 |
Over the last week there have been a number of reports of automated SQL injection attacks on Web sites running Microsoft’s flagship IIS Web server. The Washington Post’s Brian Krebs summarizes them nicely in Hundreds of Thousands of Microsoft Web Servers Hacked.
If there is any good news in this, it is that the server modifications so far only amount to the addition of a Javascript malware loader on site Web pages. While this loader will infect unpatched browsers (and apparently RealPlayer and Yahoo Instant Messenger), the browser holes that it exploits are not new and patches have previously been made available. The status on RealPlayer and Yahoo IM is currently unclear.
It isn’t entirely clear whether there is actually a vulnerability in IIS or it’s just the usual problem of Web programmers not sanitizing user input, but Microsoft has issued a security advisory (951306) with workarounds.
Update: Microsoft’s Bill Sisk says that the problem is due to poor Web programming practices and not any IIS vulnerability and also that security advisory 951306 is for a different problem.
Steve Ballmer’s three week ultimatum to Yahoo’s board of directors to accept the Microsoft acquisition offer passed yesterday with no comment from Yahoo or specific action from Microsoft to carry out the threatened reduction of the offer amount and proxy fight. The next episode in this soap opera is expected early next week and predictions range from Microsoft withdrawing their offer to a full out hammer and tongs proxy battle. The most telling commentary however is likely the desire of Yahoo employees to take the money and Microsoft employees to forget about the whole thing.
As recently as 2 years ago Microsoft was still persuading partners to ship SPOT watches using their MSN Direct specialized FM radio broadcast service, but that has all come to an end:
As of recently, the Smart Watches with MSN Direct have sold out and are no longer for sale. While we continue to move forward with MSN Direct and seeking out new opportunities for devices that would benefit from the MSN Direct service, we, along with our watch partners, do not have immediate plans to create a new version of the Smart Watch, as we are focused on other areas of our business. We will maintain support of our watch customers and continue to deliver information to the watches, but we do not plan to increase our investment in the watch business going forward.
Those other areas are MSN Direct for GPS navigation devices and MSN Direct for Windows Mobile where the form factor is more amenable (the watches had to be recharged every few days) and in fact, the Windows Mobile variant doesn’t even use the FM broadcasts. However, if you are still pining for dubious geek chic, there’s still a Melitta coffee pot.
Henry Blodget provides a succinct summary of today’s Yahoo quarterly earnings release:
Yahoo has done what it needed to do: report a solid quarter in the high end of the range. The results were not a blow-out and certainly could have been higher. However, they should be enough to allow Yahoo to maintain its current Microsoft stance: no deal unless you raise price. Yahoo has not decided whether to pursue Google outsourcing deal, but clearly still on table.
To make it even more succinct: Nothing’s changed.
