Windows is the same kind of flaw, in the same feature of the operating system, that was exploited in August by the notorious Blaster worm.

  • Three New Critical RPC Flaws Found (eWeek, 2003.09.10)
    [Security Hole] [WOW!] Nearly a month to the day after the Blaster worm began tearing through the Internet... [Microsoft] said that there are three newly identified flaws in the RPC protocol in Windows, two of which are quite similar to the one that Blaster attacks. ... An attacker who exploits one of the [flaws] would be able to run any code he chose on a vulnerable machine.

  • Microsoft Issues Five New Security Warnings (InformationWeek, 2003.09.03)
    [Security Hole] Four of the problems affect Microsoft's Office desktop software. The critical flaw in Visual Basic for Applications could be exploited by a hacker to execute code on a targeted PC, according to Microsoft.

  • Microsoft software "riddled with vulnerabilities", trade body claims (the inquirer, 2003.08.28)
    [Security Hole] [Government] [WOW!] The US Computer and Communications Industry Association (CCIA) has urged the US Department of Homeland Security to avoid using Microsoft software. ... It accuses Microsoft of being more interested in economic marketing and competition than security...

  • Microsoft Windows: Insecure by Design (The Washington Post, 2003.08.24)
    [Security Hole] The usual theory has been that Windows gets all the attacks because almost everybody uses it. ... Even if that changed, Windows would still be an easier target [than Mac OS X or Linux]. In its default setup, Windows XP on the Internet amounts to a car parked in a bad part of town, with the doors unlocked, the key in the ignition and a Post-It note on the dashboard saying, 'Please don't steal this.' ... Because Microsoft blew off security concerns for so long, millions of PCs remain unpatched, ready for the next Windows-transmitted disease.

  • Windows Update flaw 'left PCs open' to MSBlast (ZDNet UK, 2003.08.15)
    [Security Hole] [Virus/Worm] A flaw in Windows Update caused some organisations - including the US Army - to wrongly believe they were protected from MSBlast... 'If you go to Microsoft's site and say, 'tell me if I am up to date', and it says 'you are up to date', but you are not, what are you supposed to do?'...

  • Online document search reveals secrets (New Scientist, 2003.08.15)
    [Security Hole] [Privacy] Many documents published online may unintentionally reveal sensitive corporate or personal information, according to a US computer researcher. After downloading the Word files, Byers used [freely available tools] to convert them to plain text. He then wrote a simple script to locate text that was not displayed in the original Word format. Byers discovered a wealth of deleted text and potentially sensitive information including people's names, email headers, network paths and text from related documents.

  • Voting machine fails inspection (CNet News, 2003.07.24)
    [Government] [Security Hole] University researchers delivered a serious blow to the current crop of electronic voting systems in an analysis of one such system's source code in which they concluded that a voter could cast unlimited ballots without detection. ... For one, the manufacturer chose Windows CE as the operating system--a bad choice from a security standard, [Avi Rubin, an associate professor of computer science at Johns Hopkins University] said. 'Windows has a long history of new releases of patch just about every week,' he said. 'You can't run voting machines on Windows.'

  • 'Critical' flaw found in Windows (BBC News, 2003.07.24)
    [Security Hole] If exploited, the flaw could allow a malicious hacker to run their own specially crafted computer code to plant a virus or even take over a machine. ... Embarrassingly for Microsoft one of the products affected is Windows Server 2003. ... The instruction could get into a computer by being put on a webpage. It can also be put into an e-mail message that uses web formatting.

  • Cracking Windows passwords in seconds (CNet, 2003.07.22)
    [Security Hole] If your passwords consist of letters and numbers, beware. Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds. ... 'Windows passwords are not very good ... The problem with Windows passwords is that they do not include any random information.'

  • Virus Leaks Files From University Hall (The Harvard Crimson, 2003.06.27)
    [Security Hole] [Privacy] [MS Outlook] [WOW!] [Administrators'] personal correspondence -- including a memo concerning a case before the Administrative Board -- found its way to mere acquaintances. The administrative glasnost was not intentional, however, caused instead by a computer virus that swept across the Internet in early June and infected a number of University Hall machines. ... Harvard students reported receiving a variety of seemingly misaddressed, unusual messages... at least one message, sent from an infected machine on the second floor of University Hall and received by at least three Harvard undergraduates, contained a confidential memo [between the Secretary and Dean of the Faculty].

  • New BugBear worm still spreading (MSNBC News, 2003.06.05)
    [Security Hole] [Privacy] [MS Internet Explorer] [MS Outlook] [WOW!] Malicious program specifically targets financial institutions... The new worm spread to 115 countries just hours after its release... '[It] is likely to be more damaging than any virus seen so far this year...' [It] uses a particularly nasty flaw in Microsoft's Internet Explorer program and its implementation by Microsoft's Outlook e-mail reader that allows the virus to infect machines whenever a victim simply previews an e-mail message loaded with the program.

  • Restricted Zone: the OUTLOOK EXPRESS (LUGOD Mailing Lists, 2003.05.21)
    [Security Hole] [MS Outlook] Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. This can be achieved with the default setting of Outlook Express: RESTRICTED ZONE.

  • Hijacking .NET (Slashdot.org, 2003.05.21)
    [Security Hole] Private members are, in essence, pieces of code that you don't want other programmers to access. You use them to support your own code, and you make public the pieces that you want to make available to other developers. Typically, a language ensures that a member marked as private is hidden from anyone who doesn't have your source code, but Appleman shows how in .NET it's not so.

  • Flaw exposes Microsoft ID service (BBC News, 2003.05.09)
    [Security Hole] [Privacy] [WOW!] Microsoft has admitted that for the last seven months up to 200 million Passport accounts have been vulnerable to plundering by thieves and malicious hackers. ... The vulnerability lets a criminal get access to a Passport account using a specific web address and a trigger phrase. ... Passport is closely tied to Microsoft's Windows XP, Hotmail and instant messaging products. ... Criminals exploiting the flaw could have gained access to personal information, credit card details and online mail accounts. ... [The researcher who discovered the flaw] sent 10 messages to Microsoft detailing the vulnerability but got no response. Microsoft only reacted when information about the flaw was posted online.

  • Microsoft Shell Light-Weight Utility Library Denial of Service (Secunia, 2003.04.23)
    [Security Hole] A vulnerability identified in a library included in Windows XP and Internet Explorer version 4.0 and newer can be exploited to cause a DoS (Denial of Service) on certain applications. [...] An example was provided in the original advisory... [it is simple, plain HTML that can be included in any web page or e-mail]

  • Latest Windows flaw: 2000 users advised not to patch (The Age, 2003.04.17)
    [Security Hole] Microsoft has released details of another vulnerability [...] which can be exploited by malicious users on a vulnerable system to escalate their privileges. ... Patches have been issued for the Windows versions which have the flaw... However [a warning has been made to] users of Windows 2000 systems to avoid applying the patch as it contains a number of files which have not been listed in the Knowledge Base article pertaining to the flaw.

Next 25 Articles

Collection originally created by, donated to LUGOD by, and maintained by Bill Kendrick.

Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!