05.30.09

Microsoft Windows as Matter of National Insecurity

Posted in Microsoft, Security, Windows at 2:34 am by Dr. Roy Schestowitz

Lock

Summary: Security news roundup

THE United States military is repeatedly being invaded by crackers (example from December). This is caused by the use of Windows and the latest incident too alludes to the failure of anti-virus software, which gives clues away.

Anti-U.S. Hackers Infiltrate Army Servers

[...]

The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.

When foreign enemies enter your premises and access your data — especially in an age of modern warfare — this can be critical. As the following new article from The New York Times suggests, choice of software and its maintenance can determine winners or losers in a dispute or even war. Weapons become digital.

The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare.

[...]

“It’s the domestic spying problem writ large,” one senior intelligence official said recently. “These attacks start in other countries, but they know no borders. So how do you fight them if you can’t act both inside and outside the United States?”

Looking elsewhere in the news, Microsoft now acknowledges that its software is under attack and there is no patch available to fix this. Coverage includes:

The Register: Critical Windows vulnerability under attack, Microsoft warns

Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines.

Heise: Microsoft warns about critical DirectShow vulnerability

Microsoft has found a critical vulnerability in the DirectX library for Quicktime video playback, and it appears that the flaw is now being actively exploited. The software giant has issued a security advisory which contains quite detailed information about the vulnerability.

It is rather surprising that the Obama administration even considers Windows for its operations, especially gives that the army is moving from Windows to GNU/Linux (mostly Red Hat), for security reasons at the very least. Todd Bishop makes the following new claim:

Obama reforming online security

[...]

The government report (PDF) cites Microsoft repeatedly, but not in a bad way. Instead, it refers to testimony and research from the Redmond company to back up its contention that sweeping changes are needed in government coordination.

Given that Microsoft — with help from its front, the BSA — put its staff on top of the Department of Homeland Security [1, 2, 3], such an outcome should not be so shocking. In fact, given the lobbying and pressure Microsoft puts on the Democrats [1, 2, 3, 4, 5, 6, 7, 8], decisions that are driven by favours rather than rationale are only to be expected.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

  1. Needs Sunlight said,

    May 30, 2009 at 6:56 am

    Gravatar

    Should be easy to trace. Any government purchases, especially for the military, have a paper trail in triplicate. The individuals involved in bringing MS products onto the military bases are going to be clearly documented so prosecution can begin any time really.

    Look at just a single Windows worm, conficker, which in its first months has done over 9.1 billion dollars in damage:

    http://www.tgdaily.com/content/view/42101/108/

    and it is still growing, even at Microsoft. The company itself still has infections, which puts a bullet in the myth that the company’s products can be secured if one “knows enough”

    http://www.networkworld.com/news/2009/052109-conficker-still-infecting-50000-pcs.html

    Even a teeny Windows worm like Slammer/Sapphire caused over a billion in cleanup.

    To add the personal factor to it, MS products have gotten shoved into hospitals and been causing major outages there on a frequent basis. Just for the sake of argument, if you say that there are 1500 hospitals with MS products and they go down twice each and one death results per outage, you have 3000 deaths.

    Deaths + Lost money = air strike

    We have the Internet’s equivalent of Osama bin Laden walking around on free foot: leader and a group costing tens of billions in unnecessary economic harm, plus thousands of direct and indirect deaths, per year all because of an ideology. Why is the military not even begining to move against the headquarters, the ringleaders or henchmen? Or is it a larger job requiring NATO to get involved? Or is this a case where the regional, unofficial militia need to rise to the occasion?

    That is not counting the economic harm caused by egregious, apparently intentional, failures in interoperability — even within the product line…

    Nor does it count the mafia style activities which keep the market from cleansing itself of these types.

