01.15.10

Microsoft Flaws — Not Adobe Flaws — Responsible for China’s Attack on Google; Microsoft Takes China’s Side, as Usual

Posted in Asia, Google, Microsoft, Security, Windows at 3:36 pm by Dr. Roy Schestowitz

Summary: Microsoft’s very special relationship with another suppressive entity and the blame games in China’s crack attack

LAST NIGHT we showed that Microsoft Windows zombies were responsible for the attacks on Google. There are hundreds of millions of such zombie PCs and according to IDG, “DDoS Attacks Are Back (and Bigger Than Before)”

Distributed denial-of-service (DDoS) attacks are certainly nothing new. Companies have suffered the scourge since the beginning of the digital age. But DDoS seems to be finding its way back into headlines in the past six months, in thanks to some high-profile targets and, experts say, two important changes in the nature of the attacks.

The targets are basically the same — private companies and government websites. The motive is typically something like extortion or to disrupt the operations of a competing company or an unpopular government. But the ferocity and depth of the attacks have snowballed, thanks in large part to the proliferation of botnets and a shift from targeting ISP connections to aiming legitimate-looking requests at servers themselves.

IDG also shows that the attack on Google relies on Microsoft flaws (page rendering as malicious execution and the notion of clicking attachments to execute data files). “Adobe may be off the hook,” says this report:

IE Exploit Used to Launch Chinese Attacks on Google

[...]

Early speculation focused on the Abobe Reader zero-day exploit as the source of the Chinese attacks on Google and other corporations earlier this week, but Adobe may be off the hook–or at least share the blame. Microsoft has determined that an unknown flaw in Internet Explorer was one of the holes used to launch the attacks which have led to Google threatening to shut down its Chinese operations.

To Google, there is no real solution here; to leave China would be a case of staging a protest, but it would neither secure Google nor be practicable.

Here’s an interesting scenario: If Google does stick to its guns and leaves China because the country continues to insist on censoring web search results and blocking websites, will it also pull Android cellphones from the Chinese market?

Let’s not forget that Google relies on cheap Chinese workforce to make its profitable products (like phones and appliances). The West is generally far too dependent on Chinese labour and export.

Microsoft — not surprisingly — has no problem with what China is doing and as IDG’s Erik Larkin puts it, to Microsoft it’s just another technical case of patches (never mind if exploiters/crackers are supported by the Chinese government). Microsoft does not even address the problem immediately, so in the mean time it just externalises the costs, also to Google and Google’s clients.

Ballmer: Microsoft Will Stay in China

Microsoft does not plan to follow Google’s lead in pulling out of China, the software giant’s CEO told news outlets on Thursday.

Like China, Microsoft China disregards copyright law and Microsoft has special relationships in China. McCain (of the Republican party) comes to mind here; Bill Gates is a friend of the China regime and McCain recommended Steve Ballmer for the Chinese ambassador position. Microsoft and China are similar in many ways; neither tolerates contest and they both repress clients/citizens. Microsoft removes its competition — including GNU/Linux and Apple — from search results, as systematically proven before.

One of our readers, who is more of a hardliner by some people’s judgment, wrote to us the following:

Contempt, perjury or treason?

http://www.theinquirer.net/inquirer/news/…
http://news.cnet.com/China-looks-into…
http://www.maximumpc.com/article/…

Add to that the incident where Gates intercepted China’s President Hu, which Hu went along with, on his first official visit in office to the United States.

http://windowsitpro.com/article/…

Maybe Gates’ recent visit to the Whitehouse was about pleading for his life more than about begging for a too-big-to-fail corporate welfare handout.

http://www.theregister.co.uk/2000/…
title=”http://www.aaxnet.com/news/M000714.html
http://windowsitpro.com/article/articleid/18007/…
http://www.dailymail.co.uk/news/article-…
http://www.cnn.com/2007/US/11/30/china.us/…
http://www.navytimes.com/news/2008/01/…

Seriously, could Osama bin Laden himself arranged better? If it doesn’t beat all that Gates and his minions aren’t even hiding in caves. The perpetraitors {sic} are still on free foot and even getting puff-pieces in the media. There is some corrective action:

http://mae.pennnet.com/display_article/…
http://www.fcw.com/Articles/2008/03/06…

There are at least three sides to the cyberwar that started last year: China, Microsoft and the US. The first two appear to be in an uneasy aliance to bring down the third after which the first will easily take down the second.

