Summary: IDG report about mass defacements of Windows sites in Australia and other security problems that are new

HAVING just taken a glance at the past week's news from IDG^*, we found:

i. Australian Cereal Hacker on Defacement Rampage

The ANZAC Day attacks were conducted by a single hacker, or hacking group, and affected Windows 2003 operating systems.

ii. Microsoft Investigates SharePoint 2007 Zero Day

Microsoft is scrambling to fix a bug in its SharePoint 2007 groupware after a Swiss firm abruptly released code that could be used in an attack.

The proof-of-concept code was released Wednesday, just over two weeks after security consultancy High-Tech Bridge says it disclosed the issue to Microsoft on April 12.

iii. Texas Man to Plead Guilty to Building Botnet-for-hire

A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP -- just to show off its firepower to a potential customer.

The third article ought to call out Windows, which is responsible for hundreds of millions of zombie PCs

Microsoft views vulnerabilities also as an opportunity. Here is the latest propaganda whose purpose is apparently to sell Vista 7 using 'security' as an excuse (Microsoft is hiding flaws without ever reporting them, probably in order to distort statistics). As we showed before, Vista 7 is not secure. To name some older posts on the subject:

• Vista 7 Cracked Again
• Trend Micro: Vista 7 Less Secure Than Vista
• Vista 7 Less Secure Than Predecessors? Remote BSoD Now Possible!
• Cybercrime Rises and Vista 7 is Already Open to Hijackers
• Vista 7: Broken Apart Before Arrival
• Department of Homeland Security 'Poisoned' by Microsoft; Vista 7 is Open to Hijackers Again
• Vista 7 Security “Cannot be Fixed. It's a Design Problem.”
• Why Vista 7 Could be the Least Secure Operating System Ever
• Journalists Suggest Banning Windows, Maybe Suing Microsoft Over DDoS Attacks
• Vista 7 Vulnerable to Latest “Critical” Flaws
• Vista 7 Seemingly Affected by Several More “Critical” Flaws This Month
• Reason #1 to Avoid Vista 7: Insecurity
• Vista 7 Left Hijackable Again (Almost a Monthly Recurrence)

Ian Paul from IDG has just written about Vista 7's "worst features":

Windows 7 fixed many of Vista's ills, but it also introduced a few of its own.

IDG also has this new article about the LoveBug worm, which is estimated to have cost $5-8 billion in damages (for one worm alone). Needless to say, Microsoft did not carry the burden of these damages.

When the LoveBug worm hit 10 years ago, it was a different time when people believed admirers were really reaching out to say "I love you", personal firewalls were turned off by default and executable attachments weren't blocked at e-mail gateways.

Those circumstances allowed the Love Letter worm -- the first Visual Basic script worm -- to infect more than 50 million computers worldwide within a week, causing estimated $5 billion to $8 billion in damages, bringing down networks by maxing out their ability to fire off e-mails and causing painstaking disinfection of affected machines.

Here we are a decade later and Microsoft never resolved those issues which it continually promises to address. ⬆

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

___ ^* We chose IDG so as not to be accused of choosing a Microsoft-hostile source.