    Get rid of MS products and tens of billions are saved immediately on just the malware problem. The savings easily cover the cost of any conversion or migration issues. The only loose end is finding a place in society for MSFTers so that they are not in a position to cause any more damage. Like an embezzler can’t work in accounting, a junky in a pharmacy and a pedo in daycare, MSFTers can’t stay in IT. The temptation for recidivism is too high as we see in Ohloh and other farces.

  2. Needs Sunlight said,

    May 30, 2009 at 7:37 am

    Gravatar

    For what it’s worth, the quick way to deal with the DirectX exploit is to stay with the established industry standard, OpenGL

    http://www.opengl.org/documentation/

    That includes watching out for traps like Picasa which use helper tools like Wine as vectors to spread DirectX vulnerabilities even to other platforms.

What Else is New


  1. Links 24/11/2020: Linux 5.9.11, Istio 1.6.14 and LibreOffice 7.1 Beta Released

    Links for the day



  2. Lots of Good News Today

    A quick roundup of news and key developments; most of them are positive and they give us hope



  3. Massive Collective Action Begins at the European Patent Office Today, Demanding Change and Forewarning the Management (Litigation)

    The financial "hoax" at the EPO (taking away money from staff to feed a gambling addiction of managers) needs to stop; staff has begun mass-mailing the management, threatening legal action



  4. EPO Management is Still Distracting From the 'Elephant in the Room' by Corrupting Media and Academia

    Under the EPO's dictatorship the law is being routinely violated; in order for the public to not pay attention or receive mixed messages (resulting in confusion) the EPO is manufacturing so-called 'studies' (which patent offices aren't supposed to do; they should focus on patent-granting while complying with the law)



  5. EPO's Central Staff Committee on Latest Meeting With Office Dictator: “No Meaningful Discussion Could Take Place.”

    Whilst allegedly preparing legal action the staff representatives at the EPO report on the lack of progress after so-called 'dialogues' (merely a false impression of consultation)



  6. Growing Concerns That EPO Staff Has Been Placed Under de Facto House Arrest by an Entirely Unaccountable Office

    "House arrest" is excessive and disproportionate. So says the Central Staff Committee of Europe's second-largest institution (which surprisingly enough the media is failing to properly study and investigate) as it highlights yet more human rights violations.



  7. IRC Proceedings: Monday, November 23, 2020

    IRC logs for Monday, November 23, 2020



  8. Internal Error: Unified Patent Court and Unitary Patent Incompatible With the Constitution and Basic Laws

    The FFII has issued a statement for Members of the Bundestag, Members of the European Parliament, Members of the Council, German Presidency of the EU, Chancellor Merkel, Commissioner Von Der Leyen, Commissioner Reynders, and Battistelli's buddy Breton



  9. The EPO is Using Hype Wave and Buzzword to Promote Illegal Software Patents in a So-Called “Digital Conference”

    The "HEY HI" or "AI" hype is misused by the Office; not just in person but also in webstreams, which basically serve as a vehicle for illegal agenda



  10. Dutch Delegation and German Delegation at the Administrative Council of the EPO Upset at the Office for Secrecy, Working Behind the Scenes to Crush Productive Staff

    Less than halfway through his term at the Office, Battistelli's buddy already faces growing criticism and, according to the Central Staff Committee, he "was emotionally affected by the intervention such that he was not able to effectively reply to the questions of the delegates."



  11. Links 23/11/2020: GNU Guix 1.2.0, Evaluating Precursor’s Hardware Security, Kdenlive 20.08.3, Kodi 19.x Beta, Vulkan 1.2.162

    Links for the day



  12. Links 23/11/2020: Linux 5.10-rc5, GIMP Turns 25, 4MLinux 34.2, Escuelas Linux 6.11, MPV Player 0.33

    Links for the day



  13. How to Put on Airs of Professionalism Like a Boss

    "Boardroom suits are not meant to be flashy, but to conform. Simple lines and smart ties -- the opposite of what Richard Stallman would wear, show that you are either a well-machined cog or a serious adversary."



  14. IRC Proceedings: Sunday, November 22, 2020

    IRC logs for Sunday, November 22, 2020



  15. Legal Action at the European Patent Office (EPO) Leveraged Against Management... for Robbing EPO Staff and Robbing Europe, by Extension

    The EPO is being looted for its value; the staff is rightly concerned and there’s legal action on the way, filed reluctantly as there’s clearly no other option (a last resort/necessary recourse)



  16. Cory Doctorow at Privacy Week 2020 on DRM, Freedom/Software Freedom, Regulation, Etc.

    “We Used To Have Cake, Now We’ve Barely Got Icing” by Cory Doctorow.



  17. Links 22/11/2020: KaOS 2020.11, Calindori 1.3, KStars 3.5.0

    Links for the day



  18. New Position Paper on the Unified Patent Court (UPC) Says It's “Not the Best Solution for Europe” -- Clearly an Understatement

    UPC proponents (profiteers) aren't enjoying support anymore; not only has progress stalled (come to a complete stop) but the whole debate about the UPC (or anything conceptually like it) turned toxic and negative because facts come out, overriding lobbyists of litigation giants



  19. Mortality Rates Increase at the EPO and Christmases (or Holidays) During Corona Mean Fewer Days Off

    There's still no sign (other than hand-waving and empty gestures/smiles) that the EPO's management wishes to right the wrongs and undo the damage done over the past decade or so; in some ways, today's management is worse than ever before (grossly incompetent and eager to break the law at every turn)



  20. Newly Abnormal: A Crackdown on EPO Staff and Labour Rights in 'Survey' Clothing (Willis Towers Watson)

    In a very characteristic fashion, with zero consultation/input from staff (or staff representatives/union leaders) EPO President António Campinos proceeds to implementing illegal ‘reforms’, assuring any remaining non-sceptics that he’s just another Benoît Battistelli



  21. IRC Proceedings: Saturday, November 21, 2020

    IRC logs for Saturday, November 21, 2020



  22. [Meme] Good Advice From the FSF, So It's Time to #DeleteGitHub

    A good gift for the FSF would be git; not GitHub, but git



  23. Go Distributed, Go Encrypted, Go Secure, Transparency Still Possible

    Earlier today we enhanced access to our (sometimes anonymised) IRC logs by issuing text (ASCII) versions, which will from now onwards be a nightly/daily occurrence; we're also making everything we publish accessible from a large number of IPFS nodes (akin to P2P)



  24. IAM Celebrating and Glorifying Illegal Patents With Fake 'Awards' and Bogus 'Endorsements'

    IAM's fake 'awards' are nothing more than business and agenda-steering lies; it's time to call out again the real corruption that's driving IAM (which is itself supporting and advocating corruption)



  25. Been There, Done That: Team UPC's 'October' Becomes 'Early November' and Now Late November

    The self-serving litigation fanatics who mislead their customers are still at it; Bristows says that UPC has no issues other than “delay”



  26. The Only Real Dialogue the 'European' Patent Office is Having... is With Litigation Parasites, Even Foreign Ones

    The EPO's mask falls off again, revealing a ruthless herd immunity-like mentality that welcomes patent trolls, threatens/condemns actual scientists, harms Europe and basically does a disservice to everybody



  27. Inside the EPO During Corona: SUEPO (EPO Staff Union) and the Central Staff Committee Blast the Office for Illegal Practices and Threaten Legal Action

    The Staff Union of the European Patent Office (SUEPO) and the Central Staff Committee (CSC) are escalating their tone; the management of the Office and the Organisation is running out of time as staff loses its patience and its tolerance for the repeated abuses by the administration



  28. IRC Proceedings: Friday, November 20, 2020

    IRC logs for Friday, November 20, 2020



  29. Links 21/11/2020: Coreboot 4.13, EasyOS 2.5, Wine 5.22, Gmusicbrowser 1.1.16

    Links for the day



  30. Links 20/11/2020: Xfce 4.16pre2 and Qt Releases

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts