|
[an error occurred while processing this directive]
| | The Evil Empire - September 2002 Archive
|
Monday, September 30, 2002
|
From InfoWorld: A flaw in Microsoft's Point-to-Point Tunneling Protocol (PPTP) used to secure VPN (virtual private networks) leaves corporate intranets open to attack from outside, according to German IT security company Phion Information Technologies. In a security advisory Thursday, Phion said that the Microsoft PPTP service shipping with Windows 2000 and Windows XP contains a remotely exploitable pre-authentication buffer overflow. This enables a specially crafted PPTP packet to overwrite kernel memory, such that a denial-of-service attack can lock up the server. This has been verified on Windows 2000 SP3 and Windows XP, Phion said in the advisory. Phion said that VPN clients are also vulnerable as the PPTP service continually listens on an I/O port, making always-on DSL clients particularly vulnerable, Phion said. [Privacy Digest]
|
|
|
Thursday, September 26, 2002
|
Does the world really want Microsoft dictating multimedia formats to the Internet and entertainment industries? In the end, I suspect Media Player 9's success may depend less on its many innovations than on the public's willingness to surrender so much gatekeeping authority to the Windows juggernaut. [New York Times via MyAppleMenu Wintel News]
|
|
MacNN reports that MS has released Internet Explorer updates, mostly fixing previously discovered security holes. However, considering how peskily persistant the previous version was in trying to make itself the default browser (basically, it just made itself the default browser without asking whenever I launched it), and considering how much Internet Explorer is slowing down Mac OS X, I'll probably just delete the old version from my hard drive and stick with Mozilla - or perhaps even Chimera, which is getting better (and faster!) with each release.
|
|
Apple has issued a security advisory to all users of QuickTime for Windows 5.0.2 that describes a QuickTime/Internet Explorer vulnerability. Apple recommends that all users and Web site administrators running the Windows operating system upgrade to the new version of the ActiveX control "as soon as possible." QuickTime versions for Mac OS X or Mac OS 9 are not vulnerable. [The Macintosh News Network]
|
|
Microsoft denies its purchase of a leading British games developer is an act of desperation to obtain more exclusive games for the Xbox. [BBC News | TECHNOLOGY]
|
|
Microsoft warns Web site administrators that a flaw in its FrontPage extensions could allow an attacker to take control of their servers or cause the computers to seize up. [CNET News.com]
|
|
|
Wednesday, September 25, 2002
|
It may be hard to believe, but Windows RG is actually the first Windows version that is fun to use. [Found at clog]
|
|
|
Monday, September 23, 2002
|
And 'I can't do that right now' hardware surfaces... [The Register]
|
|
|
Sunday, September 22, 2002
|
Microsoft's five-year plan to control our PCs and the Internet will kick off early next year with the launch of Advanced Micro Devices' latest chip, Opteron, aimed at business uses. The new microprocessor, which will run both existing 32-bit applications and specially recompiled 64-bit programs, will support Palladium, a set of security and privacy features Microsoft is building into its products. [ ... ] It is envisaged that once the TCPA system is fully functioning, our PCs would quietly report to authorities any unauthorised content on our machines. PCs and other devices would also refuse to play content, such as a music CD, tied to another device, and may be instructed by a remote server to delete information from the owner's hard drive. [Privacy Digest]
|
|
|
Friday, September 20, 2002
|
ProComp, the Sun-, Oracle- and usual suspects-backed lobbying group set up to push for tougher measures against Microsoft, has launched an attack on WinXP SP1 and Win2k SP3, saying they contain clear violations of the MS-DoJ proposed antitrust settlement terms they're claimed by Microsoft to comply with. That is not of course to say that ProComp would be happy with those terms even if the Service Packs did meet them - it would not - but it has taken the opportunity to send an extended and reasonably well-researched 'told you so' to the DoJ, listing six claimed violations, and it intimates that its study of Microsoft's API disclosure procedures will follow shortly. [The Register]
|
|
|
Thursday, September 19, 2002
|
Microsoft isn't living up to its agreement with the federal government to allow Windows users to remove access to the company's programs and choose competitors' products, a group funded by Microsoft's rivals said Wednesday. [Associated Press via MyAppleMenu Wintel News]
|
|
The software giant advises users to upgrade their Windows operating system to nix two critical vulnerabilities that could give hackers control of PCs. [CNET News.com]
|
|
|
Wednesday, September 18, 2002
|
From The Register: Microsoft tops Google hell search rankings. Weirdisms in Google's ranking system are sent to entertain us occasionally, and as we've had this one from a couple of people today, we suspect it's new. But don't blame us if it's not, we lead sheltered lives sometimes. Currently, if you type "go to hell" into Google, then Microsoft Corporation, Where do you want to go today? comes first. This is particularly outstanding given that the number two slot is occupied by hell.com itself. [The Register]
Update: I tried this today, but all I got was hell.com, no mention of Microsoft in the search results anywhere. Either Google cleared the index, or this story is just a hoax.
