|
[an error occurred while processing this directive]
| | The Evil Empire - January 2003 Archive
|
Friday, January 31, 2003
|
Computer security experts said the recent "SQL Slammer" worm, the worst in more than a year, is evidence that Microsoft's year-old security push is not working, according to Reuters. The article quotes one CTO (as well as a security consultant) as saying the security issues have prompted them to consider the Mac as an alternate platform: "A Consumer Reports survey last year found that virus infection rates on Macs are half what they are on Windows, noted Smith. 'Is that because Macs are safer? I think the answer is yeah.'" [The Macintosh News Network]
|
|
Microsoft has agreed to the European Union's demands that it give users more control over how their personal information is shared via its Passport authentication system. [Microsoft Watch]
|
|
|
Computer security experts said on Thursday the recent "SQL Slammer" worm, the worst in more than a year, is evidence that Microsoft Corp.'s year-old security push is not working.
"Trustworthy Computing is failing," Russ Cooper of TruSecure Corp. said of the Microsoft initiative. "I gave it a 'D-minus' at the beginning of the year, and now I'd give it an 'F."' [InfoWorld: Top News]
|
|
|
Thursday, January 30, 2003
|
Internet Explorer users are mystified by a tricky browser add-on that installs itself without permission and defies attempts to remove it. Some are calling the program the most insidious thing on the Web. By Michelle Delio. [Wired News]
|
|
|
Wednesday, January 29, 2003
|
The Slammer worm that paralyzed worldwide Net activity also hit Microsoft. Security experts say the damage points to problems in the way the software giant keeps customers' software secure.
[ ... ]
Although Microsoft contends its failure to keep up with its own updates did not cause major problems, security experts said it points to a larger issue: Microsoft's process for keeping customers' software secure is hugely flawed.
[ ... ]
He added that Microsoft needs to own up to problems with how it offers security fixes.
"On the one hand, Microsoft's been saying it's the customer's fault for not patching their networks," but the company's own failure to do so "show(s) how unrealistic that expectation is. It's very much like blaming the victim." [via Privacy Digest]
|
|
In the largest such incident since 2001, the Slammer worm -- also known as Sapphire -- causes chaos within many corporate networks. Among the victims: Microsoft, which also failed to protect itself from its own flaw. Meanwhile, security experts try to locate the worm's creator. [via Privacy Digest]
|
|
|
Tuesday, January 28, 2003
|
There are several reasons behind Redmond's decision to soft-peddle its MS CRM 1.0 rollout. Only a miniscule number of companies beta-tested the software (compared to the cast of thousands that typically test Windows and Office). One beta tester described the near-final Beta 2, which Microsoft released last fall, "unusable." [Microsoft Watch]
|
|
Internal memos show that the software giant hadn't patched its own network against the Slammer worm, causing many of its services to fail. [CNET News.com]
|
|
|
Monday, January 27, 2003
|
Well, speaking of network theory: "SQL Slammer" -- that hellacious MS SQL worm that severely slowed 'Net traffic worldwide last night -- caused service outages at tens of thousands of Bank of America ATMs and wreaked havoc at Continental Airlines. Apparently, customers at most of the #3 American bank's 13,000 automatic teller machines were unable to process transactions for a period of time. BofA's system is expected to be fully online again by late today. Link to Reuters story, Link to Infoworld story [Boing Boing Blog]
|
|
|
Saturday, January 25, 2003
|
Will Microsoft pay up to $2 billion to purchase French media conglomerate Vivendi-Universal's video-game business? Investment bank Investec thinks so. [Microsoft Watch]
|
|
From Slashdot: "Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. Reports of some hosts receiving 10 per minute or more. internetpulse.net is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide. It is believed this worm leverages a vulnerability published in June 2002. Several core routers have taken to blocking port 1434 outright. If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP packets sent to port 1434. [...] This has effectively disabled 5 of the 13 root nameservers." [via Privacy Digest]
So am I getting this right -- the fact that Microsoft doesn't seem to be able to write secure software and that most admins are too dumb to install a year-old security patch is affecting, and in some areas bringing down the entire Internet? "Trustworthy computing" -- yeah, right.
|
|
|
A large-scale denial-of-service attack hit the Internet Saturday, causing varying degrees of trouble to computer users and server operators around the world, according to security experts. The problems began at around 5:30 am GMT (12:30 am EST), and initial reports suggest the cause was a worm that exploits a vulnerability in Microsoft Corp.'s SQL Server.
