Microsoft yesterday declared that a technique to delay Vista's activation as long as a year just "doesn't work." The researcher who published the activation extension claimed otherwise. "A quick analysis determined that this purported workaround doesn't work," said Alex Kochis, senior product manager of Windows Genuine Advantage (WGA), in an entry on the team's blog.
Microsoft today blamed Xbox Live network account hacks on users' gullibility, but evidence shows that in some cases the gaming service's own support staff could be unwittingly helping hackers snare players' identities.
Responding to reports of account theft on Xbox Live that surfaced this week after security researcher Kevin Finisterre -- of "Month of Apple Bugs" fame -- went public with how his account was pinched, Microsoft today said it had wrapped up its investigation. It was only yesterday that Microsoft announced it had begun looking into the thefts.
Microsoft said Wednesday it's investigating reports of fraudulent activity on the Xbox Live network.
Reports of hackers breaking into Xbox Live accounts and making off with users' points and information have been swirling around the Internet. The accounts are connected to Microsoft's Windows Live ID service.
For the second time in five weeks, information about a key upcoming Microsoft product has come to light because of a presentation placed on the company's website by an employee in Denmark. According to a PowerPoint presentation created by a technical staffer at Microsoft Denmark, the software vendor plans to invest in four major areas in the next client version of Windows after Vista, which has been dubbed Windows Vienna. Microsoft has already begun working on its next OS, and one executive indicated last month that the company hopes to ship the follow-on during 2009.
Microsoft last Thursday acknowledged poor test results of its OneCare antivirus software, but promised it would do better by paying more attention to malware actually in the wild.
A Windows component designed to help disabled users could serve as a backdoor for unauthorised system access, according to a security expert.
McAfee researcher Vinoo Thomas said in an article posted to the company's security research blog that the StickyKeys function in Windows Vista and XP can be exploited to allow a user to bypass the login system.
StickyKeys allows users to enter key combinations without having to hold and press keys simultaneously. It is launched by pressing the 'shift' key five times in succession.
Security company Kaspersky claims that Vista's User Account Control (UAC), the system of user privileges that can be used to restrict users' administrative rights, will be so annoying that users will disable it.
Microsoft may not have any formal security bulletins to release , but there are still a few new versions of some security-related tools for IT administrators to view. For IT shops that have completed their daylight-saving time patching, this might be a good week to look into the Windows Malicious Software Removal Tool, which is getting its regular once-a-month update. The security software is currently at version 1.27.
Forget what Microsoft says about Vista being the most secure version of Windows yet. More to the point, what do the hackers think of it? In a nutshell, they think it's an improvement, but at the end of the day, it's just like everything else they dissect?that is, breakable.
"Not all bugs are being detected by Vista," pointed out famed hacker H.D. Moore. "Look at how a hacker gets access to the driver: Right now I'm working on Microsoft's automated process to get Metasploit-certified. It [only] costs $500."
Hackers are starting to agitate for Microsoft to start paying for information on security flaws found in its software products.