More thoughts would be welcome. Views are not being suppressed.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

8 Comments

  1. Yuhong Bao said,

    January 15, 2010 at 4:40 pm

    Gravatar

    “Microsoft Flaws — Not Adobe Flaws”
    It is MS AND Adobe flaws, and Google isn’t the only one attacked by China, BTW.

    Roy Schestowitz Reply:

    I didn’t say it was only Google (see yesterday’s post) and IDG says it’s IE/Windows.

    Yuhong Bao Reply:

    OK, I have read the source, and I know what it is coming from now, and I know the logic behind it. I am thinking of posting it as a comment to the original source too. AFRIK often targeted attacks like this one use multiple exploits.

    Roy Schestowitz Reply:

    Flaws are a complicated issue but monoculture helps it a lot.

  2. Yuhong Bao said,

    January 15, 2010 at 4:45 pm

    Gravatar

    “(page rendering as malicious execution and the notion of clicking attachments to execute data files)”
    Is the latter really a Microsoft flaw? In fact, the former is not really a MS-specific flaw, it is just in this case it happened in MS code, so MS can indeed be blamed.

    Roy Schestowitz Reply:

    In UNIX/Linux, execution is very restricted. See the recent flamewar at Fedora.

    Yuhong Bao Reply:

    OK, I get that UNIX has an execute permission bit, and that it is indeed a real advantage over Windows that you could point out.

    Roy Schestowitz Reply:

    Here is Nicholas Petreley’s excellent report on the subject:

    http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/

What Else is New


  1. Release: Early Letters and Documents About Financial Hoax Disguised as EPO 'Study'

    It was over a year ago that staff representation at the EPO expressed concerns about what would later enrage workers — seeing that based on unscientific fabrications the EPO would take away what had been promised to them



  2. IRC Proceedings: Sunday, November 29, 2020

    IRC logs for Sunday, November 29, 2020



  3. Managing IP: Puff Pieces Galore for the EPO's Dictatorship (Complete With Buzzwords and PR Stunts)

    By giving a platform to notorious patent trolls and ‘engaging’ with the EPO‘s dictator (whom only 3% of EPO staff trusts) Managing IP is sort of giving away its real agenda, which isn’t journalism but conducting or assisting misinformation campaigns



  4. Links 29/11/2020: Genode OS Framework 20.11, Linux 5.11 Kernel Changes, and Latest in KDE Itinerary

    Links for the day



  5. Sincere Thoughts About Outreachy

    Outreachy's role in the Free software community and inclusion in the FSF's High Priority Projects, as seen from the eyes of a female coder from a minority group; she used to work for the Free Software Foundation (FSF) and she expresses concerns about what Outreachy has become



  6. Free Software Under Tyranny of Codes of Conduct as the Western Equivalent of Blasphemy Law (Corporations as the New Religion/Sponsors as Deities)

    The free speech crisis in Free software communities has enabled expulsion of opinionated people whose opinions truly matter; in their place we now have companies that bomb people, sometimes even kidnapping children and sterilising women because nothing says “Ethics” like naked fascism and corporate domination everywhere



  7. Release: 4 More Documents and Letters About the Financial Siege at Europe's Second-Largest Institution

    Documents disputing the accuracy of the "hoax" from António Campinos and the Mercers



  8. One Year Ago: The Last EPO Demonstration Before COVID-19

    About a year ago staff of the EPO apparently had its last protest (in front of the Isar building) before staff got ‘herded’ into homes, where workers became more isolated and even illegally spied on



  9. [Meme] Unified Patent Court Agreement (UPCA) is an Attack on Europe and the European Businesses That Don't Do Litigation

    Litigation lawyers and patent zealots want to set Europe ablaze with legislation that they themselves crafted; thankfully, however, they face constitutional obstacles, no matter how many politicians they bamboozle and buy



  10. Reasons EPO Staff Decided to Go on Strike This Year (Before or Until Coronavirus Prevented It)

    An year-old letter from the Staff Union of the European Patent Office (SUEPO) to the President of the EPO; 7 reasons for going on strike are enumerated



  11. EPO Can Save Money by “Dropping Events Like the Inventor of the Year, Reducing the Number of Managers, Throwing Less Money at Consultants or Bringing the Boards of Appeal Back into Office Buildings.”

