|
[an error occurred while processing this directive]
| | The Evil Empire - March 2003 Archive
|
Saturday, March 29, 2003
|
Microsoft's statement on Wednesday that it would not offer a version of a security patch for NT 4.0 has called into question an earlier promise to continue supporting the operating system through the end of 2004 and raised concern among its customers.
The new vulnerability could expose computers running the operating systems to a denial of service attack, Microsoft warned in its security bulletin, MS03-010, on Wednesday. (http://www.microsoft.com/technet/se [InfoWorld: Top News]
|
|
Derek from the Dog Door of Death had a problem with a mail loop and decided to enter the realm of The Evil Empire: he called MSN Support. The result is reminiscent of a Samuel Beckett play.
|
|
|
Friday, March 28, 2003
|
Microsoft in May plans to show early prototypes of computers using its Next-Generation Secure Computing Base (NGSCB) technology, a combination of new hardware and software that Microsoft says will boost PC security but that critics fear could be a scourge for user freedom. [viaPrivacy Digest]
|
|
|
There's a nasty rider with Microsoft's latest security problem for NT users. Although a denial of service risk exists in an "important" security vulnerability, publicised yesterday affecting NT 4.0, Redmond tells users not to expect a patch for that operating system anytime soon.
In a surprisingly candid admission, the company states that fixing NT4.0 is simply too difficult. "The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability," Microsoft says. [via Slashdot]
|
|
|
Wednesday, March 26, 2003
|
Just one week after Microsoft alerted the public to a serious security vulnerability in a component of its Windows 2000 operating system, a security researcher has posted code to exploit that vulnerability. [InfoWorld: Top News]
|
|
|
Tuesday, March 25, 2003
|
A split with a working group reflects growing discord over Web services standards. Also: The software maker appoints an insider to head up its worldwide sales organization. [CNET News.com]
|
|
|
Saturday, March 22, 2003
|
In an effort to push adoption of IE 6.0, Microsoft quietly yanked Internet Explorer 5.5 Service Pack 2 from its download site. Users running older versions of IE 5.5, which shipped with Windows Me, must upgrade to the latest browser release.
Ironically, IE 5.01 SP2 is still available as it is primarily used by businesses running Windows 2000. Because business customers are less prone to upgrade, Microsoft tends to offer such fixes longer than it does for consumer customers. [via Microsoft Watch]
|
|
The Advertising Standards Authority of SA (ASA) has ordered that a Microsoft ad implying that its software will bring about the extinction of the hacker is to be pulled for being "unsubstantiated and misleading". [via Privacy Digest]
|
|
|
Friday, March 21, 2003
|
Security experts say that Microsoft's upcoming XML format for Office documents could inadvertently give virus writers the upper hand. [CNET News.com]
|
|
|
Thursday, March 20, 2003
|
The vulnerability affects all supported versions of the Windows operating system, including Windows 98, 98 Second Edition, ME, NT 4.0, 2000 and XP, the company said. [Computerworld Security News]
|
|
|
Microsoft warned customers of another security vulnerability on Wednesday, this one affecting its Internet Security and Acceleration (ISA) Server 2000 firewall and Web cache product.
A software flaw was found in the ISA Server's Domain Name Service (DNS) intrusion detection application filter that could allow an attacker to launch a denial of service (DoS) attack against the ISA Server that prevents that device from processing DNS requests. [InfoWorld: Top News]
|
|
A security hole that affects recent versions of Microsoft Windows could allow hackers to take control of a person's computer when they open infected e-mail or visit certain websites. [Wired News]
|
|
|
Wednesday, March 19, 2003
|
Just in case you really dislike MSIE for whatever reason, you might want to learn how to block MS Internet Explorer from your site. [Weblog Wannabe]
|
|
|
Sun Microsystems CEO Scott McNealy was in fine fighting form as he traveled through Asia this week, uttering scathing sound bites about rival Microsoft.
In Singapore today, he hit out at the Redmond, Wash., company's .Net software tools before the region's assembled press.
"The world is down to two developer camps: One is .Net, the other is Sun ONE Java. Java is the No. 1 development platform. Viruses are a feature in .Net, but Java has security built in. I find it funny how the default setting in Win XP lets in Office macros but blocks Java," he told an amused audience. [CNET News.com]
|
|
A vulnerability that affects all versions of Microsoft's Windows operating system could allow attackers to run programs on a victim's PC. [CNET News.com]
|
|
A software patch that fixes a serious security vulnerability in Microsoft's Windows 2000 can cause systems running the operating system to fail, Microsoft said Tuesday.
The patch, announced Monday, is incompatible with 12 software fixes for Windows 2000 issued by Microsoft's Product Support Services (PSS) between December 2001 and February 2002. Users running any of those fixes won't be able to reboot their Windows 2000 systems after applying the "critical" patch, according to a revised version of Microsoft's bulletin issued Tuesday. [InfoWorld: Top News]
|
|
|
Hackers on March 11 infiltrated an undisclosed number of U.S. Army Web servers, taking advantage of a previously undisclosed buffer-overflow vulnerability in a component of Microsoft Corp.'s Windows 2000.
Security experts are characterizing the incident as a rare example of a "0-day" exploit, referring to an exploit that takes advantage of a vulnerability nobody is aware of and for which there is no available patch. However, Microsoft issued a fix yesterday for the vulnerability. [Computerworld Security News]
|
|
|
Tuesday, March 18, 2003
|
The critical security vulnerability could allow a remote attacker to gain control of a machine running Windows 2000 and IIS Web server. [Computerworld Security News]
|
|
|
Monday, March 17, 2003
|
|
An unchecked buffer in a Windows component could cause web server compromise, Microsoft warns today.
According to Microsoft, the flaw affects Windows 2000 only (i.e. not XP or NT). On vulnerable Windows 2000 boxes running IIS, the vulnerability can have dire consequences.
"An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running Internet Information Server (IIS)," Microsoft's advisory warns. "The request could cause the server to fail or to execute code of the attacker's choice. The code would run in the security context of the IIS service." [The Register]
|
|
|
Sunday, March 16, 2003
|
bCentral, which provides Web site hosting and services to small companies, lacks support for the software development package, Microsoft confirms. [CNET News.com]
|
|
|
Friday, March 14, 2003
|
The European Commission's experts have decided they should do something about Microsoft, but face two problems -- how to make the solution legally watertight, and how to make it work. That, according to Reuters, means the the Commission's move against Microsoft could still be some way off. [The Register]
|
|
On the eve of the anniversary of the Mosaic Web browser, CNET News.com's Charles Cooper ponders how things might have evolved had the browser wars turned out differently. [CNET News.com]
David Hyatt, developer of both Mozilla and Safari, posted a response. And there's another response from Chris Zaharias.
|
|
|
A new email-aware worm, Bibrog-B, poses as a computer game in an attempt to dupe users. The worm, which is spreading (modestly) by email and through file sharing networks, is more subtle and devious than most Windows worms.
In a particularly devious twist the worm makes changes to an infected user's Internet browser so that it can display fake versions of genuine Web sites such as Hotmail, Citibank, MSN and Yahoo. Security firms believe this is an attempt to steal usernames and passwords. [The Register]
|
|
Antivirus vendors rated CodeRed.F a low risk, saying that it exploits an IIS vulnerability that many systems administrators have long since patched. [Computerworld Security News]
|
|
|
Thursday, March 13, 2003
|
The company sees action on many different fronts, from copyright enforcement to antitrust charges to new versions of its programs and claims of shortcomings in certain products. [CNET News.com]
|
|
Microsoft is set to tinker with its per-processor pricing model as of early next month. [Microsoft Watch]
|
|
The European Commission concludes that Microsoft violated EU antitrust rules, but continues to refine proposed remedies so they'll hold up in court. [Wired News]
|
|
|
Wednesday, March 12, 2003
|
|
Monday, March 10, 2003
|
Companies installing Microsoft's new customer relationship management software say they are grappling with some flaws in the company's much-hyped debut product. [CNET News.com]
|
|
|
Wednesday, March 5, 2003
|
Neowin.net is reporting that Microsoft has turned on the code that will enable the "information rights management" in Office 2003 Beta 2. (Microsoft is expected to begin shipping the beta to testers next week.) [Microsoft Watch]
|
|
|
Tuesday, March 4, 2003
|
expect Microsoft branded "PCs" to take much of home market within a couple of years. There's already XBox, Home Gateway coming soon, and XBox 2 will be much more like a fully functional PC. A lot of other Microsoft branded hardware is appearing. Microsoft will use "security" and "Digital Rights Management" to force competitors out of the home market.
The PC software industry is in the final days of being destroyed by Microsoft. Having leveraged a monopoly it was handed by IBM into multiple monopolies, with complete control over the PC manufacturers, and with an "Ethics? We've heard of it" attitude, Microsoft is preparing to drive the few remaining significant software publishers out of the Windows market. [via Caveat Lector]
|
|
A viral one-two punch -- the Code Red and Nimda worms -- convinced Microsoft in mid-2001 that security needed to become its top priority. That decision led directly to the creation of the company's Trustworthy Computing initiative. But hackers continue to find holes in Microsoft's defense. In January, the Slammer worm hit. This time, not only did customers get infected; Microsoft did, too. [Privacy Digest]
|
|
|
Sunday, March 2, 2003
|
Microsoft's MSN said its e-mail services had blocked some incoming messages from rival Internet service providers earlier this week, after their networks were mistakenly banned as sources of junk mail. The company confirmed Friday it had wrongly placed a group of Internet protocol addresses from AOL Time Warner's RoadRunner broadband service and EarthLink on its "blocklist" of known spammers whose mail should be barred from customer in-boxes. [via Privacy Digest]
|
|
A glitch knocks Microsoft's bCentral services offline Friday, leaving thousands of small-business Web sites inaccessible for much of the day. [CNET News.com]
|
|
Microsoft launched the beta for its "extreme" instant-messaging application targeted at teens this week, but it's creating a lot of peer-to-peer networking problems for testers. [Microsoft Watch]
|
|
|
