02.17.11

Gemini version available ♊︎

MSBBC Cracked, Canadian Government Cracked, Microsoft Blames Users, and .NET-based Aviation System Crashes

Posted in Microsoft, Servers, Windows at 2:39 pm by Dr. Roy Schestowitz

When system crashes can lead to plane crashes

Aeroplane

Summary: Another atrocious week for Microsoft’s security and reliability record

“Thanks to Windows’ built-in insecurity, its easy to create huge Windows botnets,” wrote the honourable SJVN a few days ago. It is widely recognised that Microsoft is largely responsible for many of Windows’ security failings, but Microsoft pressures journalists not to call out Windows using techniques that we covered here before.

MSBBC’s music sites have just been cracked and they turned hostile towards site visitors who use Windows. As the report puts it, “other top name insecurity vendors like Sophos, McAfee and even Microsoft’s anti-virus tools didn’t register the hack at all. That is an appalling detection rate from both free and paid-for anti-virus kits and, as of yesterday, Websense reckoned the anti-virus toolkits were still vulnerable.” This is just a Windows problem and someone who informed us that the Canadian government had just been cracked too says that 99% of the systems there run Windows (we cannot verify this claim, but if anyone can, please leave a comment).

It is unclear whether the attackers managed to compromise other departmental computer networks, including those that contain Canadians’ sensitive personal information such as tax and health records.

Once the attack was detected, government cybersecurity officials immediately shut down all internet access in both departments in an attempt to stop stolen information from being sent back to the hackers over the net.

It is obvious what’s happening here. A suicidal dependence on poor systems (such as Windows) is a crucial factor that can easily affect national security or suspend emergency services like dispatch of ambulances. The latter new example speaks of Windows viruses leading to a likely loss of lives (although disruption to service is denied by the face-saving officials). What is Microsoft’s response to all of this? As we noted yesterday, the company’s lobbyist from the government [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13] is trying to blame the users and there are strong responses to it again, such as:

Microsoft Vice President Scott Charney, a longtime advocate of a coordinated approach to cybersecurity, describes a vision of Internet health:

“We broke Windows. It’s your problem now.”

At least, that’s how I interpret his comments. Charney wants to have users pass a kind of “health test” for their computer before they can use web services.

“Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats,” he said.

Charney uses a public health model to support his new idea. Basically, in order to access web services (say, your bank – or cloud services, maybe even social networking like Facebook) you first need to let the provider run their virus check on your computer. Intrusive? I think so. Would you let a web site run their code (virus scan) on your machine before you are allowed to use their web application? I think I smell more malware coming.

Charney’s appalling remarks are also mentioned by Lia Timson at ITWire and Lia’s colleague Sam Varghese, who writes:

Passing the buck is a game at which Microsoft is adept. In the computer security industry, one needs to have tons of chutzpah to hold others responsible for one’s own security stuff-ups.

The good folk at Redmond possess this quality in spades.

Probably the best example of chutzpah that I can recall came from a young Bill Gates many years ago when the company was getting off the starting blocks. As Paul Allen, the other co-founder, had also taken up a job as head of software at MITs, the maker of the Altair, Gates argued that since he was working for Microsoft only and Allen was dividing his time, he (Gates) should have 64 percent of the founders’ shares and Allen should only get 36 percent.

Shortly after the division was done this way, young Bill went to MITs founder Ed Roberts and got a job there as well, for $US10 an hour. Microsoft’s culture has always been defined by Gates.

Scott Charney’s comments at the ongoing RSA conference are a good example of the blithe manner in which Microsoft tries to force the rest of the world to carry the can for the abysmal security of its products.

The monoculture otherwise known as Windows is in the main responsible for the plethora of viruses, worms, malware, scumware and other such $wares that plague the internet. DDoS attacks come, more often than not, from armies of Windows machines grouped in a botnet.

Sure, there are other operating systems involved too but they are in a minority. A very small minority. Windows is the main problem and everyone, his/her dog, his/her cat and his/her goldfish is aware of that.

Dr. Glyn Moody links to the article “Microsoft has a change of heart on how to keep Internet safe” and he adds: “or how about if Microsoft just wrote some decent code?”

“Will Virgin do the same thing as LSE following this daunting incident?”Yes, journalists too recognise that this is Microsoft’s fault, as stated at the beginning. The gullible, weak ones just bend to Microsoft PR agents and deceive the public about it. These are the sorts of people who do the scaremongering regarding “cyber war” so that companies like Microsoft and suppressive regimes can find good excuses for taking more control over people’s computers, spying on PCs of Windows users for example.

There is another timely example of the failed design of Microsoft software. It’s a major .NET failure just like the ones in LSE (a former Microsoft poster child). Not so long ago it turned out that a plane crash had been caused by Windows malware (with Microsoft boosters blaming IBM in vain [1, 2]) and amid other plane crashes and downtimes in airports [1, 2] it became evident that Microsoft belongs nowhere near aviation. Virgin made the mistake of going with Microsoft and watch what happens:

This latest computer crash, which looks to be as serious as the 2010 fiasco, will place more question marks around the integrity and robustness of the .NET based Navitaire New Skies system which claims to be able to handle load spikes and scale easily as passenger volumes increase.

The crash also raises questions about the level of redundancy built into Navitaire, which is supposed to provide back-up systems in the event of failure.

Will Virgin do the same thing as LSE following this daunting incident?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. twitter said,

    February 17, 2011 at 6:18 pm

    Gravatar

    Another good reason for governments to dump Microsoft comes from the Aaron Barr, HBGary disclosures. The exploits he advertised are almost all Microsoft problems or software that runs on Windows He brags about screwing private companies, governments, presumably the US included, as well as the “progressive groups” targeted by the US Chamber of Commerce and Bank of America.

    If I want to gain access to the Exelon plant up in Pottsdown PA I only have to go as far as LinkedIn to identify Nuclear engineers being employed by Exelon in that location. Jump over to Facebook to start doing link analysis and profiling. Add data from twitter and other social media services. I have enough information to develop a highly targeted exploitation effort.

    I can and have gained access to various government and government contractor groups in the social media space using this technique (more detailed but you get the point). Given that people work from home, access home services from work — getting access to the target is just a matter of time and nominal effort.

    As usual, the crooks go for the softest target and that is people’s home computers running Windows. One of the reasons Barr targeted family members of his targets was to gain access to company and organizational networks. In one of the images he’s quoted as saying, “An example. Richard probably has a home network. Richard and [his wife] probably share the same network, maybe even the same home computer. Either way. [sic] If I can exploit her account through one of her social connections I can exploit the home network/system.” The nasty things he does with such information and control are well documented, harass, demoralize, fracture, discredit and destroy the targeted groups and people.

    The best way for governments, companies and progressives alike to avoid this kind of screw over is for them to all start using free software which is miles ahead of non free software in all ways related to security, privacy and attribution. People using free software can easily sign or encrypt their communications and documents to assure privacy and authorship. That eliminates many of the social attacks Microsoft boosters will try to highlight in order to deflect attention from Microsoft flaws, the old “all software is crap, blame the user” misdirection. The number of free software exploits is vanishingly small because of inherently better design, continuous, rapid improvement and diversity based on architecture and distribution. Non free software was designed to exploit the user with unjust demands, so it is no surprise that backdoors and other treachery are more common than things users want.

  2. twitter said,

    February 18, 2011 at 1:00 am

    Gravatar

    NASDAQ was also cracked the other day. No, not the GNU/Linux trading computers, something called Directors Desk that they foolishly ran on Windows. NASDAQ and Slashdot both fail to call out Windows, and the Slashdot submitter disgraced themselves by saying, “the attackers are winning, and even well-funded organizations like NASDAQ can’t secure their networks reliably.” No one can secure Windows or any network with Windows on it. Google figured this out and banned Windows from their networks. When will other companies get with it?

