Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Researchers say that Microsoft is patching Windows 8 but not 7

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 9, 2014

Click here to order the best dedicated server and at a great price.

Microsoft has reportedly left Windows 7 exposed by only applying patches to its newest operating systems, Windows 8.

Internet security researchers discovered the flaws after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in Windows 7.

They said that the shortcoming could lead to the discovery of zero day security vulnerabilities.

The missing safe functions were part of Microsoft's dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks.

Researcher Moti Joseph speculated that Microsoft had not applied the fixes to Windows 7 to save money.

"Why is it that Microsoft inserted a safe function into Windows 8 but not Windows 7? The answer is money-- Microsoft does not want to waste development time on older operating systems and they want people to move to higher operating systems," Joseph said in a presentation at the Troopers 2014 Conference.

Microsoft has been contacted for comment, and we are still waiting to hear from the company. Together with malware analyst Marion Marschalek, the two researchers developed a capable tool dubbed DiffRay which would compare Windows 8 with 7, and log any safe functions absent in the older platform.

"It was scary simple, Marschalek said, and it was also faster than finding security vulnerabilities by hand," he added.

Security technicians could then probe those functions to identify the vulnerabilities and various exploits that could be done by potential hackers.

In a demonstration of DiffRay, the researchers found four missing safe functions in Windows 7 that also were present in 8.

"If we get one zero-day from this project, it's worth it," Joseph said. Future work will extend DiffRay's capabilities to find potential security vulnerabilities in Windows 8.1, add intelligence to trace input values for various functions and then incorporate even more intelligent signatures used to find potential security flaws. Duplicates and abundant false positives in the current version would also be ironed out.

In other internet security news

Microsoft said earlier today that it's planning to deliver at least seven security updates June 10 in its scheduled Patch Tuesday update next week.

Microsoft has posted its advance notification for the upcoming security release, which it said will consist of two critical security bulletins and five others rated as important.

According to the software giant, the critical update will address a pair of remote code execution flaws and will be considered a top deployment priority for Windows, Windows Server, Internet Explorer, Office, and Lync.

The first bulletin addresses critical security issues in Internet Explorer, while the second addresses one or more flaws in Microsoft Office and Lync (excluding Lync Server).

As is usually the case, Microsoft does not post specific details on the security vulnerabilities until after the patches have been released.

All currently supported versions of both client-side Windows and Windows Server will receive at least one bulletin rated as critical, although the Internet Explorer bulletin is considered a lower priority on Server systems where the browser is less likely to be accessible to an attacker.

Users and system administrators running Windows Vista, Windows 7, 8, 8.1, and Windows RT should consider both bulletins critical fixes and top priorities for testing and deployment.

As usual, both patches will require a reboot after their installation. The five remaining bulletins will include security bug fixes for one or more remote code execution vulnerabilities in Office, an information disclosure flaw in Windows, information disclosure issues in Lync Server, a denial of service fix for Windows, and finally, what Microsoft described as a "tampering" vulnerability in Windows.

Microsoft said that it will post the June security updates on Tuesday, June 10 at approximately 10:00 PDT. Users who have automatic updates enabled will receive the security releases directly.

However, not listed in the update is Windows XP. Microsoft has ended security update support for that version of the OS, despite it's still running on more than 27.5 percent of all PCs.

While users in Germany have come with an expensive registry hack to keep XP systems receiving updates, most users would probably be better served updating their systems and getting the additional security protections of Windows 7, which has been around since October 2009.

In other internet security news, a website that supposedly holds the cryptocurrency Dogecoin in conditions of optimal security, has gone offline.

The site now publishes the following message-- ``Notice: We apologise for the downtime, a press release will be posted here within 24 hours. Please do not transfer any funds to Dogevault addresses while our investigation is under way. Email for any enquiries.``

Then, at 8.27 AM EST the following message was posted-- ``Announcement: On May 11, 2014, the Doge Vault online wallet service was compromised by attackers, resulting in a service disruption and tampering with wallet funds. As soon as the administrator of Doge Vault was alerted, the service was halted.``

``The attackers had already accessed and destroyed all data on the hosted virtual machines. We are currently in the process of identifying the extent of the attack and potential impact on user's funds.``

``This involves salvaging existing wallet data from an off-site backup. We will also closely be investigating potential attack vectors, and determining the security breach which enabled the attacker's to compromise the service in the first place.``

``Please do not transfer any funds to Doge Vault addresses while our investigation is under way. Thank you for your patience-- we will issue an additional statement including our findings and plan of action within the next 24-48 hours. Email for any enquiries. Doge Vault.``

After Bitcoin's Mt. Gox went bankrupt not so long ago, now some observers are wondering if the same fate could happen to Dogecoin. And you can't blame them for thinking along those lines.

Speculation is rife in posts like a Reddit missive that the site was hacked, taking with it at least 950,000 Dogecoins. Another report suggests up to 111 million Dogecoins seem to have mysteriously appeared in a “mega wallet” linked to Dogevault.

With the Dogecoin to the US dollar exchange rate running at about 1000:$0.46, that's about $51,000 hardly the millions suspected to have evaporated from Bitcoin exchange Mt Gox but still a nasty lot of cryptocash to lose, nevertheless.

If Dogevault has indeed been fatally compromised it will make it harder to sustain cryptocurrency enthusiasm. Whatever the upsides of the concept, security of some participants clearly needs to be tightened, and in a very big way.

Microsoft's security department said yesterday it will release no less than eight security updates next Patch Tuesday to stop remote-code execution bugs in Windows and Internet Explorer, among other various security bugs.

Meanwhile, Adobe will issue new versions of Acrobat and Reader for this month's Patch Tuesday as well, so May 13 will be a busy day for system admins and IT departments everywhere.

Two of the security updates from Microsoft are rated as very critical because they allow miscreants to execute code from vulnerable systems from afar-- the Windows operating system from Server 2003 to Windows 8, web browser Internet Explorer 6 to 11, and some SharePoint-related software, are all at risk, Microsoft warns.

The other six updates are labelled important-– one is a remote-code execution hole, four lead to privilege escalation and one allows hackers to bypass security protections altogether.

The affected software includes Microsoft Office 2007 to 2013, Windows and the .NET Framework.

As is always the case, Microsoft holds off documenting the security vulnerabilities in further detail prior to the patch release for obvious reasons.

The May 13 security release will be the first in more than 10 years to not include any bulletins for Windows XP.

The outdated operating system was officially retired from support by Microsoft on April 8, though subsequent exploitation of flaws in the OS by miscreants has forced the company to issue an out-of-band update, nevertheless.

Adobe, meanwhile, will issue an update for four versions of its Reader and Acrobat software. The Adobe fix will address critical security flaws in both the Windows and OS X versions of Reader and Acrobat 10 and 11.

Users and system administrators are well advised to test and deploy all of next Tuesday's security patches as soon as possible or risk falling victims to exploits targeting the newly disclosed security vulnerabilities.

In other internet security news

Online marketing and URL-shortening firm has warned its users that its system has been hacked into by unknown parties and then urged that its users change their passwords as soon as possible.

In a security advisory, the company says-- "We have strong reasons to believe that Bitly account credentials have been seriously compromised but that we have no indication at this time that any accounts have been accessed without permission."

The company also promises that it has "already taken proactive measures to secure all paths that led to the compromise in the first place, and then ensure the security of all account credentials going forward."

However, don't get too comfortable. strongly encourages its users to employ OAuth to link their accounts with Facebook and Twitter.

As an additional layer of safety, the firm has severed those links to stop account hijacking and to help prevent another potential attack.

It's high time to change those passwords and even if you can't recall signing up for it may be worth checking to see if you ever linked your social media accounts to the service.

For its part, OAuth makes it relatively easy to make such links, and also a breeze to forget you ever did so.

In other internet security news

Personal data describing over 1.3 million customers of Frech ISP Orange has been stolen in the second hack attempt to hit that provider this year alone. And now customers are really starting to wonder in droves.

Overall, hackers made off with subscriber names, dates of birth and phone numbers of about 4.9 percent of the ISP's whole subscriber base.

Orange-France said hackers accessed data used for its email and SMS marketing campaigns but did not disclose how the April 18 breach was executed.

Worse, it took almost three weeks since the initial discovery of the breach to probe for security vulnerabilities and then analyse the extent and nature of the stolen data.

In a statement, the company said the stolen information could be used to phish subscribers using email, SMS and phone calls.

Customers took to the telco's Facebook page to express their anger over the breach with some receiving phishing emails relating to bounced invoice payments.

Orange France confirmed that it did not ask for bank details via email or SMS but it was unclear if the phishing attacks were related to the breach or not.

These hacking attacks came a little over two months after over 800,000 customer details were stolen by hackers raiding the telco's 'My Account' page. Criminals made off with names, email and street addresses, customer IDs, and phone numbers.

In September 2013, hackers attacked Vodafone in Germany making off with names, addresses and bank details of over two million subscribers. It now appears that Europe is a breeding ground for phone and computer attackes of various types.

In other internet security news

US Casino operator Affinity Gaming has had its credit card processing system hacked into for the second time in less than a year.

The Las Vegas-based company said that hackers were successful in breaching a system in April that processed customer credit and debit cards, but that it had no evidence at that time that cards were compromised.

"Affinity Gaming and its IT experts indicate that no credit card data was stolen after late afternoon April 28, 2014," it said in a statement.

Affinity Gaming, which ran eleven casinos across four U.S. states, recruited security consultancy firm Mandiant to investigate the security breach.

It did not say how many customers may be affected, however. The security breach comes after the company's payment systems were hacked into last year with up to 300,000 credit cards compromised.

Worse, hackers had maintained full access to the payment systems between March and October 2013. Black hats also owned payment systems operating at a gas station run by parent company Terrible Herbst.

In Febuary 2014, the websites of several Las Vegas casinos were also defaced after Sheldon Adelson suggested the United States bomb Iran.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: Moti Joseph, security researcher.

Click here to order the best dedicated server and at a great price.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.