Privacy, Security Archive

Is Linux Really More Secure Than Windows?

Ramen, Slapper, Scalper and Mighty may sound like Santa's new team of reindeer, but they are creatures far lower down the evolutionary ladder -- and much less welcome. These are worms that have infiltrated Linux servers in recent months, commandeering the servers for use in distributed denial-of-service attacks. Linux enthusiasts who once believed they were less vulnerable to attack than Microsoft users have begun to wonder whether they were overly optimistic. Read the article at NewsFactor.

Intel Reveals Share Denial PC Scheme

"Intel is to embed certificates into the processor. Embedded certificates will be a feature of Banias processors next year. What are the downsides? You can count them. The business of ownership of a device suddenly becomes very important indeed - your PC is tagged at birth, and your choice of operating system or browser is contingent on the generosity of the certification authority." Read the report at TheRegister.

Exploiting Design Flaws in the Win32 API for Privilege Escalation

"This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor." Read the paper over at Tombom.co.uk. In the meantime, another flaw affects Windows 2000, Linux and MacOSX.

Microsoft’s Palladium: Security, but for Whom?

ExtremeTech features a series of articles regarding Microsoft's new security chip, codenamed Palladium. It seems that Intel, AMD and even National are part of this plan, while it is not clear if alternative operating systems will be given specs for this technology. Even if these OSes will choose to not use the chip, Microsoft is quite likely to advertise the "feature" as a Good Thing (TM) for the users (which may or may not be true), making the other OSes to sound unsecure.

At Microsoft, Security Trumps App Compatibility

"In a sea change of philosophy, Microsoft Corp. is working to put security ahead of not just features and functionality, but also legacy application compatibility. In a meeting with eWEEK last week, several Microsoft executives responsible for security software development said the company is also changing the way it ships some products to make them safer and will begin developing its own line of security software." Read the rest of the report at ExtremeTech. In related news, a pair of Office XP bugs were uncovered while more security updates can be found here.

Microsoft: .Net Security Fears ‘Unfounded’

"Microsoft Corp. is going on the offensive to restore confidence in its .Net platform after a security consulting firm claimed it had found a critical flaw in a new compiler Microsoft released earlier this week. In an unusual move, a member of the team that developed the product in question--the Visual C++.Net compiler--posted a lengthy message to the Bugtraq security mailing list excoriating Cigital Inc. for making what Microsoft deems to be false claims in its press release and inciting unnecessary concerns about the security of .Net applications built with the compiler. Brandon Bray, a member of the product's development team said: 'The allegation that applications compiled with Visual C++'s /GS switch somehow expose themselves to more attacks is unfounded and patently false.'" Read the rest of the story at ExtremeTech.

FBI Warns of WindowsXP Security Hole

The FBI's National Infrastructure Protection Center has urged users of Microsoft's WindowsXP operating system to disable a feature that could leave computers open to attacks from hackers. In a statement issued Saturday, the FBI's NIPC, which usually leaves computer security warnings to the private sector, said it held technical discussions with Microsoft and industry experts Friday to identify ways to minimize the risk from security holes in the XP software, which was launched in late October.

Yet Another Security Hole for the Windows Platform

"Microsoft may have touted Windows XP as the most secure operating system it has made, but the company on Thursday released a bug fix for a security hole that could leave some people's systems open to malicious attack. Microsoft is recommending that every Windows XP customer apply the patch immediately. Customers using Windows 98, Windows 98 Second Edition and Windows ME with the "Universal Plug and Play" service up and running should also use the patch, the company said." And this comes only a few days after the serious IE6 security hole where Microsoft also urged the users to upgrade immediately.