01.06.11
Use Microsoft Windows, Get Assassinated
The Homepage of Julian Assange
Summary: News reports from around the world illustrate the effect of one’s dependence on a software ‘master’
ACTIVISTS who include folks like the Wikileaks hackers tend to use Free software. Encrypted decentralisation is what keeps them alive (no incentive to engage in targeted killings). Free software ensures that those who defend freedom have the necessary tools to not only work but also to defend themselves, using deterrents, anonymity, and privacy. It’s not only an idealogical choice; Free software is technically better a lot of the time, but more importantly, it has no master who wields an axe over the users. Over the years we wrote several posts explaining why those who challenge an authority — any authority for that matter — should avoid proprietary software even if it’s offered as a ‘gift’. No authority is 100% benign and history teaches that even the Nazis were under attack by some German intellectuals in the early days, before they become powerful enough to squash/imprison/assassinate/drive away all opposition.
A few days ago we found and shared a report about Iran building its own operating system, which some people suspect will be based on GNU/Linux. Now, without going into all the politics, what Iran does ought to show that the independence factor is a matter of control.
“This is Cyberwar,” writes Jan Wildeboer, “not Wikileaks.” He links to this Symantec paper about Stuxnet [PDF] (synopsis available as HTML too), which we covered in posts such as:
- Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
- Windows Viruses Can be Politically Motivated Sometimes
- Who Needs Windows Back Doors When It’s So Insecure?
- Windows Insecurity Becomes a Political Issue
- Windows, Stuxnet, and Public Stoning
- Stuxnet Grows Beyond Siemens-Windows Infections
- Has BP Already Abandoned Windows?
- Reports: Apple to Charge for (Security) Updates
- Windows Viruses Can be Politically Motivated Sometimes
- New Flaw in Windows Facilitates More DDOS Attacks
- Siemens is Bad for Industry, Partly Due to Microsoft
- Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
- Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
- Microsoft Software: a Darwin Test for Incompetence
- Bad September for Microsoft Security, Symantec Buyout Rumours
- Microsoft Claims Credit for Failing in Security
- Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
- Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
- Security Propaganda From Microsoft: Villains Become Heroes
- Security Problems in iOS and Windows
- Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
- Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild
- Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again
- Cablegate Reveals Government Requesting Access to Microsoft Data, Kill Switches
In some of the posts above experts argued that sabotage of Iran’s nuclear programme using Stuxnet suggested a link to Israel. Given that Microsoft gives Chinese hackers access to its source code, the explanation can be even simpler than that and now that “Microsoft confirms [yet another] code execution bug in Windows” it ought to be evident that no back door is needed; there are just too many severe flaws.
Microsoft has confirmed reports that several versions of Windows are vulnerable to exploits that allow remote attackers to take full control of users’ computers using booby-trapped emails and websites.
In an advisory issued Tuesday, Microsoft said it was investigating “new public reports” of vulnerability in the XP, Server 2003, Vista, and Server 2008 versions of Windows. In fact, the first known report of the bug in the way those operating systems process thumbnail images came on December 15 at a security conference in South Korea. On Tuesday, exploit code was added to the Metasploit software framework for hackers.
“Dubai assassins used email trojan to track Hamas victim” says this new report from The Register around the same time that a Norwegian newspaper with access to all the raw cables from Wikileaks reveals more Israeli scandals.
The successful operation to kill a Hamas commander in Dubai in January 2010 followed a botched attempt by the same Israeli hit squad to kill the same target two months previously, according to reports.
Assassins tried to poison Mahmud al-Mabhouh in Dubai in November 2009, but even though the unknown poison was administered it proved only debilitating and not fatal. al-Mabhouh recovered from what he thought was an illness only to be killed two months later, according to a new investigation by investigative journalist Ronen Bergman published in GQ magazine.
In response to this posting (via Glyn Moody), Wildeboer wrote: “And now Microsoft gives away free licenses to NGOs … draw your own conclusions”
Yes, we wrote about that yesterday. Activists must not use proprietary software because of the proprietor. In other security news:
Virus writers are still sticking to the oldest tricks in the book to sucker people into downloading their malware,
An email, which claims to come from Microsoft, has an attachment that says it is a Windows patch.
Never expect security from Microsoft, especially for people who are witch-hunted by those in power. The FBI too has its tool for penetrating Windows remotely and it's called CIPAV. █
