04.17.10

First Time, Shame on You — Second Time, Shame on Microsoft

Posted in DRM, Microsoft, Security, Windows at 5:17 pm by Dr. Roy Schestowitz

Summary: Microsoft’s Restrictions Management Service is broken again and Windows XP is again left vulnerable with Microsoft unwilling to address the issue

Microsoft’s Restrictions [sic] Management Service (RMS) is broken yet again, proving — as always — that Microsoft cannot handle encryption properly because it is not reusing good code like Free software typically does. From The H we learn that:

An implementation flaw allows attackers to bypass the encryption mechanism used for Microsoft Office documents. Although this isn’t news, having been made public in 2005, no (officially acknowledged) attack or tool for exploiting the vulnerability has existed until now. Which probably explains why Microsoft has never fixed the problem with an update for older versions of Office.

French crypto expert Eric Filiol in his presentationPDF at the recent Black Hat security conference emphasised that the situation has now changed. He says his tool can decrypt a document within a few minutes. Filiol said he began working on the statistical analysis of the RC4 algorithm used in Office back in 1994. Talking to heise Security, the expert explained why he has only now published his results: “I was employed by the French military at the time. Everything I did was classified. Now I am free speak about it.”

In other news, Microsoft is seemingly blaming users for flaws in Windows that enabled rootkits to be installed. More curiously, “Microsoft refuses to patch infected Windows XP machines,” according to PC Pro. [via]

Microsoft has revealed that its latest round of patches won’t install on XP machines if they’re infected with a rootkit.

Back in February, a security patch left some XP users complaining of endless reboots and Blue Screens of Death. An investigation followed and Microsoft discovered the problems occurred on machines infected with the Alureon rootkit, which interacted badly with patch KB977165 for the Windows kernel.

This would not be the first time that Microsoft leaves XP permanently unpatched, even by choice. Such utter negligence [1, 2, 3] can lead to loads of zombie PCs that everyone — not just Windows users — will suffer from and pay for. So where is the liability? Microsoft insists that the public should pay the price for Microsoft’s negligence [1, 2, 3, 4, 5, 6, 7] and some people are currently paying the price in the form of blackmail. [via]

PCs using file-share sites and publishes the user’s net history on a public website before demanding a fee for its removal.

The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people.

Suffice to say, this “Japanese trojan virus” would not install itself on anything other than Windows, but the article above is from the MSBBC [1, 2, 3, 4, 5, 6, 7, 8] and thus it addresses toddlers who equate “computers” with “Windows”. it’s like stating that cars in general — not just Toyota cars [1, 2] — have a fatal flaw. █

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

Eye on Security: ‘F1′ Keystrokes Made Safe Again, XP Unpatched, Goodbye to Vista, Vista 7 Flaw

What Else is New

Today's European Patent Office Works for Patent Extremists and for Team UPC Rather Than for Europe or for Innovation

The International Association for the Protection of Intellectual Property (AIPPI) and other patent maximalists who have nothing to do with Europe, helped by a malicious and rather clueless politician called Benoît Battistelli, are turning the EPO into a patent-printing machine rather than an examination office as envisioned by the EPC (founders) and member states
The EPO is Dying and Those Who Have Killed It Are Becoming Very Rich in the Process

Following the footsteps of Ron Hovsepian at Novell, Battistelli at the EPO (along with Team Battistelli) may mean the end of the EPO as we know it (or the end altogether); one manager and a cabal of confidants make themselves obscenely rich by basically sacrificing the very organisation they were entrusted to serve
Short: Just Keep Repeating the Lie (“Quality”) Until People Might Believe It

Battistelli’s patent-printing bureau (EPO without quality control) keeps lying about the quality of patents by repeating the word “quality” a lot of times, including no less than twice in the summary alone
Shelston IP Keeps Pressuring IP Australia to Allow Software Patents and Harm Software Development

Shelston IP wants exactly the opposite of what's good for Australia; it just wants what's good for itself, yet it habitually pretends to speak for a productive industry (nothing could be further from the truth)
Is Andy Ramer's Departure the End of Cantor Fitzgerald's Patent Trolls-Feeding Operations and Ambitions?

The managing director of the 'IP' group at Cantor Fitzgerald is leaving, but it does not yet mean that patent trolls will be starved/deprived access to patents
EPO Hoards Billions of Euros (Taken From the Public), Decreases Quality to Get More Money, Reduces Payments to Staff

The EPO continues to collect money from everyone, distributes bogus/dubious patents that usher patent trolls into Europe (to cost European businesses billions in the long run), and staff of the EPO faces more cuts while EPO management swims in cash and perks
Short: Calling Battistelli's Town (Where He Works) “Force for Innovation” to Justify the Funneling of EPO Funds to It

How the EPO‘s management ‘explained’ (or sought to rationalise) to staff its opaque decision to send a multi-million, one-day ceremony to Battistelli’s own theatre only weeks before he leaves
Short: EPO Bribes the Media and Then Brags About the Paid-for Outcome to Staff

The EPO‘s systematic corruption of the media at the expense of EPO stakeholders — not to mention hiring of lawyers to bully media which exposes EPO corruption — in the EPO’s own words (amended by us)
Short: EPO's “Working Party for Quality” is to Quality What the “Democratic People's Republic of Korea” is to Democracy