Second update: It's not a hoax. You have to search for the phrase "go to hell" (with quotation marks). Just looking for the words go to hell (without quotation marks) doesn't work. Here's a demonstration.
|
|
|
Monday, September 16, 2002
|
On Wednesday, the Bush administration is scheduled to publish its proposal to increase the security of the Internet. [...] [I]t's said to talk with great earnestness about helping home users safeguard their computers, about thwarting online intrusions into business systems, and about providing better training to federal network administrators. But [...] it pays scant attention to Microsoft, which has been responsible for more online security woes than any other company in history.
Such an omission would be glaring. Intentional design choices and unintentional bugs in Microsoft Windows, Outlook, Word and Explorer have created vulnerabilities so numerous they've become legendary. Shoddy default settings have practically begged intruders to plunder Windows-equipped PCs. Any serious look at Internet security has to start with the world's largest software company. One explanation for the draft report's marked silence is that there is an unusually close relationship between Microsoft and the White House. Read more... [CNET News.com]
|
|
Jon James writes: "Microsoft is pushing further into digital rights management with a plan for a DRM server due to go into beta testing later this year, eWeek is reporting. Microsoft has already applied for a patent for a DRM operating system but would not say if the DRM server would be based on this. In an interview last week with eWeek, Jim Allchin, Microsoft's group vice president for platforms, said a DRM server is but one of three server infrastructure applications coming next year." [Slashdot]
|
|
|
Friday, September 13, 2002
|
Only three days after the official release of the first patch for Microsoft's Internet Explorer Version 6 Web browser, security experts are raising concerns about security vulnerabilties that were not addressed by the company. [InfoWorld]
|
|
The software giant says it is studying a security hole that could allow a Word document to steal files from any Windows PC on which it's opened. [CNET News.com]
|
|
|
Thursday, September 12, 2002
|
People looking to uninstall the test version of the new media player software may find the program is like a bad houseguest: It just won't leave. [CNET News.com]
|
|
|
Tuesday, September 10, 2002
|
John Robb: "IE should include weblog software as part of its core functionality. Working on this." [John Robb's Radio Weblog]
No, it should not. I for one would never ever install server or server-like software that bears the Microsoft label. You know, the kind that has the big "Hack me by exploiting one of my 2000 security holes" sticker on it. And I certainly would never allow it to freely shuffle files back and forth between my hard disk and my web server (and at the same time allow some hacker access to both of them). Nope.
|
|
From News.com: The software giant claims new information in a mysterious mass hack shows the problem isn't faulty Windows 2000 server software--it's your bad passwords. Read more... [CNET News.com]
|
|
|
Sunday, September 8, 2002
|
While Palladium is still a long way off, an uproar has arisen over how technologies might be used to curtail consumer "fair use" rights to make personal copies of movies and music and to more tightly control software use. "I like to call this controlled computing rather than trusted computing," said Chris Hoofnagle, legislative counsel for the Washington, D.C.-based Electronic Privacy Information Center. "The companies are creating a system or infrastructure that the user cannot tamper with."
Critics fear new technologies will make it easier for corporations and governments to spy on computer users and even censor dissent by allowing applications like document revocation, or programmable data deletion. Read more... [Privacy Digest]
|
|
|
Saturday, September 7, 2002
|
Another day in the life of a company trying to sell Trustworthy Computing to a world that already knows better: there remains much of a mystery as for the real reasons behind a vulnerability in several versions of Windows. Microsoft has released several contradictory bulletins. The latest explanation does not seem to be satisfactry, writes The Register. [The Register]
|
|
|
Friday, September 6, 2002
|
From Slashdot: Various Microsoft news tidbits contributed by numerous readers: Phoebus0 notes that Microsoft's Vice-President in charge of Windows development states flat out that Microsoft products aren't engineered for security, absolutely guaranteeing he'll have tomorrow's Ditherati quote. Many readers submitted this Knowledge Base article stating that Microsoft is mystified by a wave of successful hacks on assorted versions of Windows (there's also a news report on this). Microsoft has another security bulletin out on the digital certificate spoofing bug that has caused them so many problems recently. [Privacy Digest]
|
|
Microsoft released further details of a rash of attacks on Windows 2000 servers that has so far stumped the software giant's research team. [ZDNet via MyAppleMenu Wintel News]
|
|
News.com's Joe Wilcox reports that a flaw in Microsoft's cryptography software opens users to the possibility of credit card fraud, and it can potentially affect Mac users: under certain circumstances digital certificates used to validate Web sites can be manipulated using the Microsoft software flaw to transmit data that would otherwise be securely encrypted. If exploited, this flaw could lead to the transmission of credit card data or otherwise secure information to a location where it could be manipulated for other nefarious purposes. [MacCentral via clog]
|
|
Microsoft issues a vague hacking bulletin with specific consequences: Legitimate users get locked out of their networked systems. So far, the software maker hasn't offered a fix. [Wired News via clog]
|
|
|