From initial technical details, the problems appear to have centered around a vulnerability in Microsoft's SQL Server and its server resolution service, Lee added. The server resolution service provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance, according to Microsoft.
Other reports also point to this vulnerability as the root of the problems. Antivirus software vendor Symantec Corp. said it noticed a significant increase in scans related to the server resolution service at the same time as problems began hitting the Internet in South Korea.
Microsoft identified three problems in its SQL server product in late July 2002 and issued a patch to repair all of them. One concerned a vulnerability to denial-of-service attacks in the server resolution service, according to a security bulletin posted on the software company's Web site. [MacCentral]
|
|
A virus-like infection similar to the 2001 Code Red attack slows internet traffic - and South Korea's web services are shut down. The worm uses a vulnerability in Microsoft SQL server to send Denial-of-Service attacks to other servers on the Internet. [BBC News | World | UK Edition]
|
|
Oliver Friedrichs, a senior manager with Symantec, said the "SQL" worm was taking advantage of a vulnerability detected six months ago in Microsoft sequel servers, used mainly by companies to store information. [via Tomalak's Realm]
|
|
Microsoft's entry in the Data Protection Register expired on January 8th. This means that all personal data held by them in the UK is now illegal, in that jaunty white collar criminal-but-getting-away-with-it way Microsoft has. [via techno\culture]
|
|
It won't surprise you to know that I get a lot -- a lot -- of e-mail. I've been looking for a way to send a response to everyone who writes without setting off an infinite loop of bouncing messages from spammers' servers. However, it can't be done with Microsoft Exchange. [Dan Gillmor's eJournal]
|
|
|
They can call it whatever they want. But it's still, in the end, a tool that has some potentially good uses but which inevitably will be used for controlling what do with our own computers.
Microsoft's increasingly obvious tilt toward the entertainment-cartel side of the copyright issue makes Palladium a danger as much as a potential benefit. Changing the name doesn't change the mission. [Dan Gillmor's eJournal]
|
|
Microsoft has dropped the code name of its controversial security technology, Palladium, in favor of "next-generation secure computing base." [CNET News.com]
|
|
|
Friday, January 24, 2003
|
Microsoft's chairman says the software giant has taken great strides to secure its products, but acknowledged that the company is still a far cry from "Trustworthy Computing." [CNET News.com]
|
|
Microsoft is planning to lock down Internet Explorer out of the box when Windows Server 2003 ships on April 24. [Microsoft Watch]
|
|
|
Thursday, January 23, 2003
|
|
A security bug in a network service that ships as part of Windows NT 4.0, Windows 2000, and Windows XP can open systems up to attack, Microsoft warned in its first security bulletin of the year, issued on Wednesday and rated "critical."
