The words "Microsoft" and "security" are synonymous, but often for all the wrong reasons. It’s the curse of success really. When you own an overwhelming slab of the world’s desktops, naturally the Black Hats will come after you rather than other niche operating system providers. And let’s face it, Windows is hardly Helm’s Deep when it comes to repelling Orcs.
It now appears that Microsoft may have gone the extra yard with its latest vulnerability, inadvertently providing some of the code to “hackers who posted a barebones proof-of-concept attack for a critical Windows vulnerability” in Windows Remote Desktop Protocol.
Computerworld reports that Italian Security expert, Luigi Auriemma, who discovered the original bug, believes lax security procedures by Microsoft may have given hackers a head start.
According to Computerworld’s story, Auriemma said, “The data packet used by the proof-of-concept (PoC) -- which first appeared on a Chinese website, according to Trustwave's SpiderLabs -- was the same one he had submitted to HP TippingPoint's Zero Day Initiative (ZDI) as part of the verification process to obtain his bug bounty.
“But the executable code -- which used Auriemma’s data packet to trigger the RDP vulnerability -- showed signs of having been made by Microsoft months after ZDI passed on its findings to the Redmond, Wash. developer. ‘The executable PoC was compiled in November 2011 and contains some debugging strings like 'MSRC11678' which is a clear reference to the Microsoft Security Response Centre.’”
Auriemma is quoted from his personal blog, “In short, it seems written by Microsoft for [its] internal tests and was leaked probably during its distribution to their 'partners' for the creation of antivirus signatures and so on.”
The alternative Auriemma suggests is that a “Microsoft employee was [the] direct or indirect source of the leak.” But he discounts the likelihood that a direct hacker intrusion was to blame. Microsoft, not surprisingly, declined to comment.
For a sense of the importance of the bug, <i>ZDNet</i> in its article last week about the security patch noted, “98 per cent of all Australian organisations run RDP internally…” Actually that number feels a little high to Grok, but we accept it’s still probably a pretty big chunk. “...And 30 per cent have the RDP service exposed to the internet.”
Encyclopaedia Britannica pulls the plug on print — 10 years too late
Encyclopaedia Britannica announced last week that after 244 years it would no longer publish print editions. Grok was extremely surprised by this news — surprised that it was still printing. We figured that game ended long ago. Microsoft first had a stab at usurping EB back in the ‘90s, with the worthwhile but, occasionally, laughable results via Encarta.
It was Wikipedia that really brought it undone — not just with a new distribution model, but with its crowd sourced, self-regulating content model. In the middle of the ‘00s, Nature Magazine published a study that it claimed it showed Wikipedia was only slightly less inaccurate (162 errors) than Encyclopaedia Britannica (123). As you might imagine, this lead to quite a snit with Britannica demanding a retraction and Nature suggesting in an editorial that Britannica gets over itself. You can just imagine what Twitter would have made of it all, had it been around then.
Encyclopaedia Britannica’s decision to move to a digital-only model won’t alter the root cause of its troubles. Wikipedia is still there, so are its army of editors and its self-regulating audience.
Yahoo’s argument looks soft
A follow up to last week’s story on Yahoo’s patent Jihad against Facebook: As Grok wrote at the time, the argument looks like a losing proposition for Yahoo. Forget the acrimony and outright hostility towards the brand that all the ill will from its action has created. After all, a big fat pay day in the courts would sooth that pain. The real issue is that Yahoo probably won’t win.
<i>Business Insider</i> provides a very brief overview of the reasons, but essentially it comes down to the idea that the patents are all just a bit too vague, and not especially new or novel to stand up to scrutiny.
Business Insider suggests that the action will follow a predictable course and it will all end quietly in a backroom over a check book. And presumably, to nobody’s satisfaction, except perhaps all the lawyers.
Battery life is not getting any better
Finally, there’s a longer piece on PandoDaily about the importance of battery life to smartphone users and the impact on brand choice. While the conclusions are self-evident (people like phones with longer battery life) it’s still a really important story by virtue of the fact that battery life is getting worse, not better. There’s so much we could say, but stories about phone batteries are very, very boring. Just writing these few brief words on the topic have made Grok’s eyeballs bleed. Here’s the link. The story itself is based on a report by J.D Power. The gist of it is available here.
Andrew Birmingham is the CEO of Silicon Gully Investments. His iPhone needs charging again.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.