Microsoft

Sick of Microsoft's spam referrer campaign? You can respond to this assault on your logs with a simple step.

I found a great site today called Bad Vista. The purpose of Bad Vista is to stop Vista adoption by promoting free software.

Microsoft Windows Vista's fine print apparently severely reduces the control people have over their computers:

Vista's legal fine print includes extensive provisions granting Microsoft the right to regularly check the legitimacy of the software and holds the prospect of deleting certain programs without the user's knowledge. During the installation process, users "activate" Vista by associating it with a particular computer or device and transmitting certain hardware information directly to Microsoft.

In the continuing research on the Microsoft and Firefox issue, I came across a story about how Microsoft adCenter doesn't work correctly with Firefox.

According to the article, Microsoft's response to the problem was "switch to IE6".

What a surprise.

The Story Continues

In yesterday's post, I wrote about the recent dubious claims of Firefox security holes. Today I've found some additional reading on the subject.

As mentioned in the article titled Firefox Flaw a Hoax, Admits Speaker, these Firefox vulnerability announcements at a Microsoft-sponsored hacker convention were not factual:

"The main purpose of our talk was to be humorous," admitted Mischa Spiegelmock, in a statement made through Mozilla.org this afternoon.

"As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

"I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code," Spiegelmock added.

As the article points out, the bio for the other perpetrator states that "Andrew Wbeelsoi ruins things on the Internet professionally."

It was recently disclosed that Firefox has critical security vulnerabilities:

The flaw is specific to Firefox's implementation of JavaScript, a 10-year-old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."

[...]

The hackers claim they know of about 30 unpatched Firefox flaws. They don't plan to disclose them, instead holding onto the bugs.

Impossible to patch? The hackers won't disclose the bugs?

A follow up article sheds some interesting light on the subject:

But Spiegelmock has now backpedaled on those claims. In a statement provided to Mozilla, which coordinates development of Firefox, Spiegelmock said that the computer code displayed during the presentation does not fully compromise a PC running the browser.

"I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code," he wrote in the statement, which was posted on Mozilla's Web site on Monday.

[...]

He pinned the claim that the hackers know of 30 yet-to-be-fixed flaws in Firefox entirely on his co-presenter, Wbeelsoi. "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not," Spiegelmock wrote. Wbeelsoi could not immediately be reached for comment.

As mentioned in comp.os.linux.advocacy, it should be noted that the conference where these dubious claim were made was sponsored by Microsoft: