The Evil Empire
Information about Microsoft, bugs, security holes, and dirty business tactics.
Updated irregularly (about once per week)

Scripting flaws pose severe risk for IE users

A set of five unpatched scripting vulnerabilities in Internet Explorer creates a mechanism for hackers to compromise targeted PCs. The vulnerabilities, unearthed by Chinese security researcher Liu Die Yu, enable malicious Web sites and viruses to bypass the security zone settings in IE6. Used in combination, the flaws might be exploited to seize control of vulnerable PCs. More... [The Register]

Microsoft investigates possible Exchange 2003 flaw

Microsoft is investigating a potential security issue with Exchange Server 2003, which would be the first since the e-mail server was launched last month. The potential flaw lies in the Outlook Web Access (OWA) component of Exchange Server 2003. A network administrator at a Nashville, Tennessee, provider of investment performance reporting tools found that users logging in to OWA could be logged in to another user's mailbox at random and have full access privileges. More... [InfoWorld]

Microsoft's new security mojo

Microsoft recently announced rewards in exchange for information leading to the arrest and conviction of those who exploit its flagship Windows product through viruses, worms and other forms of malicious code.

But rather than address its own problems, the company has decided to use creative marketing as a substitute for good security and software development. The problem isn't that virus writers are exploiting Windows; it's that Microsoft makes Windows easy to exploit by anyone with a modicum of programming know-how. Instead of accepting responsibility, the company is trying to pass the blame for such problems off onto others. More... [CNET News.com]

New Microsoft Exchange Vulnerability Discovered

Think Computer has found a serious security vulnerability with Microsoft Exchange Server versions 5.5 and 2000 that can lead to servers and internet connections being severely crippled. The problem allows spam messages to be relayed through servers that are supposedly secure according to Microsoft's own standards and open relay tests. Though Microsoft is aware of the problem, which has been documented in its knowledge base, it does not plan to take any corrective action at this time. Meanwhile, hundreds of Microsoft Exchange Server users are being affected as spammers exploit the bug. More... [via heise.de]

Why Microsoft wants to buy - then trash - Google

Microsoft really, really wants Google. It wants Google for one reason, namely, to strip it naked and to castrate it. Microsoft wants to put an end to people being able to use the power of Google, especially as to the way that we all can use Google as a tool which makes the Internet particularly useful in helping us all to get through our days without depending on Microsoft.

Here's an exercise for all to try. [...] Search msn for Linux. Note that the third item returned is tech.msn.com and that the page no longer exists. The fourth item deals with this topic "Alternatives to Linux-Apache-MySQL-PHP Learn about the Microsoft alternatives and how to move to them from open source products." More... [The Inquirer]

Microsoft prepares security assault on Linux

Microsoft Corp. is preparing a major PR assault over Windows' perceived security failings in which it will criticize Linux for taking too long to fix bugs, InfoWorld has learned.

In a sign that the inroads made by the Open Source community are starting to rattle the software giant, Microsoft has hired several analysts to review how fast holes are patched in the open source software and is expected to announce that Windows compares favorably. The strategy, called "Days of Risk," measures the number of days it takes programmers to release a public patch after a vulnerability is revealed. While high-profile holes in Linux and associated software tend to be swiftly dealt with, less prominent problems -- which could be just as potentially damaging -- can take weeks or even months to appear.

Microsoft's aim is to undermine critics and place a question mark over Linux's security by revealing that, on average, Windows poses less of a security risk. More... [InfoWorld]

Microsoft releases Windows, Office fixes

Microsoft released three security updates for the Windows operating system and one update for Office, leaving many federal system administrators with no choice but to work on a U.S. national holiday.

The three Windows updates, announced Tuesday, are ranked as "critical," Microsoft's highest rating on the seriousness of security flaws. The updates fix at least eight security issues. The Office update--required for Office 97, 2000 and XP but not 2003--fixes two flaws in the popular productivity program. More... [CNET News.com]

Mimail variants spreading, target antispam sites

New versions of the Mimail e-mail worm are circulating on the Internet, according to alerts issued today from leading antivirus software companies. The new variants are similar to a version of the worm that appeared last week, Mimail.C, and they contain instructions to launch distributed denial-of-service (DDoS) attacks against a number of antispam and e-commerce Web sites, according to alerts posted by Sophos PLC, Symantec Corp. and others.

Mimail targets machines running Microsoft Corp.'s Windows operating system and makes changes to the Windows configuration on machines to ensure the worm runs automatically whenever Windows starts. Linux and Macintosh computers are not affected. More... [Computerworld Security News]

Microsoft Google?

Microsoft, the only true monopoly ion the world, is reportedly trying to acquire Google, the number one search engine. This takeover, if it is completed and allowed, would have a seismic effect on the computer industry and on world business.

Google, which was built from nothing five years ago, is one of the rare stories of survival and actual profit ($200 million last year) from the Internet bubble. It was started by two college students, and is now (over)valued at something like $20 billion. The company has announced that it plans to go public early next year.

Rumors have it that Microsoft is interested in buying part or all of the company before or instead of that IPO. That would be, relatively small change for Microsoft, whose MSN search engine runs a dismal third behind Google and Yahoo. More... [Oligopoly Watch]

Hello.

Yesterday and today hundreds of visitors have come to this website via a Google search for "Evil Empire". Now I'm not sure if you meant to come to this site or not, but let me just tell you that up to a few days ago, the first search result for these terms in Google used to be Microsoft Corporation, at www.microsoft.com. However, Google has since removed this link, and it is now I who has the top spot for this search term. Sorry to disappoint you, but new readers are always welcome. :-) See you.

MS moves to counter open source growth in UK gov

Faced with the possibility of open source making a damaging breakthrough in UK local government, Microsoft has reacted in the usual way, with strong money. [The Register]

E-mail virus turns PCs into spam machines

A new e-mail virus capable of turning infected PCs into "spamming machines" emerged today, targeting corporate and home users in Europe and the U.S., a computer security expert said. Tens of thousands of its corporate computer users in France and Germany were hit by the virus, dubbed "Mimail.C."

The virus carries the subject message line "our private photos ???." Opening the e-mail triggers the virus. The virus installs an SMTP program on an infected PC that turns the computer into a type of e-mail computer server capable of sending out torrents of virus-infected messages. More... [Computerworld Security News]