Storm worm authors switch tactics
,----[ Quote ]
| The "updates" - loaded with Trojan code - attempted to trick gullible users
| into becoming infected even in cases where their machines are fully patched
| and up to date.
`----
http://www.theregister.co.uk/2007/08/20/storm_vxers_refine_tactics/
See the links below. Microsoft secretly patches security holes and it calls the
patches something else. It also groups things together to alter the numbers.
Also listed below is Microsoft's **own** (leaked) description of this tactic
which involves lies and so-called 'researchers'.
Last week:
Microsoft reacts to kernel hacks, defends Vista
,----[ Quote ]
| Microsoft wasn't much help in figuring out exactly what was beefed up by the
| PatchGuard update; the accompanying information was extremely vague. The
| MSRC's release manager, Simon Conant, was just as tight-lipped in a posting
| to the center's blog. "The update adds additional checks to Kernel Patch
| Protection for increased reliability, performance, and security," Conant
| said.
`----
http://www.infoworld.com/article/07/08/15/Microsoft-reacts-to-kernel-hacks_1.html?source=rss&url=www.infoworld.com%2Farticle%2F07%2F08%2F15%2FMicrosoft-reacts-to-kernel-hacks_1.html
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf
“There’s an interesting article in the April 2007 issue of Harper’s magazine
about panels, audits, and experts. It is called CTRL-ALT-DECEIT and is from
evidence in Comes v. Microsoft, a class action suit in Iowa. Here’s a
paragraph from a document admitted into evidence, called “Generalized
Evangelism Timeline,” about guerrilla or evangelical marketing:
Working behind the scenes to orchestrate “independent” praise of our technology
is a key evangelism function. “Independent” analysts’ reports should be
issued, praising your technology and damning the competitors (or ignoring
them). “Independent consultants should write articles, give conference
presentations, moderate stacked panels on our behalf, and set themselves up as
experts in the new technology, available for just $200/hour. “Independent”
academic sources should be cultivated and quoted (and granted research money).
They advise cultivating “experts” early and recommending that they not publish
anything pro-Microsoft, so that they can be viewed as “independent” later on,
when they’re needed. This type of evangelical or guerilla marketing is
apparently quite common in the high-tech fields, and seems to be used
liberally by open source developers.
The document admitted into evidence also says, “The key to stacking a panel is
being able to choose the moderator,” and explains how to find “pliable”
moderators–those who will sell out.
It is all a big money game. Most activists in any field know of
countless “hearings,” in which hundreds of citizens would testify before a
panel, only to be ignored in favor of two or three industry “experts.” When a
panel is chosen, the outcome seems to be a foregone conclusion. As with
elections, they don’t leave anything to chance.”
(a post from a Mark E. Smith about exhibit PX03096 “Evangelism is War” from
Comes v. Microsoft).
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
How secure are Linux, Window and Mac OS?
http://www.masuran.org/node/29
2006 Operating System Vulnerability Summary
http://www.omninerd.com/2007/03/26/articles/74
Linux vs. Windows: Which is Most Secure?
http://www.esecurityplanet.com/views/article.php/3665801
Linux Security: A Big Edge Over Windows
http://www.linuxinsider.com/rsstory/54742.html
The problems with Vista laid bare - What might have been
http://www.theinquirer.net/default.aspx?article=38419
Why Windows is less secure than Linux
http://blogs.zdnet.com/threatchaos/?p=311
Linux more secure than Windows, national survey shows
http://www.xomba.com/linux_more_secure_than_windows_national_survey_shows
Microsoft Windows: Insecure by Design
http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer
If Only We Knew Then What We Know Now About Windows XP
http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html?nav=rss_technology
Why Windows is a security nightmare.
http://www.smh.com.au/articles/2004/05/21/1085120110704.html
The Structural Failures of Windows
http://www.theinquirer.net/default.aspx?article=15305
More than half of Microsoft Vista needs re-writing
http://www.theinquirer.net/default.aspx?article=30516
Windows Fiji: Now second half of 2008?
http://blogs.zdnet.com/microsoft/?p=520
Microsoft admits Vista screwed - report
,----[ Quote ]
| Vista SP1 is code named "Fiji", presumably after a pretty looking
| island which is paralysed by coups.
|
| In a statement regarding the service pack Microsoft admits that
| Vista has "high impact" problems.
`----
http://www.theinquirer.net/default.aspx?article=37125
Microsoft cuts Windows virtualization features
http://news.zdnet.com/2100-3513_22-6182852.html
,----[ Quote ]
| "Right now, Microsoft has nowhere to run, and nowhere to hide. After all
| the hype surrounding Vista, the Emperor has finally been revealed in all
| his naked glory. Some folks have been predicting the demise of Microsoft. I
| wouldn't go that far, but I am wondering how we?re ever going to take
| Microsoft seriously again?"
`----
http://www.regdeveloper.co.uk/2007/04/29/vista_end_dream/
A history of Microsoft Windows - the inside story exposed
,----[ Quote ]
| 2004: (...)
| THE MANAGEMENT: "What do you mean it still doesn't work? Try
| harder!"
|
| 2005: (...)
| "MAKE IT WORK! FOR GOD'S SAKE, MAKE IT WORK! Well, throw it away
| and use the server version then, that seems all right. Look, they
| won't know the difference, drop the database stuff, nobody remembers
| what we said in 1995 now! That was ten years ago! "Apple has what?
| 3D acceleration? So, we have DirectX. What, in the desktop? Really?
| What, even Stallman's beardie-weirdies have it? Oh hell. Right, you
| lot, make it look like this!"
`----
http://www.theinquirer.net/default.aspx?article=37962
MS Insider: The Office Crew Isn't Smart Enough to Supplant Real Windows
Developers
http://www.emailbattles.com/2006/09/11/ms-insider-the-office-crew-isnt-smart-enough-to-supplant-real-windows-developers/
http://tinyurl.com/35eqrt
|
|
