The Archives of The Evil Empire2002 January
| ||
|
30 January: Watchdog: MS Passport lets crooks in
A privacy group on Tuesday asked state law enforcement authorities to examine software giant Microsoft's Passport online identity service, saying it exposes consumers to fraud, junk electronic mail and identity theft. The Electronic Privacy Information Center sent a letter to all 50 state attorneys general, asking them to protect consumers against what it called Microsoft's unfair and deceptive trade practices because the federal government has failed to act. Launched in 1999, Passport aims to simplify Internet transactions by allowing consumers to store passwords, credit-card numbers and other personal information in one location. The service has drawn the ire of the Electronic Privacy Information Center and other privacy groups, who say it allows Microsoft to track and profile Internet users, encourages junk e-mail, and exposes consumers to identity theft by inadequately protecting their credit-card numbers. 30 January: Passport glitch hits Microsoft game site
Microsoft's online gaming site suffered another glitch in its switch to the Passport identification system, logging subscribers on to a bogus Hotmail e-mail account Monday. A Microsoft representative said Tuesday that the glitch affected those who tried to access their Hotmail account via links on The Zone, the game portion of Microsoft's MSN online service. Instead of being taken to their own account, people were sent to a test account for "customer!@hotmail.com." 30 January: Word documents may contain sensitive data
The German news service heise.de warns users that their Word documents may contain more information than they think. Word tracks and logs all changes to a document - even text that is deleted later on. Also, if more than one user is working on document, information on all users may be contained in the file. NOTE: This article is in German 26 January: Antitrust legal beagles suing MS and DoJ
Antitrust watchdog group the American Antitrust Institute (AAI) will hold a press conference Thursday to announce details of a lawsuit they intend to file against Microsoft and the US Department of Justice, Reuters reports. According to the group, both parties have held meetings and exchanged memos which have not been fully disclosed in court documents. They may be onto something here. It does seem improbable that the DoJ could have come up with a settlement so warmly accommodating of Microsoft without considerable coaching from Redmond. 26 January: What's really behind AOL vs. Microsoft
AOL Time Warner's lawsuit seems to be about Microsoft's competitive practices in the Netscape-Internet Explorer browser wars. But the real fight is over far higher stakes: control of Internet users' online presence. Both the online content provider and the software developer are determined to be the trusted party that Internet users rely on to store all kinds of information--such as addresses, bookmarks, passwords and credit card numbers. This "presence information" will eventually turn most online transactions into a "one-click," Amazon.com-style experience, and whoever controls it will hold a huge competitive advantage. This is especially important to Microsoft and AOL Time Warner because their products--software and content, respectively--lend themselves naturally to subscription-based sales models. If either company can become the default holder of presence information, it will have access to significant and recurring revenue. 26 January: Too many Updates already, users tell The Beast
Research commissioned internally by Microsoft amongst its corporate users has highlighted an unexpected gripe, sources tell The Register. The number one Windows bugbear, is that there are too many updates. Private research reveals that the Update mechanism is out of control, with users unable to prevent individual staff downloading the latest Media Player, for example, unless they block access at the corporate firewall. 26 January: If Microsoft security fails, .Net fails
Microsoft has committed to making its products more secure and worthy of customers' trust. The philosophy outlined in a memo from Bill Gates last week lays out most of the imperatives that Gartner believes are necessary for Microsoft to change the software maker's long-established product management and development culture. If Gates' realignment of Microsoft to the Internet in 1996 had made security a prime concern for new Internet features, enterprises would have avoided many billions of dollars of cleanup costs because of the long list of viruses and worms that have struck Internet-connected servers and PCs. Gartner believes that Microsoft is serious about making this shift because its .Net strategy will fail if the security initiative fails. Nevertheless, changing the management and development culture of such a large company poses a huge challenge, and it won't happen quickly. 26 January: Software pirates are funding terrorists, Microsoft says
Microsoft anti-piracy manager Diana Piquette said at a recent press conference that piracy profits are being siphoned to terrorist organizations and are also being used to fund the activities of organized crime rings. Microsoft and other software companies have also been working to push governments to take piracy more seriously. They have seen some success in this effort, according to Microsoft associate general counsel Nancy Anderson. 19 January: .Net breakdown: More to come?
After a five-day outage, Microsoft fixed a technician's error Tuesday, allowing Windows users to once again access critical operating system updates on the company's Web site. But the problem--the latest in a series--had .Net analysts questioning whether the software giant can deliver the reliability necessary for its widely touted 24-7 Web services initiative. "Uptime becomes much more critical, and Microsoft has not been concentrating on that," said Daryl Plummer, group vice president for software infrastructure at Gartner, a market research firm. "If they are going to do that with .Net and with .Net My Services, they have to get better." 19 January: IE privacy flaw still causing leaks
Microsoft has heavily promoted the privacy features of its new browser. This week, however, computer privacy and security consultant Richard Smith warned that a unique ID created under default settings for the Windows Media Player provides a simple override for those measures. The flaw allows a malicious Web site to create what he described as a "supercookie" capable of tracking people using any version of Internet Explorer and Netscape Navigator, regardless of the privacy settings they choose. "Using simple JavaScript code on a Web page, a Web site can grab the unique ID number of the Windows Media Player belonging to a Web site visitor," Smith said. "This ID number can then be used just like a cookie by Web sites to track a user's travels around the Web." 19 January: Worm poses as Microsoft
update
A new worm masquerading as a software update from Microsoft is capable of deleting all files on the hard drive of an infected computer but has so far spread very slowly, an antivirus company said Monday. 19 January: Security Flaws May Be Pitfall for Microsoft
Microsoft's decade-long focus on cramming new features into its products has come at the expense of protecting computers against viruses and hacking attacks, which are costing customers billions of dollars a year and becoming a top concern of companies and government officials. The latest disclosures follow a record year for security problems, according to statistics released Friday by the federally funded CERT Coordination Center at Carnegie Mellon University. The research clearinghouse said the total number of vulnerability reports it received more than doubled in 2001 to 2,437, after more than doubling in 2000. Taken as a whole, the problems do more than fly in the face of Microsoft's declaration that Windows XP is the safest operating system ever. They are beginning to threaten the stability of a major piece of the world economy and to raise questions about Microsoft's future. 19 January: Worm disables anti-virus software
A new worm called W32.Klez.E@mm is a mass-mailing email worm that also attempts to copy itself to network shares. The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message in which it is contained. The worm also attempts to disable some common antivirus products. 19 January: Glitch halts Windows XP
updates
Engineers are working to fix a glitch in a Microsoft Web server that has prevented Windows XP users from downloading software updates, including a patch for a security hole, a company spokeswoman said Monday. The problem, discovered last Thursday, was created when engineers attempted to update software on a server, she said, adding that it is expected to be corrected before Tuesday. 10 January: MS rigs ZD reader poll to promote .NET
Microsoft has stooped to rigging reader surveys to rescue the crumbling myth of its popularity. It seems that Microsoft actually sank to ballot-stuffing of an on-line poll by ZD-Net.uk asking readers whether they prefer Java or .NET for Web development. "By 21 December, more than two-thirds of the respondents (69.5 per cent), said they planned to deliver some applications by Web services by the end of 2002, with a large majority of those planning to use Java. Only 21.5 per cent said they planned to use Microsoft .Net -- less than the figure (23.5 percent) planning to use neither," a ZD-Net story reports. But then Redmond apparently got wind of the survey, and the innocent poll was swiftly corrupted. As the results swung suddenly and improbably towards .NET, the ZD Web site's logs reported an incredible swell of connections from the Microsoft domain, with one fool trying no fewer than 228 times to stuff the electronic ballot box. "There is also clear evidence of automated voting, with scripts attempting to post multiple times," the news site reports. 10 January: Virus writers take an early crack at .Net
Virus writers have apparently made the early developer list for Microsoft's .Net initiative. On Wednesday, antivirus companies received a copy of the first virus capable of infecting files based on Microsoft's .Net Intermediate Language, or MSIL. Known as W32.Donut, the virus does little but infect other .Net files, but it shows that the programmers who create such code are looking ahead, said Motoaki Yamamura, a virus researcher with security software company Symantec. 10 January: Microsoft moves to close depositions
Microsoft filed a motion that, if successful, would bar the public from access to any future depositions in its antitrust case, but The New York Times and other media organizations will likely oppose it. The Redmond, Wash.-based software behemoth filed a motion Wednesday with the U.S. District Court for the District of Columbia to vacate a standing order in an ongoing antitrust case maintained by 10 states and the District of Columbia. The case grew out of a case originally brought by the Department of Justice. 10 January: Ralph Nader wants Microsoft to
pay
Consumer advocate Ralph Nader has called for Microsoft to start paying dividends to investors, saying the software giant's $36 billion cash pile amounts to an illegal tax shelter for wealthy shareholders such as Chairman Bill Gates. Nader, through his Consumer Project on Technology (CPT) office, wrote Gates a letter last Friday saying Microsoft should change its practice of not giving dividends--cash payments usually paid each quarter to shareholders. 2 January: Active Scripting bug in Internet Explorer allows hackers to read files and launch applications
Veteran bug hunter Georgi Guninski has found a bug in Internet Explorer 5.5 and 6 that allows malicious web sites to read files on a computer using the GetObject() command. This may launch arbitrary programs. Guninski advises users to "Disable Active Scripting and never turn it on. Better, do not use IE in hostile environments such as the internet."
|