    Dr. Roy Schestowitz Reply:

    I put that in daily links as I could not confirm that Windows was to blame.

    twitter Reply:

    Oh my, here’s Forbes rushing to Microsoft’s rescue. Mention of EU privacy violations is interesting but not as much fun as the estimated year of penetration “hackers” had to the supposed treasure trove of information on 10,000 board of directors, including Fortune 500 companies. The forbes rescue is that this attack had to be State-Sponsored because of how long it went undetected! It was an “Advanced Persistant Threat attack” (APT)!! The author splurges on,

    The security measures advertised on the Directors Desk website such as compliance with ISO27001, firewalls, IDS, and strong passwords are useless against APT because attacks are specifically designed to bypass everything that the target has put in place; even encryption. … NASDAQ needs to consult with security experts who understand and work APT attacks as soon as possible. If you’re a Directors Desk LLC customer, you should probably do the same.

    Call the author right away because he “provides custom security solutions that focus exclusively on the special needs of C-level and other senior executives.”

    News about the hack is ranked high in Google search results for “NASDAQ Directors Desk” but none of the articles in the first two pages call out Windows. This one (USA Today) thinks a poison pdf might have been planted but fails to mention the target would be Adobe Reader on Windows or that the attack was against a crappy Windows server. Instead the author calls Director’s desk a, “no-nonsense social network for very privileged users. Nasdaq describes it as a “complete turnkey, fully hosted online board technology solution”. Right. The author then details how a poison pdf would have been slipped it from a board member’s “PC” that got p0wnt by someone who had done a little HBGary style research, as Windows PCs often are. No mention is made of Windws, however. That Windows is insecure on desktops or servers is simply too easy a solution, a non story that won’t sell any fancy insecurity products. Network World fails to call out Windows, but comments do. There’s no mention of Windows here or in the New York Times or The Wall Street Journal.

    By not calling out Windows, all of these big publishers create panic without a reasonable solution, and set people up for great harm. Readers are invited to panic as they realize that criminals have penetrated all sorts of networks, private and government. They would not be so scared if they simply ditched Microsoft. Instead, I’m afraid Microsoft is going to use their failures to gain yet more power. People, ignorant of the cause of their problems, will be fleeced by snake oil vendors and Microsoft’s “public health” proposals will be used to discriminate against people who don’t use Windows and don’t have the problems. The snake oil solutions are a never ending story that Microsoft has pushed since the early days of MSDOS.

    Dr. Roy Schestowitz Reply:

    Google knew better and also named Windows.

DecorWhat Else is New


  1. [Meme] Germany's Licence to Break the Law

    Remember that the young Campinos asked dad for his immunity after he had gotten drunk and crashed the car; maybe the EPO should stop giving diplomatic immunity to people, seeing what criminals (e.g. Benoît Battistelli) this attracts; the German government is destroying its image (and the EU’s) by fostering such corruption, wrongly believing that it’s worth it because of Eurozone domination for patents/litigation



  2. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains



  3. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day



  4. Links 1/12/2021: NixOS 21.11 Released

    Links for the day



  5. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021



  6. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day



  7. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves



  8. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."



  9. Video: Making the Internet a Better Place for People, Not Megacorporations

    Following that earlier list of suggested improvements for a freedom-respecting Internet, here's a video and outline



  10. Links 30/11/2021: KDE Plasma 5.23.4, 4MLinux 38.0, Long GitHub Downtime, and Microsoft's CEO Selling Away Shares

    Links for the day



  11. A Concise Manifesto For Freedom-Respecting Internet

    An informal list of considerations to make when reshaping the Internet to better serve people, not a few corporations that are mostly military contractors subsidised by the American taxpayers



  12. Freenode.net Becomes a 'Reddit Clone' and Freenode IRC is Back to Old Configurations After Flushing Down Decades' Worth of User/Channel Data and Locking/Shutting Out Longtime Users

    Freenode is having another go; after “chits” and “jobs” (among many other ideas) have clearly failed, and following the change of daemon (resulting in massive loss of data and even security issues associated with impersonation) as well as pointless rebrand as “Joseon”, the domain Freenode.net becomes something completely different and the IRC network reopens to all



  13. Jack Dorsey's Decision is a Wake-up Call: Social Control Media is Just a Toxic Bubble

    The state of the World Wide Web (reliability, preservation, accessibility, compatibility etc.) was worsened a lot more than a decade ago; with social control media that’s nowadays just a pile of JavaScript programs we’re basically seeing the Web gradually turning into another Adobe Flash (but this time they tell us it’s a “standard”), exacerbating an already-oversized ‘bubble economy’ where companies operate at a loss while claiming to be worth hundreds of billions (USD) and generally serve imperialistic objectives by means of manipulation like surveillance, selective curation, and censorship