The Redmond, Wash., software vendor also issued the second and third bulletins of 2003 at the same time. Bulletin MS03-002 details a flaw in Content Management Server 2001 rated "important" and MS03-003 offers a patch for a "moderate" vulnerability in Outlook 2002. [InfoWorld: Top News]
|
|
Today's inbox is packed with security alerts from Microsoft. You wait ages - OK, days, maybe weeks - for Microsoft vulns, then four come at once. Just like London's buses. [The Register]
|
|
The software giant warns system administrators that a new flaw in its Windows 2000 and NT domain controllers could leave their networks open to attack. [CNET News.com]
|
|
While far from confirmed, it is reported that Microsoft is seriously looking into buying, or
may have already bought, Vivendi's Games Division. For those who aren't aware, Vivendi owns several prominent gaming companies, including Valve and Blizzard! While no official announcements have been made, one is apparently expected soon. While this would doubtlessly be a great boon to Xbox's library, it could be a shock to other consoles as titles which were originally planned for a diverse release become Xbox exclusives. [Slashdot]
|
|
|
Wednesday, January 22, 2003
|
The software giant plans to acquire PlaceWare, a provider of Web-based collaboration services, which would become part of the division that oversees Microsoft Office. [CNET News.com]
|
|
After a delay, the world's largest software company enters the multibillion-dollar customer relationship management market currently ruled by Siebel Systems and SAP. [CNET News.com]
|
|
Microsoft Corp. on Monday announced new copyright protection tools that let recording companies restrict the use of CDs and DVDs on personal computers. [MacCentral]
|
|
|
Monday, January 20, 2003
|
Microsoft has released new software aimed at helping the music industry stop piracy of CDs. The Windows Media Data Session Toolkit allows record labels to put songs onto a copy-controlled CD in multiple layers so that the disc can be played on a stereo and a PC. [BBC News | Technology | UK Edition]
|
|
Microsoft has moved itself a little closer to its goal of becoming the entertainment industry's vendor of choice for Digital Rights Management. Today it announced the release of the Windows Media 9 Data Session Toolkit, together with key customers for the technology. [The Register]
|
|
Microsoft SmartPhone users have discovered a means to install their own software on their phones, sidestepping the telcos' absolute control over what their bought-and-paid-for devices may and may not do. Orange, the phone company, has issued a "patch" that makes it impossible to install your own stuff on your own phone, and they're characterizing it as a "security update." [Boing Boing Blog]
|
|
|
Saturday, January 18, 2003
|
Our chums at The Register are reporting that Windows XP Professional and Home users are having a heck of a time installing the Plus! Digital Media Edition enhancement pack that Microsoft rolled out last week. The culprit seems to be Product Activation. [Microsoft Watch]
|
|
|
Friday, January 17, 2003
|
When the Bush Administration was sworn in, ... Microsoft was in the position that we so often find James Bond in mid-way through a movie: strapped to a table and heading inexorably towards a huge carving machine or deadly laser.
By November, the fix was in. Attorney General John Ashcroft had indicated that he had little interest in pursuing the case ... The result was a settlement neatly summarized by the financial analysts we cited at the time: "a major win"
...
Ashcroft had declined to excuse himself from the case: despite having taken $20,000 in campaign contributions for his Senate campaign from Microsoft and refused to disclose contacts with the company.
...
So yesterday ... Microsoft got its chance to thank the Administration properly, and it timed the announcement to perfection. For the first time in its history as a public corporation, Microsoft will pay a dividend to its shareholders.
...
Why is this so well timed? On January 6, President Bush announced his new budget, and its centerpiece is the elimination of tax on stock dividends. [The Register]
|
|
Microsoft Chairman Bill Gates, CEO Steve Ballmer and other executives will rake in big gains from the company's newly instated stock dividend program. [CNET News.com]
|
|
|
Thursday, January 16, 2003
|
Why am I not surprised? The minute I heard that Microsoft was now developing software for cell phones I expected this to happen. It took a bit longer than I thought, but here we are now: Security flaw may threaten cell phones. Will Microsoft ever be able to write software that is not full of security holes? [found via Privacy Digest]
|
|
And won't we all be surprised when it doesn't find any? [The Register]
|
|
Microsoft and U.K. carrier Orange are investigating whether hackers are sending rogue software to cell phones using the Redmond, Wash., giant's Smartphone 2002 operating system. [CNET News.com]
|
|
Microsoft's announcement that it will open its source code to the U.S. government isn't quite what it appears. By Michelle Delio. [Wired News]
|
|
|
Wednesday, January 15, 2003
|
Om Malik: AOL Saga: Microsoft wins again, for no reason. Sez Om:Bill Gates is not only smart, his rivals are stupid.
I said pretty much the same thing in The Shrinking Subject, in Linux Journal, back in August, '00: For a year or two, Netscape looked like it could do no wrong. It was a Miata being chased down a mountain road by a tractor trailer. As long as it moved fast and looked ahead, there was no problem with the truck behind. But at some point, Netscape got fixated on the rear-view mirror. That's where they were looking when they drove off the cliff.
Somehow AOL got this idea that they were a media company, rather than an Internet company. Dead wrong, it turns out. [The Doc Searls Weblog]
|
|
|
Tuesday, January 14, 2003
|
U.K.-based cell-phone maker Sendo has filed a lawsuit accusing Microsoft of engaging in a "secret plan" to push the small maker of cell-phone software into bankruptcy. [CNET News.com]
|
|
The Microsoft competitor says an antitrust settlement between California and the software giant is more beneficial than punitive. [CNET News.com]
|
|
|
There's precious little sign of any let-up on the virus front, with the emergence of a new mass-mailing worm. The (perhaps aptly) named Sobig-A is a mass-mailing worm that incorporates an SMTP engine. The worm spread rapidly across the Internet last weekend, after first appearing on Thursday morning.
The worm normally spreads by email containing infectious .pif attachments (though it can spread through open Windows shares). As usual, the worm only burrows into Windows boxes leaving Apple and Linux users immune to its effects. [The Register]
|
|
|
Monday, January 13, 2003
|
|
After customers complained that they couldn't identify the most serious security vulnerabilities, Microsoft has added a fourth category to its vulnerability rating system. But critics feel that the extra tier adds even more complexity to an administrator's job.
Under the new system, fewer bulletins get the "critical" stamp. Only vulnerabilities that could be exploited to allow malicious Internet worms to spread without user action are now rated critical. Many issues that were previously rated critical are now "important," a new category in the rating system. These "important" vulnerabilities could still expose user data or threaten system resources, but they might not receive the urgent attention from administrators that they deserve. [InfoWorld: Top News]
|
|
After dominating the desktop, burrowing into the Internet and bursting into the video game market, Microsoft Corp. is making progress at getting firmly into the palm of your hand. [siliconvalley.com]
|
|
After spending much of the past week talking to experts (for a news analysis that appeared in Sunday's Chronicle) about what has and hasn't changed in Redmond, Wash., since that famous missive, I have a suggestion for Mr. Gates. Put Longhorn, a major overhaul of Windows that's already at least two years away from release, on hold for a few months and assign the developers involved to a crash program designed to make it easier for users to discover vulnerabilities in their systems and get the appropriate fixes installed without hassle and without jeopardizing their data. [SFGate.com]
|
|
|
Saturday, January 11, 2003
|
cosmicrob writes: "According to an article on News.com, Microsoft is now licensing Windows Media codecs to other companies at a price half of MPEG-LA charges to use MPEG 4 codecs. What the article leaves out, however, is that Microsoft itself is a member of MPEG-LA and help to deside the fee structure for MPEG 4. Now that Apple has banked the future of Quicktime on the MPEG 4 format, this has serious implications on the future of video not only on computers, but in future camcorders and DVD players. See also the thread on Slashdot." [MacSlash]
|
|
|
Friday, January 10, 2003
|
|
Thursday, January 9, 2003
|
Microsoft has built a new national wireless data network, based on the data broadcasting ability of FM radio stations. The company says that compared with traditional paging systems, this network makes it cheaper both to broadcast data and build receivers. [NY Times via Scripting News]
|
|
Anti-spam advocates say spammers have found an effective way to mine new addresses from Hotmail, Microsoft's popular free e-mail service. These 'dictionary attacks' are preventable, but only if company officials want to stop them. By Michelle Delio. [Wired News]
|
|
A new e-mail worm that is spreading on the Internet lures victims with a mention of plucky Canadian singer Avril Lavigne, then steals Microsoft Windows passwords and sends them to e-mail addresses in Russia, according to alerts posted by a number of antivirus software vendors. The worm, which only affects Microsoft Windows. Lirva exploits a well-known security vulnerability in the Microsoft's Internet Explorer Web browser, Outlook and Outlook Express e-mail applications. That vulnerability allows the executable file to be launched without user interaction when an e-mail message is opened, or viewed using Outlook's preview feature, according to Sophos. [InfoWorld: Top News]
|
|
|
Wednesday, January 8, 2003
|
This is an amazing demonstration of Microsoft's failure to comply with the DoJ and the courts. Here is what you have to do to uninstall or repair IE or Outlook Express. Absolutely amazing. How could anybody compete in both browsers and e-mail PIMs with a company that has made those programs impossible to delete without editing registry settings. Another sign of the kleptocracy. [John Robb's Radio Weblog]
|
|
|
Tuesday, January 7, 2003
|
Microsoft said on Monday that it would license its Windows Media technology to consumer electronics makers at lower prices than its main competitors. [New York Times: Technology]
|
|
|
Monday, January 6, 2003
|
The U.S. Department of Justice (DOJ) and Microsoft Monday filed their opposition to an attempt by trade groups to intervene in the government's antitrust case against the software juggernaut, claiming that the groups fall short of the minimum requirements for intervention. [InfoWorld: Top News]
|
|
|
Internet Explorer on Windows always seems either to run impossibly fast (page requests are fulfilled almost before the mouse button has returned to its original unclicked position), or ridiculously slow (as with the weird stalling-on-connect problem that many people, including myself, have noticed).
One possible explanation is something that my team and I noticed a couple of years ago, in analyzing packet traces of IE's connection setup procedure. Microsoft might have fixed this since then; I'm not sure. But it's a possible culprit. More... [via The Doc Searls Weblog]
|
|
Microsoft's Instant Messenger service went down early Monday, affecting up to 75 million users worldwide. While some have had their access restored, others are still in the dark. [CNET News.com]
|
|
A public relations firm accidentally posts server login information in an online job ad, exposing scads of clients' customer data. A spokeswoman said the firm's HR team was using Microsoft's FrontPage Web publishing software to post job listings, and the program embedded "unwanted code, creating that loophole." [Wired News]
|
|
|
Sunday, January 5, 2003
|
|
If Microsoft's extended family of lawyers was thinking it could now kick back and anticipate a kind of extended Spring Break for the rest of this Bush administration, the pre-Xmas filing by British phone company Sendo could yet be the cause of a few unexpected late nights.
Sendo's 27-page filing in a Texas court - disclosed here for the first time - is a rich litany of double dealing, betrayal and larceny - if the dramatic (and at times apoplectic) allegations can be believed. Until November, Sendo was Microsoft's flagship phone OEM. It then announced that its four-times-delayed Z100 Stinger phone would be canned, and threw its lot in with Nokia, terminating the Microsoft agreement. [The Register]
|
|
Over in Seattle a Very Large Company is claiming that it owns the word 'Windows'. Unfortunately, from past experience, we can be sure that Bill Gates & Co will not be deterred by ridicule, says John Naughton. [Guardian Unlimited]
|
|
An anonymous reader links to these slides outlining Microsoft's position on Free software licenses, in particular the GPL, writing "Regarding the latest memo from MSFT, the current politics is to be against 'copyleft' type licensing... Protecting freedom is fundamental for Free Software and MSFT knows that. They don't want licenses that protect our freedom." Makes an interesting companion piece to the anti-OSS memo mentioned the other day. [Slashdot]
|
|
|
Friday, January 3, 2003
|
The software giant says problems with its .Net Passport servers locked some subscribers out of their online accounts throughout the day. [CNET News.com]
|
|
|
