32 posts tagged with security and Microsoft.
Displaying 1 through 32 of 32. Subscribe:

ms12-020 mistery: the packet stored in the "chinese" rdpclient.exe PoC is the EXACT ONE I gave to ZDI!!! @thezdi? @microsoft? who leaked?

Included in this month's Patch Tuesday was MS12-020, which is a remote exploit in Microsoft's widely deployed Remote Desktop Protocol (RDP). Microsoft projected an exploit would be out 'within a month', but a Proof-of-Concept (PoC) appeared on a Chinese website within a few days. Professionals are concerned. The discoverer of the vulnerability noted that the PoC included the exact packet he had crafted to help Microsoft understand he issue; this points to a leak in the MAPP early vulnerability sharing program. A full remote exploit isn't out yet, but is expected soon.
posted by These Premises Are Alarmed on Mar 18, 2012 - 36 comments

The dry, technical language of Microsoft's October update did not indicate anything particularly untoward.

Its reach is impossible to measure precisely, but more than 3 million vulnerable machines may ultimately have been infected. : The inside story on the Conficker Worm at New Scientist.
posted by The Whelk on Jun 15, 2009 - 84 comments

Quis custodiet ipsos custodes?

The National Security Agency is building a data center in San Antonio that’s the size of the Alamodome. Microsoft has opened an 11-acre data center a few miles away. Coincidence? Not according to author James Bamford, who probably knows more about the NSA than any outsider. Bamford's new book reports that the biggest U.S. spy agency wanted assurances that Microsoft would be in San Antonio before it moved ahead with the Texas Cryptology Center. Bamford notes that under current law, the NSA could legally tap into Microsoft’s data without a court order. Whatever you do, don't take pictures of it the spy building unless you want to be taken in for questioning.
posted by up in the old hotel on Dec 8, 2008 - 42 comments

"A Cost Analysis of Windows Vista Content Protection"

"[C]omputer design is being dictated not by electronic design rules, physical layout requirements, and thermal issues, but by the wishes of the content industry." By deliberately breaking audio and video functionality, opening up new avenues for debilitating malware, and reversing performance gains in desktop PCs and third-party components, Peter Gutmann argues "the Vista Content Protection specification could very well constitute the longest suicide note in history."
posted by Blazecock Pileon on Dec 23, 2006 - 132 comments

Trusted Computing

Trusted Computing. Microsoft and friends are proposing some major alterations to the way that computers work, the ostensible goal being to increase security. But others say that the real goals are much more insidious.
posted by bingo on May 22, 2004 - 15 comments

Microsoft update disables user:password in URLs

With its latest security update Microsoft has disabled the ability to pass username:password pairs in URLs. If you usually use this format for connecting to your site via either FTP or HTTP, it will no longer work after you install this update.
posted by johnnydark on Feb 4, 2004 - 34 comments

Microsoft = Megatarget.

Microsoft = Megatarget. A new worm is rapidly spreading across the Internet, functioning like a massive DDOS attack and crippling ISPs in South Korea. It's host? Microsoft SQL server. (Get yor fix on, then reboot!) What impact will it have over here, I wonder...
posted by insomnia_lj on Jan 25, 2003 - 63 comments

While MS-bashing is often too easy, this statement about recent security holes seemed especially astounding: "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk," said Scott Culp, manager for Microsoft security response. Interesting. Unless it is configured to receive mail, like, you know, an email program.
posted by judith on Oct 11, 2002 - 30 comments

Did you install it yet?

Did you install it yet? You may want to think twice. That new software update for Windows Media Player isn't just a security update, if you read the End User License Agreement carefully, it states:
"In order to protect the integrity of content and software protected by digital rights management 'Secure Content', Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer."
Does anyone know anything more about this? How about recommendations for a suitable replacement for WMP?
posted by Hackworth on Jul 1, 2002 - 31 comments

Microsoft Windows + NSA = loopholes in security:

Microsoft Windows + NSA = loopholes in security: "A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into [almost all versions of] Windows." an interesting article that really shouldnt be surprising, and all the more reason to buy a mac.
posted by sixtwenty3dc on Mar 22, 2002 - 25 comments

Microsoft to make products more "trustworthy."

Microsoft to make products more "trustworthy." A lot of buzz words floating around here, like "trustworthy" and "security." Does this mark a true sea change in Microsoft strategy, or is it just a PR stunt, too little, too late? One thing I'll say, though - I never thought I'd hear this coming from Bill: "Users should be in control of how their data is used... It should be easy for users to specify appropriate use of their information, including controlling the use of e-mail they send." (from the AP report)
posted by topolino on Jan 17, 2002 - 14 comments

FBI warns Microsoft XP users

FBI warns Microsoft XP users "The FBI is urging computer users to unplug and don't play when it comes to addressing serious security flaws found in Microsoft's new Windows XP program." "Microsoft admitted this week that there are several serious glitches in the new software. " Really?
posted by headlemur on Dec 22, 2001 - 24 comments

"MS releases mother of all IE security patches"

"MS releases mother of all IE security patches" Per the article: Microsoft has released a cumulative patch for Internet Explorer which the firm says is a "critical" security precaution against crackers which should be applied "immediately". Time to update/upgrade boys and girls. :)
posted by crankydoodle on Dec 14, 2001 - 11 comments

The Twenty Most Critical Internet Security Vulnerabilities

The Twenty Most Critical Internet Security Vulnerabilities
This is a list of Internet security tips that SAMS and the FBI updated yesterday. The list is really aimed at IT professionals and does not offer much advice to the home user. My advise for any home user who is worried about viruses and security: 1. Don't use Windows OS, any Windows OS (try Linux or Mac) 2. Remove Outlook from your computer. 3. Don't open e-mail attachments you did not ask for.
posted by DragonBoy on Oct 2, 2001 - 10 comments

Gartner's opinion proliferates

Gartner's opinion proliferates into the mainstream Internet news sources. any further thoughts?
posted by tatochip on Sep 25, 2001 - 10 comments

Gartner Group

Gartner Group recommends that IIS users look elsewhere for a better web server.
posted by vowe on Sep 21, 2001 - 8 comments

New worm doing the rounds.

New worm doing the rounds. Great.
posted by nico on Sep 18, 2001 - 23 comments

Seeing weird things in your website logs today? This will explain it... Running IIS and haven't patched it in over a month? Go here. 13,000 servers have already been affected.
posted by machaus on Jul 19, 2001 - 37 comments

Win XP's Product Activation as a breeze to hack. Provided that RC1 still ships as is and you keep your RAM locked at a fixed number of sticks, it's simply a matter of keeping a backup of a DBL file. For all the ballyhoo, it's amazing that something this obvious slipped under the cracks. With WPA this sloppy, is this the only half-hearted facet of Windows XP?
posted by ed on Jul 17, 2001 - 36 comments

Security Threat! But only if your server's running...

Security Threat! But only if your server's running... No crap. I love the Note on Microsoft's security bulletin for it's recent IIS 5.0 security flaw. Did anyone need to be told that?
posted by mecawilson on May 4, 2001 - 4 comments

MSIE leaves the door wide open on your Windows OS...

MSIE leaves the door wide open on your Windows OS... I can't believe that the myriad "security holes" are coincidental... maybe we should call them back doors. I mean, really... who do they think they're kidding? We all know who really wants surreptitious access to our systems. [via Glish]
posted by silusGROK on Apr 3, 2001 - 5 comments

One million credit card numbers stolen! News at 11!

One million credit card numbers stolen! News at 11! The FBI has gone public with a rather dry account of a huge organized attack on ecommerce sites, exploiting security flaws in NT which Microsoft fixed and offered patches for nearly two years ago.
posted by Steven Den Beste on Mar 9, 2001 - 5 comments

Linux no longer foolproof?

Linux no longer foolproof? And a smile descened upon Redmond...
posted by mecawilson on Jan 22, 2001 - 21 comments

Do as we say, not as we do.

Do as we say, not as we do.
posted by solistrato on Nov 6, 2000 - 15 comments

Yet another outlook vulnerability.

Yet another outlook vulnerability. This one's significantly nastier than the previous ones, because it can attack and run programs on your computer as you download the email from your server
More >>
posted by cCranium on Jul 19, 2000 - 12 comments

New Microsoft Bug Found

New Microsoft Bug Found This one's pretty serious. Because it affects the whole world.
posted by PaperCut on May 20, 2000 - 13 comments

Microsoft's latest security loophole

Microsoft's latest security loophole involves the much-hated animated paperclip "Office Assistant". Despite its ability to create or delete files, someone chose to mark it as "safe for scripting", allowing it to be controlled by script on a web page.
posted by harmful on May 17, 2000 - 2 comments

Blame MICRO$OFT

Blame MICRO$OFT for the "I love you" virus, ohh, and it has 40 authors to it
posted by tiaka on May 16, 2000 - 14 comments

[ Damn, it's busy this morning... ]
"Outlook is perfectly safe... perfectly safe; that's why we're fixing it."
posted by baylink on May 16, 2000 - 4 comments

From Microsoft support: General Information About Using VBScript with Outlook

From Microsoft support: General Information About Using VBScript with Outlook
VBScript is designed to be a secure programming environment. It lacks various commands that can be potentially damaging if used in a malicious manner. This added security is critical in enterprise solutions.
(via Phil Agre's RRE mailing list)
posted by tregoweth on May 14, 2000 - 0 comments

You know their server isn't particularly secure; well neither is their browser.
posted by ericost on Apr 19, 2000 - 2 comments

More news on the IIS exploit

More news on the IIS exploit After acknowledging the problem last week, Micro$oft is now saying that the backdoor in IIS... is a flaw. M$ Technet seems to have a fix for this problem, delete the offending file! So, if systems are your bag, my advice is to start researching security if you are running M$ internet server products (SQL 7, Exchange, IIS, Index Server, etc.).
posted by Dean_Paxton on Apr 17, 2000 - 2 comments

Page: 1