  14. IRC Proceedings: Monday, November 29, 2021

    IRC logs for Monday, November 29, 2021



  15. Links 29/11/2021: NuTyX 21.10.5 and CrossOver 21.1.0

    Links for the day



  16. This Apt Has Super Dumbass Powers. Linus Sebastian and Pop_OS!

    Guest post by Ryan, reprinted with permission



  17. [Meme] Trying to Appease Provocateurs and Borderline Trolls

    GNU/Linux isn’t just a clone of Microsoft Windows and it oughtn’t be a clone of Microsoft Windows, either; some people set themselves up for failure, maybe by intention



  18. Centralised Git Hosting Has a Business Model Which is Hostile Towards Developers' Interests (in Microsoft's Case, It's an Attack on Reciprocal Licensing and Persistent Manipulation)

    Spying, censoring, and abusing projects/developers/users are among the perks Microsoft found in GitHub; the E.E.E.-styled takeover is being misused for perception manipulation and even racism, so projects really need to take control of their hosting (outsourcing is risky and very expensive in the long run)



  19. Links 29/11/2021: FWUPD's 'Best Known Configuration' and Glimpse at OpenZFS 3.0

    Links for the day



  20. President Biden Wants to Put Microsofter in Charge of the Patent Office, Soon to Penalise Patent Applicants Who Don't Use Microsoft's Proprietary Formats

    The tradition of GAFAM or GIAFAM inside the USPTO carries on (e.g. Kappos and Lee; Kappos lobbies for Microsoft and IBM, whereas Lee now works for Amazon/Bezos after a career at Google); it's hard to believe anymore that the USPTO exists to serve innovators rather than aggressive monopolists, shielding their territory by patent threats (lawsuits or worse aggression) and cross-licensing that's akin to a cartel



  21. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)

    Balabhadra (Alex) Graveley was promoting .NET (or Mono) since his young days; his current job at Microsoft is consistent with past harms to GNU/Linux, basically pushing undesirable (except to Microsoft) things to GNU/Linux users; Tomboy used to be the main reason for distro ISOs to include Mono



  22. Dr. Andy Farnell on Teaching Cybersecurity in an Age of 'Fake Security'

    By Dr. Andy Farnell



  23. IRC Proceedings: Sunday, November 28, 2021

    IRC logs for Sunday, November 28, 2021



  24. Links 29/11/2021: Linux 5.16 RC3 and Lots of Patent Catch-up

    Links for the day



  25. By 2022 0% of 'News' Coverage About Patents Will Be Actual Journalism (Patent Litigation Sector Has Hijacked the World Wide Web to Disseminate Self-Promotional Misinformation)

    Finding news about the EPO is almost impossible because today’s so-called ‘news’ sites are in the pockets of Benoît Battistelli, António Campinos, and their cohorts who turned the EPO into a hub of litigation, not science; this is part of an international (worldwide) problem because financial resources for journalism have run out, and so the vacuum is filled/replaced almost entirely by Public Relations (PR) and marketing



  26. Trying to Appease Those Who Never Liked Free Software or Those Who Blindly Loved All Patent Monopolies to Begin With

    It’s crystal clear that trying to appease everyone, all the time, is impossible; in the case of the EPO, for example, we hope that exposing Team Battistelli/Campinos helps raise awareness of the harms of patent maximalism, and when speaking about Free software — whilst occasionally bashing the alternatives (proprietary) — we hope to convince more people to join the “Good Fight”



  27. Links 28/11/2021: Laravel 8.73 Released, GitHub Offline for Hours

    Links for the day



  28. IRC Proceedings: Saturday, November 27, 2021

    IRC logs for Saturday, November 27, 2021



  29. Links 27/11/2021: Nvidia’s DLSS Hype and Why GNU/Linux Matters

    Links for the day



  30. [Meme] Linus Gabriel Sebastian Takes GNU/Linux for a (Tail)'Spin'

    If you’re trying to prove that GNU/Linux is NOT Windows, then “haha! Well done…”


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts