Laser Blog

Articles tagged "security"

99 Another Windows Flaw

Monday 26th November, 2007

Yes, I know that Windows flaws are ten a penny. It's just that this one is quite amusing.

The bug ... resides in a feature known as Web Proxy Autodiscovery (WPAD), which helps IT administrators automate the configuration of proxy settings in Internet Explorer and other web browsers.

So far so good. But wait, Microsoft fixed this problem years ago!

... the flaw affects every version of Windows including Vista and is actually the continuation of an old vulnerability that Microsoft supposedly fixed years ago.

Oops.

Microsoft appears to have released a patch for the vulnerability in 1999. But the patch only protected domain names ending in .com, so WPAD servers using all other addresses have remained vulnerable.

Hilarious! These idiots would have you believe that the security of Microsoft products rivals that of Linux? Unbelievable.

~

96 Microsoft updates Windows without users' consent

Thursday 13th September, 2007

There is a small storm in a teacup brewing over recent events in which it's been confirmed that Microsoft has updated copies of Windows XP and Windows Vista without the users' consent, even if auto-updates have been turned off. Obviously these folks don't read (or is it "understand") the Windows EULA which they clicked on and agreed to when they first started their newly-purchased PC (or when they actually paid for and installed the software.)

Most users of Microsoft Windows seem to have their collective heads buried in the sand. The thing the don't seem to get is that Windows users are just that, users. They don't own the software, they have just purchased the right to use it. Microsoft explicitly retain ownership and the right to update their system as and when they choose.

I don't understand why people are acting so shocked. Windows doesn't belong to you. If it bothers you having a third party changing files on the PC you use without your permission, you can always use an OS which you do own.

~

91 Analysis of a cracked Linux host

Saturday 18th August, 2007

Sadly, another case of link rot.
Rob. April 2015.

This is a fascinating analysis of a cracked Linux host. The cracker seems to have made a number of fundamental mistakes which led to the owner becoming concerned as to why some services weren't running. The owner then called in a friend (the author) who started to analyse why the server was behaving so unusually. Well worth a read.

~

85 Vista sends data about users to MS

Monday 2nd July, 2007

You have to wonder how much of this sort of thing is down to the NSA.
Rob. April 2015.

Well, no surprise. Microsoft uses Vista to gather information about you. I've made many posts about this, just type "Vista" in the Quicksearch text field and press enter. So what? What can they tell?

... in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.

Geez, 20? That seems rather a lot. Those twenty features and services all use CPU and RAM on your PC, to snoop on you. You'll have to read the full article to find out exactly what those 20+ data mining techniques are (plus how you can bypass some of them). But surely Microsoft are a responsible company. (Actually, I couldn't type that last sentence without grinning.) Well, the Vista license agreement clearly states:

"By using these features, you consent to the transmission of this information. Microsoft does not use the information to identify or contact you."

And they say they're not going to identify you. All they say they want is your:

"Internet protocol address, the type of operating system, browser and name and version of the software you are using, and the language code of the device where you installed the software."

Heh, if they have your IP address, they have you. But they clearly stated that they won't identify you, so, problem over? Not quite.

"Microsoft may disclose personal information about you if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights of Microsoft (including enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft software or services, or members of the public,"

The good faith belief? Microsoft? Come on.

~

80 A canned history of spam

Friday 1st June, 2007

There is a concise, but interesting history of spam on the NineMSN site. I guess its release has been timed to coincide with the news about the Italian ISP Tiscali being blacklisted as spammer-friendly.

Going back to the NineMSN article, I find it a little ironic that MSN is publishing an article based on a problem which in no small part is caused by the lax security of the software produced by it's parent company:

Like many other spammers, Robert Soloway sent out his bulk emails using so-called "zombie" computers: these are usually ordinary home computers that have been inadvertently infected with a virus that opens them up to spammers.

What authors always fail to stress in these articles is that the "ordinary home computers that have been inadvertently infected with a virus that opens them up to spammers" are invariably running Windows.

~