The Archives of The Evil Empire2001 August
| ||
|
29 August: Microsoft.Net: a new monopoly?
Microsoft.Net can be summarized in one simple statement: Microsoft is building an Internet monopoly. Microsoft is poised for success given its broad market penetration, current business practices and deep pockets. But Microsoft's trump card is the desktop monopoly that governs how over 96 percent of people access the Internet. Tie the desktop monopoly to Microsoft-held Internet properties and watch Internet.Net grow. 28 August: Protests over the release of Internet Explorer 6
The latest version of Microsoft's Internet Explorer browser, made available for free download Monday, is drawing protests because it doesn't support two rival products commonly used on Web sites. Internet Explorer 6.0 will not automatically support the embattled Java programming language or Netscape-style "plug-ins," though users and developers will have tools to make the browser compatible with those products. Microsoft decided to drop support for the plug-ins in favor of Microsoft technology called ActiveX. 27 August: MS bugware blamed for 'inadvertent' hack
Possible Good Samaritan Brian West of Oklahoma was using MS FrontPage when he learned (inadvertently, he claims) that he could gain privileges on the local Poteau Daily News Web site without authentication. After bringing this gaffe to the paper's attention, he got into a bit of hot water with the Feds for 'exceeding authorization' on the machine. Now West's lawyers are claiming that Microsoft's bugware is to blame for the whole incident. 24 August: XP Invasion Is Imminent
Microsoft's new operating system, Windows XP, works well enough that there's no reason to think it won't dominate the world. The biggest problem may be enduring the onslaught of built-in pitches to use other MS services. 24 August: Bill Gates' Way or No Way
We don't have enough automobile companies, but at least we have a few. We have, what, hundreds of TV channels? Probably enough. At the grocery, I counted 11 brands of toilet tissue. I have my choice of at least six manufacturers of aloha shirts, dozens of religious groups, five branches of the military service, a couple of kinds of tooth fillings, about 69 cuisines and a lot of different kinds of bikes. Then we have Microsoft. No choice, no spice, no soul, no pleasure. 23 August: Lobbyists Tied to Microsoft Wrote Citizens' Letters
Letters purportedly written by at least two dead people landed on the desk of Utah Atty. Gen. Mark Shurtleff earlier this year, imploring him to go easy on Microsoft Corp. for its conduct as a monopoly. The pleas, along with about 400 others from Utah citizens, are part of a carefully orchestrated nationwide campaign to create the impression of a surging grass-roots movement. The targets of the campaign, attorneys general of some of the 18 states that have joined the Justice Department in suing Microsoft, have figured out the campaign's origins, and they're fuming. The campaign, orchestrated by a group partly funded by Microsoft, goes to great lengths so that the letters appear to be spontaneous expressions from ordinary citizens. Letters sent in the last month are printed on personalized stationery using different wording, color and typefaces—details that distinguish those efforts from common lobbying tactics that go on in politics every day. Regulators became suspicious of the ruse after noticing that the same sentences appear in the letters and that some return addresses appear invalid. 22 August: MS stalks US local government
Microsoft has issued letters to 650 US local government authorities, asking them to conduct "voluntary software audits", according to information obtained by LinuxWorld.com The letters appear to form part of a campaign to persuade municipalities in America to adopt easy-to-adminster enterprise licensing contracts. However, Microsoft is also carrying a big stick—the threat of penalties, in effect enormous fines—to municipalties that have failed to keep proper account of their licence obligations to the company. 22 August: Microsoft, the masters of spin, at it again
If you've read even one article about Microsoft you probably already know that everything the company does is in the interest of consumer convenience. Well, that's the spin, anyway. As a consumer interested in convenience, you have to ask yourself: Why is Microsoft coming out with a new version of Windows that doesn't include a popular feature called the Java Virtual Machine? Microsoft can try to spin the answers from now until judgment day, but it's clear that the world's biggest software company didn't have your best interests in mind—to say nothing of those of the millions of developers who use Java technology to ensure compatibility across diverse computing platforms. 22 August: Serious security leaks patched
MS has patched a serious vulnerability in Outlook 2002 by which an attacker could take over one's machine. At issue is an ActiveX feature, the Outlook View Control, which enables mail folders to be viewed via Web pages. In Outlook 2K the flaw doesn't give up control, but could allow for minor mischief. Additionally, a CSS (cross-site scripting) vulnerability in Hotmail which could have allowed for considerable HTML mischief was sorted out before it became popular, thanks to WhiteHat Security which found it and alerted MS. 22 August: [Humour] The real Windows interface
You'll like this. An interactive Shockwave movie that threatens to offer you the Windows RG (really good edition) OS. It has all your favourite MS items, like crashing, eating huge chunks or memory, tons of error messages and so on. 21 August: The trouble with Hotmail
Miller, a software quality assurance expert, could hardly believe what he was reading. Microsoft's inability to simply change [a user's] age, or even delete and re-create the account, seemed ridiculous. Though perhaps not quite life-threatening in importance, to Miller the incident bore a significance that extended beyond your average software nuisance. If Microsoft's engineers couldn't fix an apparently minor problem with Hotmail, how much confidence should Net users place in Microsoft's much more ambitious plans—with its much ballyhooed .NET initiative and HailStorm—to absorb their online lives? 20 August: Hotmail hole exposes e-mails
Hackers have exposed a security flaw which allows you to read other people's e-mails in Hotmail. Details of how to read other people's messages have been posted on a website run by a group called Root Core and it has quickly spread to other sites and newsgroups. "This is a serious vulnerability with Hotmail," said Graham Cluley, senior technology consultant at the anti-virus firm Sophos. 20 August: Microsoft withdraws Windows XP security claim
A promotional Web site for Microsoft's soon-to-be-released Windows XP operating system said it would offer the same protection from viruses and hackers that major corporations use, but the company has since rescinded those assurances. A Microsoft executive had the reference removed from the Web site after The Associated Press questioned it. 20 August: MS Firewall has security holes
Microsoft's much vaunted first security product has become the subject of three separate security problems. Internet Security and Acceleration (ISA) server 2000, which was positioned by Microsoft as a credible alternative to corporate firewalls, has become the subject of two denial of service and one cross site scripting flaws. Microsoft has issued an alert, which explains these problems in detail and how to get a single patch which we're told addresses all three of these flaws. 17 August: MS confirms: support for Netscape-style plug-ins dropped in IE 5.5 SP2 and IE 6
SYMPTOMS: Netscape-style plug-ins do not work after you upgrade Internet Explorer by installing any of the products listed above. Some examples of Netscape-style plug-ins include QuickTime by Apple Computer, Inc.; Finale MusicViewer by Coda Music Technology; and AlternaTIFF by Medical Informatics Engineering. CAUSE: The versions of Internet Explorer that are listed above do not support Netscape-style plug-ins. RESOLUTION: Contact the manufacturer of your Netscape-style plug-in to inquire whether the manufacturer has a version of the component available that is built on ActiveX technologies. 16 August: IIS über-patch claims to wipe out all old Web server flaws
Microsoft has released an über-patch that aims to address all the previously announced vulnerabilities in its IIS Web server software, and a few more besides. The cumulative patch includes the functionality of all security patches released to date for IIS 5.0, and all patches released for IIS 4.0 since Windows NT 4.0 Service Pack 5. Microsoft has promised that the cumulative patch eliminates the "side effects" of the previous IIS cumulative patch, which have led some admins to defer the installation of the fix even while the FBI warned the Russian Mafia was exploiting flaws with IIS to raid online banks. 16 August: Making Lemonade
How Microsoft Is Using Its Own Legal Defeat to Hurt Java
Eolas has been wiping the courtroom floor with Microsoft, which doesn't look like it will win. If Microsoft can't win the case, they will have to pay damages to Eolas and perhaps pay a license fee, too. But what if Microsoft takes a different route and simply removes from Windows the offending code? That would be unthinkable even months ago. It would require the removal of Java and the abandonment of APPLET and EMBED tags from future versions of Windows. Then, on August 10th, came a note from Apple engineering staff to the QuickTime VR mailing list saying that "IE 5.5 SP2 [for Windows] will not use the QuickTime plug-in no matter what you do. Microsoft has disabled all 'Netscape style' plug-ins, there is nothing you can do. Look for information from us about how work around this problem in the near future." Goodbye EMBED. Of course, this has a delightful outcome for Microsoft. They are able to abandon Java and blame it on Eolas. It puts even more oomph behind Microsoft's move to .NET. And as an extra bonus, Apple's QuickTime (and RealPlayer, too!) gets nuked in favor of Microsoft's next-gen Media Player. 15 August: IE upgrade cuts off QuickTime
With IE 5.5, Microsoft discontinued support for plug-ins, according to a Microsoft representative. Instead, the browser relies on technology developed by Microsoft known as ActiveX that links desktop applications to the Web. ActiveX has been seen as a challenger to Sun Microsystems' Java programming language, which Microsoft has said will no longer be supported by default in its pending Windows XP operating system and IE 6. ActiveX has also been identified as a source of serious security risks, offering a powerful tool for malicious programmers to take control of a target computer, for example. As specific security problems have come to light, Microsoft has issued repeated service pack upgrades and patches for its browser. 15 August: MS asks court to wait while it delays
Microsoft's lawyers clearly operate better out of court than in. The case the company made for itself during the epic Jackson antitrust trial was, frankly, dismal, but the post-verdict delaying tactics are starting to acquire a certain baroque splendour. Microsoft has already asked the Appeals Court to change its mind on browser-related aspects of its decision, and has asked the Supreme Court to overturn the Appeals Court's ruling. Now it has asked the Appeals Court not to decide on whether to send the case back to the District Court or not until after the Supreme Court has decided what it's going to do about Microsoft's request for it to overturn the ruling of the Appeals Court. 14 August: MS drops support for Netscape-compatible plugins in IE
Jim Gaynor writes: "It seems that Microsoft dropped support for plug-ins written to the Netscape standard, and is now only supporting ActiveX plug-ins in IE 5.5 SP2 and IE 6. Here at the University of Washington, several groups have been told not to upgrade, as certain plug-ins that are used for our in-house databases break under IE 5.5 SP2." As a symptom of this fact, Robin Walker found that Internet Explorer 5.5 SP2 for Windows is incompatible with QuickTime: "It will not play QuickTime movies, or work with any other function that requires the QuickTime plug-ins. QuickTime plug-ins play QT movies in other versions of MSIE up to and including MSIE 5.5 SP1, but SP2 just gives a blank frame or broken graphic icon. The same problem with QuickTime is reported to be present in the previews of MSIE 6.0 for Windows. 10 August: Hacking IIS—how sweet it is
The Register has looked over a few recent credit-card database compromises brought to our attention by CardCops (formerly AdCops), an organization which tries to get the straight dope on e-commerce hacks directly from the blackhat community to better inform merchants of threats to their systems. Not surprisingly, Microsoft IIS is quite popular among carders, because its got lots and lots of holes, and because its often used by people who lack the technical know-how to bung them. CardCops founder Dan Clements reckons that IIS is in use by roughly fifty per cent of e-merchants, but represents over eighty per cent of their data compromises. 10 August: MS internal network whacked by Code Red
It's not just MSN—Code Red has just ripped through Microsoft's internal network too, according to our spies in Redmond. The unleashed worm is claimed to have whacked numerous servers on the corporate network; something of an embarrassment for Microsoft this, as it can only mean we hadn't quite got our act together on the patch front before the storm broke. 9 August: How Microsoft's file system caper could wrongfoot the DoJ
A wag last year suggested to us that since Oracle was the only competition Microsoft had left, its next step would be to bundle SQL Server with the operating system. If current briefings are correct—and Microsoft has evidently been briefing pretty heavily—then that's exactly what the company intends to do, and then some. It's a move could not only wrong foot the Beast's wealthiest antagonist, but antagonise the Department of Justice. 9 August: IE 6 central to Passport privacy boost
Microsoft will soon be offering better privacy and security for online consumers, but at a price: exclusive use—for now—of the company's forthcoming Internet Explorer 6.0 Web browser. 9 August: [Humour] Windows, Windows everywhere
I'm sending you this e-mail from 2021--40 years after IBM released its first personal computer--in a last attempt to prevent the mistakes in computer development that put civilization in jeopardy. Not everything is awful. Some things are just, well, weird. Read more... . 9 August: Hotmail servers infected by Code Red
Microsoft has confirmed that some servers running its MSN Hotmail service were infected with a version of the Code Red worm, though it said no personal information was breached. A company representative said Thursday that a number of its servers were brought offline to deal with the problem and that service was not disrupted. The infection comes after a big push by the Redmond, Wash.-based software giant to get customers to download a patch to protect their computers from the virus. 7 August: Microsoft asks Supreme Court to take case
Microsoft Corp. appealed to the Supreme Court on Tuesday to overturn a ruling that the software giant is an illegal monopoly that has harmed consumers and stifled competition. Microsoft sent the petition to the high court two days before the case was to be sent to a new judge to decide what penalty the Redmond, Washington, firm should face. Simultaneously, Microsoft asked the appeals court that currently has the case to hold off any action until the Supreme Court decides whether to take the case. The action could make it more difficult for the Justice Department and 18 states to seek an injunction against Windows XP. 6 August: How to anonymously get root access on a quarter million machines overnight
In the past 24 hours the CodeRed II worm has been infecting IIS web servers with a speed equal to or greater than that of the original CodeRed. The original CodeRed infected what is thought to be all vulnerable machines, approximately 250,000 hosts, in under 24 hours. While CodeRed I was relatively harmless, CodeRed II installs a full Administrator-access back door shell that can be accessed via HTTP. This creates a very interesting situation, and with the techniques discussed in this paper opens a new potential door for mass system cracking. 6 August: Code Red II Wends Its Way
A nasty spinoff of the Code Red worm began to wiggle across the Internet early Saturday, scanning quickly and furiously in a search for vulnerable computers to infect. "Code Red II" is far more dangerous than its namesake, which infected other machines so that it could then use them to attack the White House website. If the new worm infects a system it installs a "back door" into that system, allowing a malicious hacker to remotely connect to and control any Code Red II infected Web servers. Code Red II can only infect systems running the Microsoft Windows 2000 operating system, and only if Microsoft's Internet Information Server (IIS)—a Web server application—is also installed and active. If a system has already been patched against the original version of Code Red, it cannot be infected by Code Red II. 6 August: MS Passport considered "harmful"
The lynchpin of Microsoft's web services - the Passport authentication service - has been found wanting in a study by two senior AT&T scientists. The authors credit Passport with being an ambitious model, but warn that "the system carries significant risks to users that are not made adequately clear in the technical documentation available." 6 August: MS Sends Listbot to the Heap
One of the Web's most popular e-mail listservs is about to be shuttered. The alternative? Pay or move. It's another sign of things that were to come, but now are here. 2 August: Microsoft drops eleventh hour app blocking into WinXP
Although Release Candidate 2 (RC2) of Windows XP is billed as a bug fix, it actually implements a long-promised feature that disables current versions of some users' most trusted software. At the eleventh hour, Microsoft has turned on "Driver Blocking", and RC2 refuses to install a host of third party applications including Black Ice, Zone Alarm and AOL.
|
