The Archives of The Evil Empire2000 June/July
| ||
|
31 July: W2K Service Pack causes trouble
The German computing news service Heise reports that the news Windows 2000 Service Pack 1, only released this weekend, is apparently causing trouble for some users: there are reports that ZoneAlarm, a personal Firewall, refuses to work after installation, reports about installation failures and about frequent IP stack losses among users with DSL connections. NOTE: This article is in German 31 July: Ballmer: "Linux is communism"
Steve Ballmer was the only person to raise the issue of Linux when he wrapped up Microsoft's annual financial analysts meeting in Seattle, although he put Sun and Oracle ahead in terms of being stronger competitors. They of course are 'civilised' competitors - but the Linux crowd, in the world of Ballmer, are communists. 28 July: MS plans subsidised X-Box street price
Microsoft will subsidise the street price of its X-Box games platform, due out next year, and is planning to spend $500 million in total on making the machine a success. The $500 million will cover subsidies, marketing and support to retailers and software developers. 27 July: Multimedia software glitch pains Windows
A compatibility glitch between Microsoft's Windows 2000 operating system and a popular multimedia tool may cause computers running the software to destabilize and reboot, according to the company. The problem with Adaptec's Easy CD Creator, one of the most popular software programs for writing data to compact discs, came to light this weekend when customers from both companies called support lines to report the problem. The software comes bundled with many popular CD drives. 17 July: Dangerous Windows flaw
The SANS Institute warns of a dangerous Windows flaw - "probably the most dangerous programming error in Windows workstation (all varieties - 95, 98, 2000, NT 4.0) that Microsoft has made". According to SANS, you are vulnerable to total compromise simply by previewing or reading an email (without opening any attachments) if you have one of the affected operating systems and have Microsoft Access 97 or 2000, and Internet Explorer 4.0 or higher (including 5.5) installed. 14 July: IE 5.5 bugged in first week
A newly discovered security bug in Microsoft's Internet Explorer 5.5 browser promises to send the company's engineers back to work on a product released just this week. The security hole lets an attacker read files on a target's computer, according to Georgi Guninski, the Bulgarian bug hunter who demonstrated the bug. The problem, as described in a Guninski advisory, lies in an ActiveX control that ships with IE 5.5, released this week, and with earlier versions of the browser. ActiveX is Microsoft's method of letting a Web browser interact with other, more powerful desktop applications. The technology has been the target of security concerns for some time. 13 July: IE 5.5 angers Web standards advocates
Microsoft came under fire today from Web standards advocates over its latest browser, which lets Web developers offer their visitors fairly complex applications with the flick of the wrist--as long as those visitors aren't using Netscape. On top of that, Microsoft's adherence to basic industry standards for Web technologies as basic as HTML--often called the Web's lingua franca--has been called into question by standards advocates. Together, the proprietary innovation and the purported faults in standards compliance mean that Web pages created to work for IE--widely considered to be the dominant browser--won't work with browsers from Netscape, Opera Software and other providers. As if to illustrate the predicament, the download page for version 5.5 came up blank for Netscape users yesterday and this morning. 12 July: Security hole leaves Microsoft's Excel vulnerable
Microsoft said it is working to close a security hole in its Excel spreadsheet program that could open computers to attack while bypassing warning systems. The bug in Excel 2000 could yield control of the target computer, security analysts warned. The vulnerability lets an attacker create an Excel file (.xls) that, upon being opened, can execute code placed in a dynamic link library (DLL). DLLs are files that application programmers use to share code among various Windows applications. 12 July: Hotmail glitch exposes email addresses
A flaw in Microsoft's Hotmail program is inadvertently sending subscribers' email addresses to online advertisers, the company confirmed today. "If you have a Hotmail account and you subscribe to an HTML newsletter that serves ad banners, simply by reading the message, the leak occurs," said Richard M. Smith, a privacy and security expert who brought the design flaw to Microsoft's attention in mid-June. "The source of the problem is that Hotmail includes your email address in the (Web address), and if you read an email that has banner ads" the Web address will be sent to the third-party company delivering the banner, he said. 5 July: Microsoft IIS security hole persists despite available patch
An old and subsequently well-publicised flaw in Microsoft Internet Information Server (IIS), which allows anyone with a Web browser to gain admin-level access to a server, continues to plague many sites in spite of the availability patches to correct it. The hole enables an unauthorised visitor to determine what version of NT is running, and to see or easily guess file and directory locations with a mind towards further exploitation of the site. On an e-commerce site with a shopping cart application running, the flaw can make it easy to compromise consumers' account details. 3 July: Microsoft patches security hole in IE
Microsoft today issued a patch for an Internet Explorer bug that uses files from the software maker itself to crash computers. Because of flaws in Internet Explorer's "Active Setup Download" technology, hackers or malicious Web site operators could potentially crash Internet-connected computers by overwriting files. Active Setup treats all Microsoft-based files as trusted, which means the browser will automatically download them without asking for permission. A malicious programmer can theoretically access Microsoft-signed files from a Microsoft Web site, where they are freely available, and include these trusted files as part of a download. 1 July: June roundup We're back! Thanks for bearing with us and waiting for us. June has been extraordinarily busy, with two web projects and a course taking up most of my time, and add to that the excessive heat wave we had... And what a month it was - first Judge Thomas Penfield Jackson ruled that Microsoft was guilty of having a monopoly on software and that it be split in two companies. You've probably read all about it, so I'll spare you the links. Microsoft answered by buying a couple of other software companies this month, most notably game designer Bungie, which was apparently needed to compensate for the lack of qualified game software authors... Anyways, in their game of "Embrace and Expand", Microsoft continues to In the meanwhile we've had another round of "ILOVEYOU"-like mail worm attacks, which baffled both antivirus software developers and apparently also Microsoft itself by the sheer richness by which they exploited the Okay, thanks for listening to this quick recap of what happened in June; July news now trickling in slowly, so keep tuning in...
|
