01.15.10

Gemini version available ♊︎

Microsoft Flaws — Not Adobe Flaws — Responsible for China’s Attack on Google; Microsoft Takes China’s Side, as Usual

Posted in Asia, Google, Microsoft, Security, Windows at 3:36 pm by Dr. Roy Schestowitz

Summary: Microsoft’s very special relationship with another suppressive entity and the blame games in China’s crack attack

LAST NIGHT we showed that Microsoft Windows zombies were responsible for the attacks on Google. There are hundreds of millions of such zombie PCs and according to IDG, “DDoS Attacks Are Back (and Bigger Than Before)”

Distributed denial-of-service (DDoS) attacks are certainly nothing new. Companies have suffered the scourge since the beginning of the digital age. But DDoS seems to be finding its way back into headlines in the past six months, in thanks to some high-profile targets and, experts say, two important changes in the nature of the attacks.

The targets are basically the same — private companies and government websites. The motive is typically something like extortion or to disrupt the operations of a competing company or an unpopular government. But the ferocity and depth of the attacks have snowballed, thanks in large part to the proliferation of botnets and a shift from targeting ISP connections to aiming legitimate-looking requests at servers themselves.

IDG also shows that the attack on Google relies on Microsoft flaws (page rendering as malicious execution and the notion of clicking attachments to execute data files). “Adobe may be off the hook,” says this report:

IE Exploit Used to Launch Chinese Attacks on Google

[...]

Early speculation focused on the Abobe Reader zero-day exploit as the source of the Chinese attacks on Google and other corporations earlier this week, but Adobe may be off the hook–or at least share the blame. Microsoft has determined that an unknown flaw in Internet Explorer was one of the holes used to launch the attacks which have led to Google threatening to shut down its Chinese operations.

To Google, there is no real solution here; to leave China would be a case of staging a protest, but it would neither secure Google nor be practicable.

Here’s an interesting scenario: If Google does stick to its guns and leaves China because the country continues to insist on censoring web search results and blocking websites, will it also pull Android cellphones from the Chinese market?

Let’s not forget that Google relies on cheap Chinese workforce to make its profitable products (like phones and appliances). The West is generally far too dependent on Chinese labour and export.

Microsoft — not surprisingly — has no problem with what China is doing and as IDG’s Erik Larkin puts it, to Microsoft it’s just another technical case of patches (never mind if exploiters/crackers are supported by the Chinese government). Microsoft does not even address the problem immediately, so in the mean time it just externalises the costs, also to Google and Google’s clients.

Ballmer: Microsoft Will Stay in China

Microsoft does not plan to follow Google’s lead in pulling out of China, the software giant’s CEO told news outlets on Thursday.

Like China, Microsoft China disregards copyright law and Microsoft has special relationships in China. McCain (of the Republican party) comes to mind here; Bill Gates is a friend of the China regime and McCain recommended Steve Ballmer for the Chinese ambassador position. Microsoft and China are similar in many ways; neither tolerates contest and they both repress clients/citizens. Microsoft removes its competition — including GNU/Linux and Apple — from search results, as systematically proven before.

One of our readers, who is more of a hardliner by some people’s judgment, wrote to us the following:

Contempt, perjury or treason?

http://www.theinquirer.net/inquirer/news/…
http://news.cnet.com/China-looks-into…
http://www.maximumpc.com/article/…

Add to that the incident where Gates intercepted China’s President Hu, which Hu went along with, on his first official visit in office to the United States.

http://windowsitpro.com/article/…

Maybe Gates’ recent visit to the Whitehouse was about pleading for his life more than about begging for a too-big-to-fail corporate welfare handout.

http://www.theregister.co.uk/2000/…
title=”http://www.aaxnet.com/news/M000714.html
http://windowsitpro.com/article/articleid/18007/…
http://www.dailymail.co.uk/news/article-…
http://www.cnn.com/2007/US/11/30/china.us/…
http://www.navytimes.com/news/2008/01/…

Seriously, could Osama bin Laden himself arranged better? If it doesn’t beat all that Gates and his minions aren’t even hiding in caves. The perpetraitors {sic} are still on free foot and even getting puff-pieces in the media. There is some corrective action:

http://mae.pennnet.com/display_article/…
http://www.fcw.com/Articles/2008/03/06…

There are at least three sides to the cyberwar that started last year: China, Microsoft and the US. The first two appear to be in an uneasy aliance to bring down the third after which the first will easily take down the second.

More thoughts would be welcome. Views are not being suppressed.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

8 Comments

  1. Yuhong Bao said,

    January 15, 2010 at 4:40 pm

    Gravatar

    “Microsoft Flaws — Not Adobe Flaws”
    It is MS AND Adobe flaws, and Google isn’t the only one attacked by China, BTW.

    Roy Schestowitz Reply:

    I didn’t say it was only Google (see yesterday’s post) and IDG says it’s IE/Windows.

    Yuhong Bao Reply:

    OK, I have read the source, and I know what it is coming from now, and I know the logic behind it. I am thinking of posting it as a comment to the original source too. AFRIK often targeted attacks like this one use multiple exploits.

    Roy Schestowitz Reply:

    Flaws are a complicated issue but monoculture helps it a lot.

  2. Yuhong Bao said,

    January 15, 2010 at 4:45 pm

    Gravatar

    “(page rendering as malicious execution and the notion of clicking attachments to execute data files)”
    Is the latter really a Microsoft flaw? In fact, the former is not really a MS-specific flaw, it is just in this case it happened in MS code, so MS can indeed be blamed.

    Roy Schestowitz Reply:

    In UNIX/Linux, execution is very restricted. See the recent flamewar at Fedora.

    Yuhong Bao Reply:

    OK, I get that UNIX has an execute permission bit, and that it is indeed a real advantage over Windows that you could point out.

    Roy Schestowitz Reply:

    Here is Nicholas Petreley’s excellent report on the subject:

    http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/

DecorWhat Else is New


  1. Links 05/02/2023: Pakistan Blocks Wikipedia, Musharraf Dies

    Links for the day



  2. IRC Proceedings: Saturday, February 04, 2023

    IRC logs for Saturday, February 04, 2023



  3. Links 04/02/2023: FOSDEM Happening and Ken Thompson in SoCal Linux Expo

    Links for the day



  4. 2023 is the Year Taxpayers' Money Goes to War and Energy Subsidies, Not Tech

    Now that a lot of powerful and omnipresent ‘tech’ (spying and policing) companies are rotting away we have golden opportunities to bring about positive change and maybe even recruit technical people for good causes



  5. Getting Back to Productive Computer Systems Would Benefit Public Health and Not Just Boost Productivity

    “Smartphoneshame” (shaming an unhealthy culture of obsession with “apps”) would potentially bring about a better, more sociable society with fewer mental health crises and higher productivity levels



  6. Links 04/02/2023: This Week in KDE and Many More Tech Layoffs

    Links for the day



  7. Dotcom Boom and Bust, Round 2

    The age of technology giants/monopolies devouring everything or military-funded (i.e. taxpayers-subsidised) surveillance/censorship tentacles, in effect privatised eyes of the state, may be ending; the United States can barely sustain that anymore and raising the debt ceiling won't solve that (buying time isn't the solution)



  8. Society Would Benefit From a Smartphoneshame Movement

    In a society plagued by blackmail, surveillance and frivolous lawsuits it is important to reconsider the notion of “smart” phone ownership; these devices give potentially authoritarian companies and governments far too much power over people (in the EU they want to introduce new legislation that would, in effect, ban Free software if it enables true privacy)



  9. IRC Proceedings: Friday, February 03, 2023

    IRC logs for Friday, February 03, 2023



  10. IRC Proceedings: Thursday, February 02, 2023

    IRC logs for Thursday, February 02, 2023



  11. Links 03/02/2023: Proton 7.0-6 Released, ScummVM 2.7 Testing

    Links for the day



  12. Links 03/02/2023: OpenSSH 9.2 and OBS Studio 29.0.1

    Links for the day



  13. Links 03/02/2023: GNU C Library 2.37

    Links for the day



  14. Sirius Finished

    Yesterday I was sent a letter approving my resignation from Sirius ‘Open Source’, two months after I had already announced that I was resigning with immediate effect; they sent an identical letter to my wife (this time, unlike before, they remembered to also change the names!!)



  15. The Collapse of Sirius in a Nutshell: How to Identify the Symptoms and Decide When to Leave

    Sirius is finished, but it's important to share the lessons learned with other people; there might be other "pretenders" out there and they need to be abandoned



  16. Links 03/02/2023: WINE 8.1 and RapidDisk 9.0.0

    Links for the day



  17. Links 02/02/2023: KDE Gear 22.12.2 and LibreOffice 7.5

    Links for the day



  18. Linux News or Marketing Platform?

    Ads everywhere: Phoronix puts them at the top, bottom, navigation bar, left, and right just to read some Microsoft junk (puff pieces about something that nobody other than Microsoft even uses); in addition there are pop-ups asking for consent to send visitors’ data to hundreds of data brokers



  19. Daily Links at Techrights Turn 15, Time to Give Them an Upgrade

    This year we have several 15-year anniversaries; one of them is Daily Links (it turned 15 earlier this week) and we've been working to improve these batches of links, making them a lot more extensive and somewhat better structured/clustered



  20. Back to Focusing on Unified Patent Court (UPC) Crimes and Illegal Patent Agenda, Including the EPO's

    The EPO's (European Patent Office, Europe's second-largest institution) violations of constitutions, laws and so on merit more coverage, seeing that what's left of the "media" not only fails to cover scandalous things but is actively cheering for criminals (in exchange for money)



  21. European Patent Office Staff Votes in Favour of Freedom of Association (97% of Voters in Support)

    The Central Staff Committee (CSC) at the EPO makes a strong case for António Campinos to stop breaking and law and actually start obeying court orders (he’s no better than Benoît Battistelli and he uses worse language already)



  22. Links 02/02/2023: Glibc 2.37 and Go 1.20

    Links for the day



  23. IRC Proceedings: Wednesday, February 01, 2023

    IRC logs for Wednesday, February 01, 2023



  24. Links 01/02/2023: Security Problems, Unrest, and More

    Links for the day



  25. Links 01/02/2023: Stables Kernels and Upcoming COSMIC From System76

    Links for the day



  26. IRC Proceedings: Tuesday, January 31, 2023

    IRC logs for Tuesday, January 31, 2023



  27. Links 31/01/2023: Catchup Again, Wayland in Xfce 4.20

    Links for the day



  28. Links 31/01/2023: elementary OS 7

    Links for the day



  29. Intimidation Against Nitrux Development Team Upsets the Community and Makes the Media Less Trustworthy

    Nitrux is being criticised for being “very unappealing”; but a look behind the scenes reveals an angry reviewer (habitual mouthpiece of the Linux Foundation and Linux foes) trying to intimidate Nitrux developers, who are unpaid volunteers rather than “corporate” developers



  30. Links 31/01/2023: GNOME 44 Wallpapers and Alpha

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts