● 06.15.10

●● “Tens of Thousands of [Microsoft IIS] Sites” Are Being Compromised

Posted in Database, FUD, GNU/Linux, Microsoft, Windows at 2:29 am by Dr. Roy Schestowitz

Summary: Another live example of Microsoft ‘security’ at work; debunking the latest Linux lies from Ed Bott

“SECURITY through obscurity” sounds like a good idea in theory. As we recently found out (and had confirmed by Microsoft), part of this obscurity is lack of disclosure. Microsoft is silently patching flaws that it never discloses, which is dishonest if not fraudulent when Microsoft issues security reports based on such oversight.

Microsoft is silently patching flaws that it never discloses

According to this new article, “tens of thousands of sites” running Microsoft’s software are paying the price for having ‘secret’ vulnerabilities:

↺ this new article
There’s a large-scale attack underway that is targeting Web servers running Microsoft’s IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there’s no clear indication of who’s behind the campaign right now.The attack, which researchers first noticed earlier this week, already has affected a few high-profile sites, including those belonging to The Wall Street Journal and The Jerusalem Post. Some analyses of the IIS attack suggest that it is directed at a third-party ad management script found on these sites.

This must be the latest example of why nobody gets fired for avoiding Microsoft.

nobody gets fired for avoiding Microsoft

Speaking of Windows security, “Juniper Networks Protects Customers From New Microsoft Vulnerabilities” after Juniper became filled with Microsoft managers [1, 2, 3]. It’s just something to bear in mind.

↺ “Juniper Networks Protects Customers From New Microsoft Vulnerabilities”
1
2
3

There is some bad FUD about Linux security at the moment (coming primarily from Ed Bott). SJVN has already responded to this FUD:

Ed Bott
↺ responded to this FUD
Here’s what really happened. UnrealIRCd, a rather obscure open-source IRC (Internet Relay Chat) server, wasn’t so much hacked as the program it was letting people download has been replaced by one with a built-in security hole. Or, as they explained on their site,

Microsoft boosters like Bott have been desperate to show that GNU/Linux is not more secure than Windows. As companies like Google dump Windows for security reasons, Microsoft will carry on with this FUD campaign but rely on peripherals/extensions (like Bott) to do the attacks]. That’s just how Microsoft operates when it needs FUD. See the “smoking gun” below. █

rely on peripherals/extensions (like Bott) to do the attacks

“As discussed in our PR meeting this morning. David & I have spoken with Maureen O’Gara (based on go ahead from BrianV) and planted the story. She has agreed to not attribute the story to us….

“[...] Inform Maureen O’ Gara (Senior Editor Client Server News/LinuxGram) or John Markoff (NYT) of announcement on Aug 28, 2000. Owner dougmil (Approval received from BrianV to proceed)

“Contact Eric Raymond, Tim O’Reilly or Bruce Perrins to solicit support for this going against the objectives of the Open Source movement. Owner: dougmil [Doug Miller]. Note that I will not be doing this. Maureen O’Gara said she was going to call them so it looks better coming from her.”

Microsoft uses reporters as attackers

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink  Send this to a friend

Permalink
↺ Send this to a friend

----------

Techrights

➮ Sharing is caring. Content is available under CC-BY-SA.