To maintain the perception (illusion) that the EPO still cares about patent quality — and in order to disseminate this lie to EPO staff — a puff piece with the above heading/photograph was distributed to thousands of examiners in glossy paper form
Short: This Spring's Message From the EPO's President (Corrected)

A corrected preface from the Liar in Chief, the EPO's notoriously crooked and dishonest President
Short: Highly Misleading and Unscientific Graphics From the EPO for an Illusion of Growth

A look at the brainwash that EPO management is distributing to staff and what's wrong with it
Short: EPO Explains to Examiners Why They Should and Apparently Can Grant Software Patents (in Spite of EPC)

Whether it calls it "CII" or "ICT" or "Industry 4.0" or "4IR", the EPO's management continues to grant software patents and attempts to justify this to itself (and to staff)
Links 21/4/2018: Linux 4.9.95, FFmpeg 4.0, OpenBSD Foundation 2018 Fundraising Campaign

Links for the day
As USPTO Director, Andrei Iancu Gives Three Months for Public Comments on 35 U.S.C. § 101 (Software Patenting Impacted)

Weeks after starting his job as head of the US patent office, to our regret but not to our surprise, Iancu asks whether to limit examiners' ability to reject abstract patent applications citing 35 U.S.C. § 101 (relates to Alice and Mayo)
In Keith Raniere v Microsoft Both Sides Are Evil But for Different Reasons

Billing for patent lawyers reveals an abusive strategy from Microsoft, which responded to abusive patent litigation (something which Microsoft too has done for well over a decade)
Links 20/4/2018: Atom 1.26, MySQL 8.0

Links for the day
Links 19/4/2018: Mesa 17.3.9 and 18.0.1, Trisquel 8.0 LTS Flidas, Elections for openSUSE Board

Links for the day
The Patent Microcosm, Patent Trolls and Their Pressure Groups Incite a USPTO Director Against the Patent Trial and Appeal Board (PTAB) and Section 101/Alice

As one might expect, the patent extremists continue their witch-hunt and constant manipulation of USPTO officials, whom they hope to compel to become patent extremists themselves (otherwise those officials are defamed, typically until they're fired or decide to resign)
Microsoft's Lobbying for FRAND Pays Off as Microsoft-Connected Patent Troll Conversant (Formerly MOSAID) Goes After Android OEMs in Europe

The FRAND (or SEP) lobby seems to have caused a lot of monopolistic patent lawsuits; this mostly affects Linux-powered platforms such as Android, Tizen and webOS and there are new legal actions from Microsoft-connected patent trolls
To Understand Why People Say That Lawyers are Liars Look No Further Than Misleading Promotion of Software Patents

Some of the latest misleading claims from the patent microcosm, which is only interested in lots and lots of patents (its bread and butter is monopolies after all) irrespective of their merit, quality, and desirability
When News About the EPO is Dominated by Sponsored 'Reports' and Press Releases Because Publishers Are Afraid of (or Bribed by) the EPO

The lack of curiosity and genuine journalism in Europe may mean that serious abuses (if not corruption) will go unreported
The Boards of Appeal at the European Patent Organisation (EPO) Complain That They Are Understaffed, Not Just Lacking the Independence They Depend on

The Boards of Appeal have released a report and once again they openly complain that they're unable to do their job properly, i.e. patent quality cannot be assured
Links 18/4/2018: New Fedora 27 ISOs, Nextcloud Wins German Government Contract

Links for the day
Guest Post: Responding to Your Recent Posting “The European Patent Office Will Never Hold Its Destroyers Accountable”

In France, where Battistelli does not enjoy diplomatic immunity, he can be held accountable like his "padrone" recently was
The EPO in 2018: Partnering With Saudi Arabia and Cambodia (With Zero European Patents)

The EPO's status in the world has declined to the point where former French colonies and countries with zero European Patents are hailed as "success stories" for Battistelli
For Samsung and Apple the Biggest Threat Has Become Patent Trolls and Aggressors in China and the Eastern District of Texas, Not Each Other

The latest stories about two of the world's largest phone OEMs, both of which find themselves subjected to a heavy barrage of patent lawsuits and even embargoes; Samsung has meanwhile obtained an antisuit injunction against Huawei
The EPO Continues to Lie About Patent Quality Whilst Openly Promoting Software Patents, Even Outside Europe

EPO patent quality continues to sink while EPO management lies about it and software patents are openly being promoted/advocatedEPO patent quality continues to sink while EPO management lies about it (the article above is new) and software patents are openly being promoted/advocated
SCOTUS on WesternGeco v Ion Geophysical Almost Done; Will Oil States Decision Affirm the PTAB's Quality Assurance (IPRs) Soon?

Ahead of WesternGeco and Oil States, following oral proceedings, it's expected that the highest court in the United States will deliver more blows to patent maximalism
Links 17/4/2018: Linux 5.x Plans and Microsoft's 'Embrace'

Links for the day
The European Patent Office (EPO) Grants Patents in Error, Insiders Are Complaining That It's the Management's Fault

The EPO has languished to the point where patents are granted in error, examiners aren't happy, and the resultant chaos benefits no-one but lawyers and patent trolls