Bonum Certa Men Certa

“Microsoft Will Have Blood on Its Hands.”

Fertilizer



Summary: In the midst of Wikileaks drama we learn that an executions-savvy regime will benefit from Windows cracks

"Windooze insecurity puts Iranian dissidents in mortal danger," states the subject line of an anonymous USENET post, quoting this article. "A Dutch CA called DigiNotar," says the poster, "was hacked by Iranian hackers, likely with the intention of intercepting SSL traffic (Gmail, Facebook etc.) of Iranian activists and freedom fighters. I checked DigiNotar's website and guess what operating system they're using? You guessed it! WINDOOZE ASP.NET!!!



"So now Microsoft will have blood on its hands. Its insecure graphical-shell-pretending-to-be-an-operating-system is now possibly responsible for the deaths and prosecution of many Iranians!! [..] THIS COMPANY SHOULDN'T BE SPLIT UP, IT SHOULD BE SHUT DOWN"

“And as long as otherwise respectable companies insist on e-mailing me "slide shows" in the form of IrfanView .exe files because "it's so user-friendly", Windows will remain as secure as a wet paper bag.”
      --Richard Rasker
A more moderate Dutch poster, Richard Rasker, wrote separately: "I guess we've all heard how a Dutch Certificate Authority by the name of Diginotar, formerly used by even the Dutch IRS authority and countless city councils, has screwed up severely, when their systems were breached by Iranian hackers, who managed to poison the world with many hundreds of bogus certificates. Then they screwed up even more by hushing up about the hack for months -- a huge no-no in a world where trust is the highest good.

"And now it turns out that the screw-up has soared to even greater heights. In case you wondered what OS these people were using, here's the answer:

http://webwereld.nl/nieuws/107833/fox-it--diginotar-gebruikte-niet-eens-virusscanner.html

"For those who don't understand Dutch:

"Fox-IT: Diginotar didn't even use a virusscaner

Fox IT has delivered a devastating verdict on Diginotar's infrastructure. The company didn't adhere to agreements and procedures. Even elementary security measures were totally absent.

These are the conclusions from an investigation by Fox IT into the security breach at Diginotar, as passed by Webwereld and NU.nl through a governmental source. It turns out that all operations were taking place from within one single Windows domain. This made it possible to gain access to the certificate administration from any work station; logging in to one's work station was sufficient to get access to the systems. This is a mortal sin in the world of IT security. In addition, Diginotar was already aware of the abuse of its certificates as early as July.

No secure zones Even when issuing certificates for government use, standard security rules were trodden underfoot. The government's PKI computers operate from within a secure vault, and should never have been connected to Diginotar's network. Yet even on those machines, investigators found evidence that connections had been made to the Windows domain.

..." [no virus scanner ... no proper logging ... no strong password enforcement ... inadequate intrusion detection ... hackers got & used administrator rights ... certificates chucked in an easily accessible database ... etcetera]


"Now I won't say that this could never have happened in a Linux environment," notes Rasker, "but for a screw-up of these truly epic proportions, Windows is the OS of choice -- because it traditionally "makes things easy", and because Windows users are traditionally not used to working with proper permissions, secure networks and strong passwords.

"And as long as otherwise respectable companies insist on e-mailing me "slide shows" in the form of IrfanView .exe files because "it's so user-friendly", Windows will remain as secure as a wet paper bag. QED."

Recent Techrights' Posts

Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries
Links 26/03/2024: Inflation Problems, Strikes in Finland
Links for the day
Gemini Links 26/03/2024: Losing Children, Carbon Tax Discussed
Links for the day
Mark Shuttleworth resigns from Debian: volunteer suicide and Albania questions unanswered, mass resignations continue
Reprinted with permission from Daniel Pocock
Links 26/03/2024: 6,000 Layoffs at Dell, Microsoft “XBox is in Real Trouble as a Hardware Manufacturer”
Links for the day
Gemini Links 26/03/2024: Microsofters Still Trying to 'Extend' Gemini Protocol
Links for the day
Look What IBM's Red Hat is Turning CentOS Into
For 17 years our site ran on CentOS. Thankfully we're done with that...
The Julian Paul Assange Verdict: The High Court Has Granted Assange Leave to Appeal Extradition to the United States, Decision Adjourned to May 20th Pending Assurances
The decision is out
The Microsoft and Apple Antitrust Issues Have Some But Not Many Commonalities
gist of the comparison to Microsoft
ZDNet, Sponsored by Microsoft for Paid-for Propaganda (in 'Article' Clothing), Has Added Pop-Up or Overlay to All Pages, Saying "813 Partners Will Store and Access Information on Your Device"
Avoiding ZDNet may become imperative given what it has turned into
Julian Assange Verdict 3 Hours Away
Their decision is due to be published at 1030 GMT
People Who Cover Suicide Aren't Suicidal
Assange didn't just "deteriorate". This deterioration was involuntary and very much imposed upon him.
Overworking Kills
The body usually (but not always) knows best
Former Red Hat Chief (CEO), Who Decided to Leave the Company Earlier This Month, Talks About "Cloud Company Red Hat" to CNBC
shows a lack of foresight and dependence on buzzwords
IRC Proceedings: Monday, March 25, 2024
IRC logs for Monday, March 25, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Discord Does Not Make Money, It's Spying on People and Selling Data/Control (38% is Allegedly Controlled by the Communist Party of China)
a considerable share exists
In At Least Two Nations Windows is Now Measured at 2% "Market Share" (Microsoft Really Does Not Want People to Notice That)
Ignore the mindless "AI"-washing
Internet Relay Chat (IRC) Still Has Hundreds of Thousands of Simultaneously-Online Unique Users
The scale of IRC