The Archives of The Evil Empire2001 July
| ||
|
31 July: Icons Cluttering Up Windows Space
An attorney who once represented Compaq in a complaint against Microsoft got a bit nostalgic on Monday when asked about the icon spat between AOL and Microsoft. "This is, as Yogi Berra would say, deja vu all over again. The Microsoft case really got off in earnest when the Texas attorney general's office began investigating Compaq's complaints that Microsoft went in and upset a deal Compaq had with Netscape," he said. And on Monday, it seemed to some people that Microsoft was interfering in a deal that Compaq had made with AOL, which is the current owner of Netscape. 30 July: The SirCam Worm: Email Exhibitionism
The most frightening thing about this worm is this: thas person's letter has been sitting on her emplyer's hard disks for months, and she had no control over its being sent to me. She would never have known if I hadn't dropped her a line. Despite my best efforts to avoid Microsoft products my privacy may still have been compromised. Many of my friends use Windows, and I trust them to keep secrets about the private information we've shared. The problem is that I can no longer trust their computers. No matter how careful we are, the insecure monocultures of Windows and Outlook turn us all into exhibitionists. 30 July: MS Amends Icon Concession
Microsoft will allow computer makers to put icons for competing products on the desktop of its new computer operating system as long as they plug Microsoft's MSN Internet service as well. Company spokesman Vivek Varma said Microsoft has told computer manufacturers they have two choices for how they configure Windows XP, due out Oct. 25. They can either ship computers with a desktop free of any icons, or they can add as many icons as they want, but only if they also include an icon for Microsoft's MSN Internet access. The decision was made public only after computer maker Compaq said Friday it had struck a deal with Microsoft rival America Online to exclusively feature AOL's Internet service on the startup sequence of computers featuring Windows XP. 30 July: Microsoft set to thwart AOL cable bid
Microsoft is determined to prevent AOL Time Warner from acquiring or buying a stake in AT&T's cable business, according to a report Monday. The Financial Times quoted people close to Microsoft as saying the company was prepared to use its financial muscle to encourage alternative bids for the AT&T Broadband division, rather than see AOL become the dominant player in the U.S. cable market. 27 July: Four new ways to stuff someone's Win machine—security leaks abound
First up, there is a nifty hole which affects RPC (Remote Procedure Calling), which is used chiefly to support distributed applications. Next up, an unchecked buffer in MS Media Player affecting all users of MP 6.4, 7, and 7.1. can allow an attacker to run arbitrary code on the victim's machine with the user's level of permission. Next we have a memory leak in Win-2K Terminal Server involving the processing of incoming Remote Data Protocol. Each time a maliciously-crafted RDP packet is processed, the memory leak depletes overall server memory by a small amount. Finally, a recent social-engineering hack involves an e-mail memo which contains a bogus MS security bulletin. 24 July: White House Web site moves to Linux
The White House Web site has been moved onto a Linux platform after its administrators managed to successfully side step an attack by the Code Red worm. The move onto Linux is interesting but should be seen as the incidental consequence of moving the site so that it is hosted by a peering firm, not a ringing presidential endorsement of the open source operating system. 24 July: Pentagon: Closed due to 'Code Red' alert
Fear of seeing its public Web servers taken over by the Code Red worm has inspired the US Department of Defense (DoD) to disable nearly all of them as a precaution. It's also showing a decided lack of confidence in its admins, who ought to have patched their machines weeks ago. Systems will come back on line when DoD is confident that its admins have install the required fixes. 23 July: IT bugs out over IIS security
An increasing number of IIS users have grown weary of the nonstop flood of security problems that have plagued Microsoft's widely deployed Web server. Since the beginning of last year, Microsoft has issued 21 security bulletins for IIS 5.0 alone, a number that is increasing at the rate of about one every three weeks. Security consultancy @Stake Inc. estimates that IIS holds 25 percent of the market for enterprise Web servers, yet more than 50 percent of the Web sites listed on the Attrition.org archive of defaced sites are running IIS. 20 July: Code Red bug hits Microsoft security update site
Microsoft's own Windows Update site has fallen victim to the Code Red worm. As previously reported, the Code Red worm attacks an unchecked buffer in the IIS Indexing Service ISAPI filter, which, if exploited, can yield system-level access to an intruder. The fact that the Windows Update site, which provides a portal to product updates and security patches along with advice on critical updates, wasn't itself up to date with the latest security patches is richly ironic. 19 July: The Tonya Harding of technology
What do you do if you can't win a fair competition? Club your opponent in the knees. That seems to be Microsoft's tactic against Java, a programming standard Microsoft doesn't control. Microsoft's next version of the Internet Explorer browser, set to ship with Windows XP, will no longer include a Java Virtual Machine. That means that Java applications will no longer run in the browser without the user downloading additional code. Additionally, Microsoft will treat mobile Java code the same way it handles viruses in IE and Outlook. In other words, Microsoft is playing monopoly once again by taking its browser ball home. 19 July: Privacy-threatening, 'network-aware' virus on the loose
A worm which appends a random document from a victim's hard drive to its body when it spreads has appeared on the Internet. The Sircam worm, which spreads as an attachment to email messages, may in certain cases delete files from a victim's hard disk. Sircam is similar to the Magistr virus in its ability to arrive in an email with a random subject, body text and attachment name. Sircam spreads by sending copies of itself to every address in a user's Microsoft Outlook mailbox and by checking for shared or mapped drives, and then copying itself to other networked machines. 19 July: Code Red worm set to flood Internet
Servers infected by the so-called Code Red worm—estimated to be in excess of 100,000 computers—were scheduled to flood a specific Internet address representing the White House Web site with a deluge of data starting at 5 p.m. PDT, overwhelming it to the point where it could not be accessed. However, administrators for Whitehouse.gov apparently moved the site to an alternate address. The worm sought out vulnerable Web servers using Microsoft software. If system administrators don't patch their systems Aug. 1, they could be re-infected with the worm, starting the whole process over again. 17 July: New Worm Exploits Security Leak in Microsoft IIS
Almost 12,000 Web servers have been infected by a new Internet worm that takes advantage of a security flaw in Microsoft software to deface sites, security experts said Monday. The worm could also help attackers identify infected computers and gain control of them. Since late last week, a malicious program has been scanning the Internet and compromising Microsoft systems running unpatched versions of the Internet Information Server (IIS), according to independent reports. Among the victims is the Austrian newspaper Die Presse, whose online edition was defaced last night. 16 July: The Monopoly Has Just Begun
Insidiously, incrementally, Microsoft is collecting user data. And over time, it is going to collect more and more information about what I buy and what I do. I don't really have a choice. It is very nearly impossible to use any computer without using Microsoft's software, and increasingly that means that it is very nearly impossible to avoid handing over your personal information to the company. And this situation is just going to get worse, because Microsoft does have a monopoly, and it is using that monopoly to aggressively expand its dominance of computers—personal computers, office servers, handheld computers, even set-top boxes—and its dominance of the Web and Web services delivered through its Internet Explorer browser. The fact that Microsoft is roping in all this personal data becomes more worrisome when you consider that the company is getting more aggressive about what it does with its platform. Read the whole of this excellent article by Stewart Alsop. 16 July: Microsoft to charge for MP3 ripping
Consumers looking to rip MP3s using Windows XP's media player will have to pay as much as $30 extra for the capability. Microsoft originally planned to ship Windows XP with low-quality MP3 recording capabilities, leading to charges that the company favored its own Windows Media Audio (WMA) format instead. On Monday, the company announced two Windows XP add-on packs, one providing full MP3 support and the other DVD playback. Pricing has not been determined, but estimates are "between $15 and $30, depending on the features." 16 July: The Microsoft standard is anything but
True standards are approved by standards organizations like the IEEE, W3C, and ISO. Microsoft generally embraces standards but also extends them with proprietary features. Thus, Microsoft products typically interoperate with standards-based programs from other vendors, but they interoperate better with other Microsoft products. This gives IT managers an incentive to standardize on Microsoft. This is exactly the effect that Microsoft hopes for. 14 July: Microsoft closes a window on charity
Microsoft, the world's richest software company, has told a Geelong charity group, PCs for Kids, that it must stop distributing the secondhand computers it recycles and gives to poor children until it can obtain licences for the software they carry. The charity says that to do so would cost it up to $600 a machine, far beyond its resources or the market value of the computer. It has suspended its operations and said appeals this week to Microsoft had "fallen on deaf ears". 14 July: Will record labels play in Microsoft's band?
As the major record labels try to remake online music in their own image, Microsoft's presence is looming powerfully enough to influence the biggest alliances in the business—even if the software giant hasn't struck the big deals itself. Nevertheless, the company has been able to use the growing influence of its Windows Media audio and video technology as leverage over the rest of the industry. 13 July: New security leak in Office XP allows intruder to read your e-mail and take over your computer
Bug hunter extraordinary Georgi Guninski has posted a warning of a new security hole in Office XP. Office XP installs an ActiveX control called "Microsoft Outlook View Control." This exposes a property called "selection" which allows access to a user's email messages. It also, says Guninski, exposes the Outlook "Application" object, which could allow execution of arbitrary programs on the user's computer. This could allow an intruder to take full control of the user's computer. 13 July: New security leak in Outlook opens computers to hackers
Microsoft is warning customers about a flaw in an ActiveX control within its Outlook e-mail software that could let an intruder access their computers.The vulnerability affects Outlook 98, 2000 and 2002, the e-mail application included in Microsoft's Office desktop software. It involves an ActiveX feature called Microsoft Outlook View Control, which is designed to let people view mail or calendar information through Web pages. Because of the glitch, the control could allow an attacker to delete mail or change calendar information, running code on the target machine via a Web page or HTML-based e-mail, the software company said in a security bulletin posted on its Web site Thursday. 12 July: Microsoft's offer rings hollow
Microsoft has finally admitted wrongdoing and signaled it badly wants to reach a settlement with the Department of Justice and state attorneys general. Now it is giving users the ability to remove the Internet Explorer browser from the upcoming XP operating system. Didn't Microsoft say during the trial that it was impossible to separate the OS and its browser? Now its says it can offer the option retroactively to Windows 2000, ME and 98. Perhaps its time for the DoJ to file a perjury charge, because it is now crystal clear that Microsoft bolted the OS and IE browser together for its own monopolistic convenience to kill Netscape. 12 July: Microsoft concessions considered meager
Microsoft on Wednesday said it will allow PC makers to remove Internet Explorer icons from the Windows Start menu and to block access to Internet Explorer in the new Windows XP operating system. The company also will extend this to Windows 98, Windows Me and Windows 2000. Though this may seem a monumental shift from previous restrictions, Microsoft has left plenty of room to retract the changes through other arrangements. More importantly, the licensing changes would let Microsoft continue with other potentially anti-competitive business practices, legal experts said. 12 July: Microsoft to offer online music service
Microsoft jumped into the online music fray Thursday with a deal to offer Pressplay, an online service formed by music giants Vivendi Universal and Sony, on its MSN network. The deal with Microsoft is seen as the latest salvo against its high-tech rivals—AOL Time Warner's America Online and RealNetworks—in the battle over the market for streaming media. It will also help Microsoft propagate its Windows Media format to monopolize music on the Internet. 10 July: Marijuana virus puts security to pot
The Marijuana virus is alienating potential supporters of legalising marijuana. It has been packaged into a 'game' called Dope Crop which in reality is a Trojan horse program that changes the start page on a user's browser to my.marijuana.com and puts a marijuana leaf on a user's system tray. Upon infection, it uses a security leak in Outlook to propagate by sending itself to every user in the Outlook address book. It also changes the name of Internet Explorer to "Marijuana Explorer". 10 July: Evil Empire visits "Evil Empire" I suppose it's about time that the Evil Empire itself would finally visit this web site. Having as few visitors per day as we do (about 20-30 per day), it struck us as some kind of surprise that someone from the microsoft.com domain would finally set their foot (or rather eye) on our page. Weirdness has it that the next visitor immediately afterwards would be, well, somebody completely different... we hope we provided good entertainment for both of them. ;-)
10 July: Microsoft to schools: Give us your lunch
money!
Salon.com has a story about schools in Philadelphia feeling unfairly treated by Microsoft's attempts to crack down software piracy. Critics in Philadelphia and elsewhere say that Microsoft and the BSA have their priorities out of whack. They argue that educators shouldn't have to pay exorbitant prices for software in the first place, but more importantly, that no public school should be compelled to play by the rules of an ever-changing license system that treats cash-strapped educational institutions just as it does for-profit businesses. 9 July: MSN Messenger partial outage: Day 7
The MSN Messenger outage spilled over into a seventh day Monday, with many users of the free service complaining of inaccessible accounts, despite Microsoft's claims that most had been restored. As the outage continues, analysts and Microsoft customers are also questioning the viability of the company's new Web services initiatives that rely on instant messaging, such as Microsoft.Net and HailStorm. 7 July: Microsoft Cracks Down On Sharing Windows XP
If you're one of the millions of consumers with multiple PCs in your household, and you plan on upgrading them to Microsoft's forthcoming Windows XP operating system, you're in for a rude surprise. For the first time, Microsoft plans to force families to buy a separate, full-price copy of Windows for each PC they upgrade. Each copy is expected to cost around $100. Not only that, but the company's method for enforcing this rule, a system called "product activation," requires you to let Microsoft create and store a profile of the configuration of every PC on which you install Windows XP—even if only a single machine is involved. What if your PC malfunctions, and you have to reinstall Windows XP? Well, you'll have to explain the situation to Microsoft, and beg the company to allow you to activate it again. 6 July: Win2K becomes a spam relay thanks to security hole
A flaw in the Win-2K SMTP (Simple Mail Transfer Protocol) authentication scheme allows unauthorized users to access the system using bogus credentials and bounce spam and death threats off unwitting users' machines with impunity. "An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server," an MS security bulletin explains. 6 July: IIS buffer-overrun attack has been scripted
A Japanese computer enthusiast named 'HighSpeed Junkie' has developed an attack script for a recently-identified unchecked buffer in the Microsoft IIS (Internet Information Services) Indexing Service ISAPI filter, which, if exploited, can yield system-level access to an intruder. 6 July: MSN users seek answers for glitch
Microsoft's MSN Messenger outage spilled over into a fourth day, with many users of the free service complaining about poor communications from the company. MSN Messenger users started experiencing troubles on Tuesday, with the most commonly reported glitches being connection problems and missing buddy lists of friends. The service appeared to go down completely at 3 p.m. PDT on Thursday, though users in Australia reported some activity overnight. By Friday morning, service had been partially restored in many countries. Microsoft has been fairly tight-lipped about the matter. 2 July: Microsoft: Two-pronged open-source attack
In a preliminary license for its wireless Internet tools, the software giant appears to be floating a trial balloon by explicitly banning the use of open source code. Microsoft's language, which could become part of its commercial licensing terms, specifically bans use of the Linux open source operating system (OS), which Microsoft seems to find especially objectionable. But in a bid to attract more software developers to its Internet initiatives, Microsoft last week announced a "shared source" program, in which it will make available two key tools for Internet applications. The announcement appears to be an effort to broaden its appeal and escape the stamp of offering only closed Windows systems.
|
