Bill Gates Mugshot

The Evil Empire
Information about Microsoft, bugs, security holes, and dirty business tactics.
Updated irregularly (about once per week)

 

June 29, 2004

Gates defends Microsoft patch efforts

Microsoft chairman Bill Gates Monday following widespread attacks on the Internet by suspected Russian organized crime gangs.

Last week's attacks used unpatched vulnerabilities in Internet Explorer to deploy a Trojan horse program on the victim's machine, which could capture the user's Internet banking passwords. The SANS Institute's Internet Storm Center reported the attacks were launched through a large number of websites, some of them "quite popular," which had been penetrated and modified to deliver malicious code.

Two of the Internet Explorer vulnerabilities exploited in the attacks were discovered in active use on June 6th, and have not yet been patched by Microsoft, according to an analysis by IT security company Symantec. The attacks also used a controversial Internet Explorer feature that permits local HTML documents to create or overwrite files on a user's computer.

Still, speaking at a press conference here Monday, Gates told journalists that Microsoft's patching process compares well with competitors'. More... [The Register]

Posted by Horst at 03:25 PM

June 25, 2004

Web Graphics Exploit Marching Across Internet

Security experts are tracking a new piece of malware that appears to be compromising large numbers of Windows PCs and may be laying the groundwork for the creation of a large spamming network or a major attack in the future.

When visitors to a few particular Web sites—including popular auction, shopping and price-comparison sites—request pages that include the malicious graphics, the code automatically downloads itself onto their machines. Once installed, the code unpacks itself and loads a keystroke logger on the PC.

NetSec officials said the attack seems to exploit a vulnerability in Internet Explorer. More... [eweek]

Posted by Horst at 12:07 PM

June 24, 2004

IIS 5 Web Server Compromises

US-CERT is aware of new activity affecting compromised web sites running Microsoft's Internet Information Server (IIS) 5 and possibly end-user systems that visit these sites. Compromised sites are appending JavaScript to the bottom of web pages. When executed, this JavaScript attempts to access a file hosted on another server. This file may contain malicious code that can affect the end-user's system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems. More... [US-CERT]

Posted by Horst at 03:56 PM

June 08, 2004

Researcher sets up IE bug archive

Chinese researcher Liu Dieu Yu has set up a web resource that provides details of all bugs in Internet Explorer, Windows Media Player, Java Virtual Machine and Outlook. Any vulnerabilities detailed at two major mailing lists - Bugtraq and Full-Disclosure - and by Microsoft are collected and displayed at the page, with updates taking place thrice a day. More... [The Age]

Posted by Horst at 12:24 PM

Another security leak in Internet Explorer

A security advisory on the security mailing list Full Disclosure is pointing out a newly discovered security leak in Internet Explorer 6, which allows an attacker to load any code onto a remote computer and execute it. According to the advisory, the code is already being used by some malicious websites. Visiting the website alone is enough to trigger the vulnerabilty and have trojans and adware installed on your computer. The German publisher heise Security is confirming the leak and has updated its browser check page. More... (in German) [heise.de]

Posted by Horst at 12:19 PM

June 02, 2004

Smoke, Mirrors and Silence: The Browser Wars Reignite

Make no mistake: Microsoft really hates the web. The new browser war may appear to be about the emergence of Mozilla and friends with their polished eye-candy interfaces, but it's really about Microsoft versus the W3C. Internet Explorer is Microsoft's blocking tactic—never to be properly web-compliant, never to give the W3C a day in the sun—and Longhorn technology is the big-stick alternative being built. One of the purposes of Longhorn is to destroy the web as we know it. More... [InformIT]

Posted by Horst at 01:42 PM
© Copyright 1999-2004 Horst Prillinger, 

Valid XHTML 1.0!  Dublin Core used here   Made with a Mac