    Constructive suggestions from EPO staff, made just over a year ago and assembled into a letter to their EPO colleagues



  12. The Real Fate of the UPC 'Stunt' in Germany Will be Known Next Month (or Next Year) and There Are Substantial Constitutional Barriers in the Way

    Contrary to what Team UPC wants people to think, UPC(A) isn’t a “done deal” in Germany; they never actually addressed the substance of complaints and with help from Benoît Battistelli‘s friends in the Commission they’re just attempting a blatant coup



  13. Microsoft Removes Free Software From GitHub Again, This Time for Motion Picture Association (MPA)

    GitHub is proving to be more of a censorship site than a code-sharing site; with the GitHub takeover Microsoft became a 'censorship police' or force of occupation against its ideological competition; just weeks after the YouTube-DL debacle and further take-downs seeking to 'protect' broken DRM schemes (by banning code) we can see that Microsoft isn't defending developers at all; it's just protecting the interests of MPA, RIAA and other Biden circles from the interests of the general population, which sometimes circumvents perfectly circumventable 'DRM' schemes



  14. IRC Proceedings: Saturday, November 28, 2020

    IRC logs for Saturday, November 28, 2020



  15. Help Make Techrights (and Other Technology-Centric Sites) More Robust to Censorship by Setting Up More IPFS Nodes

    We’re trying to improve the site’s availability (ensuring it can never be offline) and make it more censorship-resistant; people who adopt IPFS can make that happen while tackling the “bloated Web” and “centralised Internet” issues — all at the same time



  16. Microsoft Loves Linux and Android Apps Running on Windows Instead of GNU/Linux and Android Devices

    Microsoft loves Linux, they say; but as Microsoft's former VP James Allchin put it: "If you're going to kill someone there isn't much reason to get all worked up about it and angry -- you just pull the trigger [...] We need to smile at Novell while we pull the trigger."



  17. Links 28/11/2020: RenderDoc 1.11, GNOME 40 Scrolling Horizontally

    Links for the day



  18. Nine Documents About the Financial Siege Against EPO Staff (Past, Present, and Future)

    Today we release dozens of pages of letters and documents (internal to Europe's second-largest institution); they all focus on the betrayal and skulduggery, crushing staff in spite of what was originally promised (and what workers actually signed up for)



  19. EPO Senior Management (Cabal) “Essentially Deaf to the Proposals From Staff Representatives.”

    Representatives of EPO staff feel like the management of the EPO is "deaf" and uncaring; there's hardly any meaningful progress (or none whatsoever) when it comes to truly honest dialogue with real participation



  20. EPO Management, Led by António Campinos, Attempted to Stifle or Prevent Staff From Being Surveyed

    Battistelli's cabal, which covers up a lot of fraud and corruption, is attempting to prevent the staff from expressing an opinion (for insiders and perhaps outsiders to assess) because things are really bad and autocratic measures are seen as necessary to keep the lid on issues/abuses



  21. The European Patent Office's Central Staff Committee: Office Cannot Recruit Fit-for-Purpose Patent Examiners Anymore

    One third of EPO recruits are 'locals' (Germans), 0.2% are Swiss, 1% Scandinavian; the EPO as an employer became unattractive and it's unable to attract the staff it needs (as was projected and planned when the EPC was agreed upon)



  22. IRC Proceedings: Friday, November 27, 2020

    IRC logs for Friday, November 27, 2020



  23. Links 27/11/2020: Jolla is 7, Diffoscope 162, MNT Reform Production

    Links for the day



  24. The Time Coronavirus Helped EPO Management Prevent Staff From Protesting and Going on Strike (March 26th)

    "In view of the spreading of the New Corona Virus, the planned General Assemblies have to be cancelled," the Staff Union of the European Patent Office (SUEPO) wrote in the wake of the crisis across Europe back in March (weeks ahead of a planned strike)



  25. Guarding Your Privacy With E2EE: Primer

    "As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try."



  26. Links 27/11/2020: Systemd 247 and Cockpit 233

    Links for the day



  27. A Free Speech Deficit Harms Software Freedom

    Free software and Software Freedom cannot possibly succeed if we keep accepting or even just tolerating systematic censorship of opinionated people in our community; failing to speak out on this matter (for fear of supposedly offending someone, risking expulsion) is part of the problem — complicity by passivity



  28. Perception of Difficulty

    New poem by figosdev



  29. IRC Proceedings: Thursday, November 26, 2020

    IRC logs for Thursday, November 26, 2020



  30. Cartoon: After Gambling With Workers' Savings the EPO Can Do Real Estate

    New EPO cartoon from EPO insiders (the one on the right certainly looks a lot like António Campinos and the one on the left can be his EUIPO ‘import’ or Benoît Battistelli‘s INPI ‘import’)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts