|
[an error occurred while processing this directive]
| | The Evil Empire - February 2003 Archive
|
Friday, February 28, 2003
|
Without the patch, users of the Windows Millennium Edition operating system could have their files deleted by an attacker because of a critical security flaw. [Computerworld Security News]
|
|
|
Thursday, February 27, 2003
|
|
Yoz Grahame on ThreeDegrees, MSFT's new "kid-friendly," DRM-laden IM/filesharing app:
As you can see, the kids have to be down with installing a metric arseload of supporting extras before they can get jiggy with the winking action. This includes MSN Messenger 5.0 and the MS Black Ops P2P Infiltrator. I had a brief bout of swearing when MSNIM 5 started up because it was clearly ignoring my preference to hide the never-used info tabs on the left. Investigation showed I was wrong; it hadn't so much ignored my preference as removed the option entirely. [...]
It's part of a worrying trend MS have been displaying recently that I'll call (for want of something wittier) feature-creep-away. Version 7.0 of Windows Media Player removed the ability to install .mov support. Now the latest version has removed streaming MP3 and AVI support (i.e. play during download). The lockdown has started.
Here's more. [via Boing Boing Blog]
|
|
There is an interesting writeup at SecurityFocus that puts the latest security 'hole' in XP into perspective. It is a worthy read and should remind us all of the real issues out there." --- And it collects into one place much of the flak I caught after posting about the claimed security hole opened by the XP Recovery Console. [via Privacy Digest]
|
|
|
Wednesday, February 26, 2003
|
When you connect your computer to Microsofts website windowsupdate.com, you reveal a lot of information about your computer to Microsoft. This article shows bit for bit what data is transferred to Redmond and what Microsoft could learn from it. [via Privacy Digest]
|
|
|
Tuesday, February 25, 2003
|
Don't be fooled. Windows Rights Management isn't about safeguarding your rights. [Microsoft Watch]
|
|
|
Monday, February 24, 2003
|
Windows Rights Management Services to be integrated into Windows, Office and other Microsoft and third-party software. [Microsoft Watch]
|
|
Microsoft has a grand plan to make DRM a core part of Windows, Office and other products going forward. A select group of testers will get a preview of the the first component, Microsoft's Windows Rights Management Services, next week. [Microsoft Watch]
|
|
|
Sunday, February 23, 2003
|
Microsoft Corp. said today that it is developing add-on security technology for its forthcoming Windows Server 2003 operating system software that will allow organizations to implement rights-management protections on corporate documents such as e-mail messages and data files.
The Windows Rights Management Services (RMS) will be able to enforce protection policies by controlling which users can access specific content and what access rights they are granted. Companies will, for example, be able to restrict content copying, forwarding and printing in applications such as portal, e-mail and word-processing software. [via Privacy Digest]
|
|
|
Saturday, February 22, 2003
|
The software giant goes on the offensive in the antitrust case brought against it by Sun Microsystems, accusing its bitter rival of "unfair competition." [CNET News.com]
|
|
The software maker announces a new rights management technology for Windows Server 2003 that would restrict the copying, printing or forwarding of confidential data. [CNET News.com]
|
|
|
Friday, February 21, 2003
|
Microsoft to thread DRM into Outlook, Word, Excel and PowerPoint in its next-generation desktop suite, Office 2003. [Microsoft Watch]
|
|
Windows Rights Management Services to be integrated into Windows, Office and other Microsoft and third-party software. [Microsoft Watch]
|
|
A Merrill Lynch analyst voices concerns about software maker's response to the growing popularity of open source, echoing statements made by a former Microsoft executive. [CNET News.com]
|
|
According to Mr. Gates, Microsoft recieves 'Less than one percent' call volume in relation to bugs. He also blames the users lack of knowledge as a cause of some of these bugs. He goes on to say that the feeling of frustration that people hold towards bugs is a sociological issue, rather than technical saying that people complain about software bugs 'Because it's cool.' Read more in this interview. [Slashdot]
|
|
|
Wednesday, February 19, 2003
|
|
Oral arguments are scheduled for April 3 in the Microsoft appeal of a judge's order forcing the company to distribute Sun Microsystems version of Java.
