The Evil Empire
Information about Microsoft, bugs, security holes, and dirty business tactics.
Updated irregularly (about once per week)
January 2005
December 2004
November 2004
October 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
Older archives
February 18, 2004
Hackers take advantage of Microsoft ASN flaw
Hackers have already found a way to take advantage of a critical security hole disclosed by Microsoft Corp. last week. A short computer program that exploits the vulnerability, which is in a common Windows component called the ASN.1 Library, was posted to the Internet on Saturday. More... [Computerworld Security News]
Stop Blaming the Consumer for Security Problems
The hordes at the gates aren't mercenaries but an army of unwitting conscripts. Most are consumers -- your neighbors, in-laws and even your kids -- who unknowingly had their computers hijacked by worms, viruses, malicious JavaScript embedded in Web pages they visited, rogue ActiveX controls and a host of other arcane mechanisms that deliver advertising and enable services that vendors are quite sure people need.
But let's not forget who created this mess. It wasn't the consumer. A PC connected to the Internet is quite possibly the worst consumer appliance ever invented. In fact, it's not an appliance at all. The Xbox is a consumer appliance. A PC is a general-purpose computing device masquerading as a consumer product. Peel away the colorful Windows veneer, and you have a machine that's overly complex, poorly designed for security and comes packaged with unrealistic expectations. More... [Computerworld Security News]
February 17, 2004
Office 2003 fails in usability study
According to a usability study conducted by SirValUse Consulting, most users fail to comprehend many of the functionalities in Microsoft Office 2003 due to its bad user interface and an overall confusing design, where many useful features are hidden, useless features activated, similar actions lead to different results in the different Office applications and many of the terms used to describe features are not understood by the users. More... [Presseportal.de]
February 13, 2004
Q&A: Microsoft source code leaked
Microsoft has admitted that some of the source code for its widely used operating systems have been leaked on to the internet. BBC News Online explains what has happened and what the consequences will be. [BBC]
Microsoft Windows Source Code Leaks Onto Internet
Microsoft Corp. said on Thursday that parts of the source code, or software blueprint, for its closely-guarded Windows programs had leaked onto the Internet, possibly exposing its products to hackers and illicit copying.
Microsoft said that copies of the source code from its Windows NT and Windows 2000 operating systems were being traded over the Internet, but that the copies comprised a tiny portion of the millions of lines of code used to create its cash cow products.
One main risk in having source code exposed to the public is the possibility that hackers could break into computers running Windows NT or Windows 2000 and destroy or steal data. More... [Reuters]
Windows 2000 & Windows NT 4 Source Code Leaks
It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing. More.... [Neowin]
February 12, 2004
Microsoft Goes After Another XML Patent
On the heels of its controversial application for a patent on the ability to store a word processing document in a single XML file, Microsoft is adding other XML patents to its portfolio. The Redmond software maker has been granted a patent for XML script automation. More... [Microsoft Watch]
Microsoft lauds IE as 'the most secure browser'
Internet Explorer is now just about the most secure browser available, says Microsoft - because so many security holes have been filled.
Microsoft released a security patch for Internet Explorer last Monday that fixed three critical vulnerabilities; unfortunately the patch altered the way in which the browser handles certain URLs and forced many companies to reprogram their systems in order to accommodate the change. However, Microsoft has said the update means that Internet Explorer is now safer than any of the other browsers on the market, which users may find ironic due to the sheer number of vulnerabilities discovered in the browser over the past year. More... [ZDNet.co.uk]
February 11, 2004
MS releases double-plus critical security fix
Microsoft's monthly patch train got back on track yesterday with the release of a fix for a potentially devastating security vulnerability involving a core component of Windows. The buffer overrun bug with Microsoft's Abstract Syntax Notation 1 (ASN.1) library could be exploited to seize control of vulnerable systems.
"An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges," Microsoft warns. More...
Microsoft warns of widespread Windows flaw
On Tuesday, the software giant released a fix for a networking flaw that affects every computer running Windows NT, Windows 2000, Windows XP or Windows Server 2003. If left unpatched, the security hole could allow a worm to spread quickly throughout the Internet, causing an incident similar to the MSBlast attack last summer.
"There are more attack vectors and more people that could be affected by this," said Marc Maiffret, chief hacking officer for eEye Digital Security, the software firm that warned Microsoft of the vulnerability more than six months ago.
This is the second time this month that Microsoft has warned users of a security flaw. The company has a new policy of announcing vulnerabilities and releasing patches on the second Tuesday of each month, unless a critical flaw needs to be released immediately.
Last week, the software maker revealed a security flaw in Internet Explorer and issued a patch. On Tuesday, Microsoft announced three more vulnerabilities: the critical flaw and two other issues of lesser severity. One security hole affects computers running the Windows Internet Naming Service, and the other affects Microsoft's Virtual PC for the Mac platform. More... [CNET News.com]
