[ISN] Gates fussy over security in Sydney

[InfoSec News]

http://www.theage.com.au/articles/2004/06/28/1088274658575.html

By Nathan Cochrane
June 28, 2004

Years spent battling Washington have left an impression on Bill Gates.

The Microsoft co-founder and one of the world's richest men is in
Sydney today for a press appearance so tightly scripted and controlled
it could have been orchestrated by US President George W. Bush's media
office.

A tactic the Bush camp uses - and which Mr Gates will adopt - is to
stifle discussion by accepting just one question from each reporter.

Also like a visiting head of state, Mr Gates will share a podium with
Prime Minister John Howard for a stage managed pre-election publicity
photo opportunity. The two will join charity groups to launch a scheme
that puts computers running the company's software within reach of the
disadvantaged.

Similar schemes running free software and donated recycled PCs have
operated for the last decade without such high-profile backing or
funding.

Mr Gates borrows another play out of the US President's Secret Service
manual, requiring all journalists to submit their passports for
verification prior to entry, and then locking them inside a hotel
meeting room where the conference will be held.

At least the assembled do not have to submit their retinas or
fingerprints for scanning - possibly because Microsoft can't come to
grips with good security.

Despite launching its "Trustworthy Computing" campaign two-and-a-half
years ago, secure IT systems still elude the world's biggest software
maker. Roundly criticised by computer security experts as little more
than a marketing ploy, Microsoft's plan to secure every PC in the
world that runs its software never got on the rails.

Following years of almost weekly security stuff-ups, last month the
company back-flipped on a promise to release critical security updates
to those it alleges have pirated its PC operating system, the
ubiquitous Windows. Microsoft was roundly condemned by security
experts for what will, in effect, remove a software "condom" from the
internet, laying at risk all users.

And then last Friday, websites running Microsoft's Internet
Information Server - software that delivers usually corporate web
pages to surfers - suffered what may be the company's most
embarrassing glitch to date. A "trojan horse" program variously called
"Download.Ject'', "Scob'' and "Toofer'' that, like the warriors of
Homer's epic who hid inside an innocuous outer shell only to wreak
havoc once brought inside, hopped from one site to the next exploiting
security lapses in Microsoft software that could lead to theft of
confidential information such as credit card details.

Anyone visiting a compromised website had everything they typed copied
to a computer in Russia, researchers said. The exploit, which
Microsoft and independent researchers gave the highest threat-level of
"critical", short-circuited most security precautions on both the
infected corporate server and on the surfer's PC.

The hacker's server was shut-down at the weekend by Russian law
enforcement, but the perpetrators remain at large.

Those running the market-leading open source Apache web server, who
use desktop operating systems such as Mac OS X or GNU/Linux, or
Windows web browsers other than Explorer (such as Opera or Mozilla)  
were inoculated from the virus.