The U.S. Court of Appeals for the Fourth Circuit, in Richmond, Va. , will hear from both sides that day. Each side's lawyers have 20 minutes to present arguments, according to information from Sun. [InfoWorld: Top News]
|
|
The company is acquiring much of the assets of Connectix, including software that permits Windows to run on a Macintosh and an unreleased server program. [CNET News.com]
|
|
|
Tuesday, February 18, 2003
|
Microsoft is more tightly integrating a growing number of its products. Should you be worried - or ecstatic? [Microsoft Watch]
|
|
The software giant plans to start beta testing a new instant messaging tool for creating social groups, as it seeks to increase its presence among users who grew up with the Net. [CNET News.com]
|
|
The Chronicle of Higher Education has the most detailed article I've yet seen on Microsoft's Palladium architecture. The article discusses the potential Palladium has to give publishers power to eliminate fair use and the potential for software manufacturers to use Palladium to enforce shrink-wrap licenses. Comments from several great sources including, Ed Felten (Freedom to Tinker), Eben Moglen (pro-bono counsel for the Free Software Foundation and recent Slashdot interviewee), and Seth Schoen (Electronic Frontier Foundation) among many others. Key quotations from article: Palladium could create 'a closed system, in which each piece of knowledge in the world is identified with a particular owner, and that owner has a right to resist its copying, modification, and redistribution. In such a scenario the very concept of fair use has been lost.' 'Palladium will "turn the clock back" to the days before online information was widely available.' and 'Microsoft could decide to lock everything up.' [via Privacy Digest]
|
|
The Chronicle of Higher Education reports that Microsoft's plan to improve computer security could set off fight over use of online materials: "Colleges would decide whether to buy Palladium-capable software and hardware, and then whether to activate Palladium's security functions. But practically speaking, they would face enormous pressures to do so, especially if publishers of books, journals, software, and other electronic "content" were to adopt Microsoft's standard to deliver their materials online. The publishers could dictate that colleges had to use Palladium or else be denied access to the material. That worries many in academe, who believe that publishers would use Palladium to bar some uses of digital materials to which scholars argue that they are entitled under copyright law. That loss may outweigh the advantages of tighter security over student records, the critics say." [via Privacy Digest]
|
|
|
Monday, February 17, 2003
|
People leave Microsoft all the time, and many of them pass along their departing thoughts in e-mail messages to their colleagues. But the missive sent by David Stutz, a respected technical thinker within the company for more than 10 years, is more intriguing than most. [New York Times: Technology]
|
|
|
Sunday, February 16, 2003
|
According to this story seen on Brian's Buzz on Windows, access to a Windows 2000 CD is all that is needed to bypass all (well, most) Windows XP security features. An attacker can boot up XP and start the Windows 2000 Recovery Console which allows them to operate as any user, even Administrator, without requiring them to enter a password. This method even allows someone to copy files to removable media, something which normally the Administrator can't even do in the Recovery Console. [Privacy Digest]
|
|
|
Saturday, February 15, 2003
|
Microsoft is applying for a number of patents around its application-programming interface -- and, specifically, its .Net-related technologies. One of these, a patent for an "application program interface for (a) network software platform" was made public last week. But what,exactly, is this a patent for? [Microsoft Watch]
|
|
Although the patch caused problems for some Web users trying to access sites needing authentication, Microsoft said it did fix security vulnerabilities in the Internet Explorer browser. [Computerworld Security News]
|
|
|
Friday, February 14, 2003
|
Microsoft has several problems with security, in addition to the obvious. The company has a lot of security alerts, yes, and if it's serious about security it has to keep people informed. [The Register]
|
|
|
Thursday, February 13, 2003
|
A recent Microsoft security patch for Internet Explorer (IE) can lock users out of certain Web sites and Microsoft's own MSN e-mail service, Microsoft said late Wednesday. [InfoWorld: Top News]
|
|
|
Wednesday, February 12, 2003
|
What if Microsoft had been the first to invent books? Well, here's a likely scenario:
- Before you can open the cover of your new book, you must obtain a book activation code by phoning Microsoft.
- Sorry, only one person may ever read your book.
- It's full of spelling mistakes and typos.
- When you're reading your book, the type can mysteriously disappear.
- Libraries, which are for sharing books, are illegal.
And there's more... [thx Library Stuff]
|
|
Now this is not trustworthy computing: The Windows-powered XDA smartphone stores the SIM-PIN in the registry. This means that after you've entered a SIM-PIN once on the device, you can always retrieve it. [vowe dot net]
|
|
|
Tuesday, February 11, 2003
|
Dave Winer: "Microsoft has filed a patent application for an 'application program interface for network software platform.' It'll be interesting to see when Microsoft claims to have invented this. We [at UserLand Software] were creating APIs for a network software platform in the late 80s. We eventually worked with Microsoft on this stuff with the understanding that they had not filed any patents in this area. As I write this I'm sitting in a building filled with lawyers." [Scripting News]
|
|
|
The fact that Microsoft has been in a frenzy of patenting its web services work shouldn't surprise anyone. So has IBM, and to such an extent that Redmond is justified in regarding its own vast list of claims as defensive.
But an umbrella claim that protects its .NET APIs, granted last week, highlights the extent of its determination to protect its interfaces. This claim references eight others filed in July 2001. It's fairly comprehensive. [The Register]
|
|
|
Monday, February 10, 2003
|
Changes in the way some Hotmail messages are formatted could make legitimate emails sent using the service harder to distinguish from spam. [The Register]
|
|
After removing links to a security patch that caused the NT 4.0 operating system to fail, Microsoft on Friday posted an updated patch that fixes the NT 4.0 problem. [InfoWorld: Top News]
|
|
|
Saturday, February 8, 2003
|
Washington Post: In Europe, Microsoft Faces a Harder Sell. An investigating team working for Monti, the competition commissioner for the European Commission, the EU's executive body, is putting the finishing touches on a formal recommendation in the case. It is widely expected to find Microsoft in breach of European antitrust laws and urge more stringent sanctions than those imposed in the United States, according to lawyers and other experts familiar with the proceedings. [Dan Gillmor's eJournal]
|
|
|
Thursday, February 6, 2003
|
In Opera's view MSN is looking specifically for "Opera" in the User-Agent string and sending it a broken style sheet. That, of course, could still be a mistake, as it's perfectly logical to send IE as the default if the browser can't be identified. But as there was no need for MSN to design an Opera-specific style sheet in the first place, one wonders... [The Register]
|
|
Microsoft has explained how it proposes to distribute Sun's Java, should it lose its current appeal against a District Court order instructing it to do so. The company also yesterday was granted a stay of that order, pending the appeal, so it all remains up in the air. But still, we now have The Beast's script for how its own VM will pass away, and how Sun's JRE will replace it, should the worst come to the worst. [The Register]
|
|
|
Microsoft yesterday released a cumulative patch for Internet Explorer with rolls up previous fixes with a couple of extra damage limitation measures.
Dubbed critical by Redmond, the patch includes fixes for two newly discovered vulnerabilities involving IE's cross-domain security model. [The Register]
|
|
|
Microsoft issued two security advisories Wednesday, pointing to a "critical" flaw in its Internet Explorer browser and a second, less severe problem with its Windows XP operating system.
An attacker could create a Web page that takes advantage of the flaw and use it to run malicious code, possibly in the form of an executable file, on a computer used to visit the page, Microsoft said. A related vulnerability allows an attacker to access a user's system via HTML pages that display help content, Microsoft said. [InfoWorld: Top News]
|
|
|
Wednesday, February 5, 2003
|
The Norwegian company says that rendering glitches with Microsoft's MSN site show that the software giant is undermining its browser--just a year after locking it out altogether. By Paul Festa, Staff Writer, CNET News.com. [CNET News.com]
|
|
A federal appeals court granted Microsoft's request for a delay in complying with a lower court's order requiring the company to "carry" Java. [Microsoft Watch]
|
|
Even though the court of appeals ruled in Microsoft's favor and stayed the lower court's order that would have forced Microsoft to carry the latest version of Java, Microsoft still went ahead and posted an update to its first XP service pack. [Microsoft Watch]
|
|
|
Tuesday, February 4, 2003
|
Korean Net users are threatening Microsoft with legal action over the damage inflicted on the country's broadband infrastructure by the Slammer worm. Is Redmond culpable? [The Register]
|
|
|
Microsoft has pulled a security patch for Windows NT 4.0 because installing it can cause the operating system to crash, the software maker said Monday.
The patch, released on Dec. 11 last year, is to fix a privilege elevation vulnerability deemed "important" by Microsoft. A malicious user could gain administrative privileges on a system by exploiting a flaw in the WM_TIMER Windows function, Microsoft said in security bulletin MS02-071. [InfoWorld: Top News]
|
|
|
Monday, February 3, 2003
|
|
Virus authors and Trojan writers are using fresh malware tricks to fool traditional content filtering packages, email security firm MessageLabs says.
A feature of Microsoft Outlook Express can be exploited to evade content filters and persuade an email recipient that an attachment is safe to open - even when it contains malicious code. Microsoft Outlook is not at risk (contrary to first reports of the problem). [The Register]
|
|
The Slammer worm that recently crippled the internet was the fastest spreading computer bug in history, say security experts. The bug targeted a known flaw in Microsoft's SQL database software affecting servers rather than home computers and clogged up internet pipelines. [BBC News | Technology | UK Edition]
|
|
The giant recently released a free digital rights management toolkit it says will help record labels win consumers over to copy protected CDs. Is it just another market grab? [CNET News.com]
|
|
|
