EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.13

NSA Shows Why We Should Abandon All Proprietary Software and Verify Trust

Posted in Free/Libre Software, Security at 11:19 am by Dr. Roy Schestowitz

Without source code of all levels/layers of the software trust just cannot be established

Compiler

Summary: Proprietary software can never be secure and back doors inside of it can be assumed (unless proven otherwise), based on some of the latest NSA leaks

THE NSA is a criminal operation, so we expect it to work with other criminal operations. Microsoft and the NSA collude to make the world a less secure place, enabling espionage with Windows (Stuxnet for example) and providing video/audio surveillance in people’s own homes without any warrants. Microsoft is about lawlessness is the same way the NSA is. The law of “rule” supersedes the rule of law.

Some say that the Windows-centric Stuxnet is the “world’s first true cyber-weapon”, but that is not true. History aside, to put it as IDG put it: “Stuxnet’s creators recognized they had built the world’s first true cyber-weapon and were more interested in pushing the envelope of this new type of digital warfare than causing large-scale destruction within targeted Iranian nuclear facilities, a study shows.

“In an analysis released last week, Ralph Langner, head of The Langner Group and a renowned expert in industrial control systems (ICS), also refuted arguments that only a nation-state had the resources to launch a Stuxnet-like attack. Assailants with less ambition could take the lessons learned and apply them to civilian critical infrastructure, he said.”

This was an example of overreach and violation of the law, enabled of course by Microsoft and Windows. GNU/Linux does not sell its users down the river the way Windows does.

Sadly, firms like White Source make a comeback with their FUD and they single out FOSS for security issues (here is the press release). This is not acceptable because they totally ignore the much bigger threats, as above (where security issues are there by design).

The White House is at war against FOSS geeks and other phantom enemies [1,2], where the logic is something along the lines of, if we don’t control it (we as in the government), then it’s a threat to national security. While it seems clear that a brute force attack is the Achilles Heel of FOSS [3,4,5] and Google keeps improving security of FOSS projects like Android [6,7,8,9.10] and others [11,12], the logic followed by the likes of White Source and White House is that if something proprietary keeps its flaws (or back doors) secret, then it’s secure and we should not pay attention to real security. Again, this is simply not acceptable.

The head of the Linux Foundation recently said that FOSS is safer, and Linux is more secure than any other OS [13]. Mikko Hypponen seems to agree with him [14] and despite some new known flaws in Red Hat software [15,16] (transparency makes weaknesses visible) we should remember that lack of knowledge about something does not mean it’s not there. Just because we cannot easily see back doors in proprietary software doesn’t mean they’re not there (some groups of people know they’re there and they exploit them silently). If Europe is serious about cyber security [17], then it should dump all proprietary software (back doors-friendly software) as soon as possible. Given everything we now know about the NSA, ignorance and uncertainty are no longer an excuse. A Dutch source has just revealed that the NSA cracked 50,000 computer networks. The evidence is overwhelming. Stuxnet is peanuts next to that.

Related/contextual items from the news:

  1. How Antisec Died

    Depending on when one asked, Antisec was generally between 8-10 people, with a solid core of about six. Not all of them were comfortable with talking to me, and certain ones were designated to communicate with press. I was never entirely sure who was in or out at any particular time — it was a fluid group. I never knew all the nicks. I talked repeatedly with five of them, including Sabu.

  2. Bizarre Online Gambling Movie-Plot Threat

    This article argues that online gambling is a strategic national threat because terrorists could use it to launder money.

  3. Huge horde of droids whacks code box GitHub in password-guess attack
  4. GitHub resets user passwords following rash of account hijack attacks

    GitHub is experiencing an increase in user account hijackings that’s being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses.

  5. Google extends its proactive Patch Reward Program to include Android Open Source Project, Web servers, and more
  6. Google adds Android Open Source Project to Patch Rewards program
  7. Google expands Patch Rewards Program
  8. Google extends open source bug bounty programme to Android and Apache
  9. Android now part of Google’s Patch Reward Program
  10. Google adds Android and Apache to open source security rewards programme

    Google has extended its Patch Reward Program to include a raft of new platforms and technologies including its own Android system as it looks to improve the securiry of open source software.

    The firm announced an overhaul to its security patch policies last month, offering white hats up to $3,133 for fixes.

  11. Experts applaud Google completion of SSL certificate upgrade

    Step up to 2048-bit keys optimizes balance between protection of company services and maintaining performance

  12. Pinkie Pie and His Google Exploits: The Legend Grows

    Pinkie Pie returned in 2013 for the desktop Pwn2Own event operated by Hewlett-Packard’s Zero Day Initiative (ZDI), taking aim once again at Google. This time, it was Google’s Chrome browser running on Chrome OS. Pinkie Pie’s effort landed him another $40,000 in award money for the discovery and reporting of what turned out to be a trio of flaws, including one buried deep within the Linux kernel. Chrome OS is a Linux-based operating system that Google uses on its Chromebook notebooks.

    But wait. There is still more.

    Just this week in Japan at HP’s Mobile Pwn2Own event, the legend of Pinkie Pie grew as the My Little Pony-loving security researcher once again demonstrated previously unknown zero-day flaws in Google’s Chrome. Pinkie Pie was able to pwn Chrome on both a Nexus 4 as well as a Samsung Galaxy S 4 smartphone. This time, Pinkie Pie pocketed $50,000 for his efforts.

  13. Linux chief: ‘Open source is safer, and Linux is more secure than any other OS’ (exclusive)
  14. Mikko Hypponen: Open Source Software Will Make the World More Secure

    Open source software can be one answer to combating the global surveillance of innocent citizens, said security expert Mikko Hypponen in his keynote last week at LinuxCon and CloudOpen Europe in Edinburgh.

  15. Hackers actively exploiting JBoss vulnerability to compromise servers, researchers say

    Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner.

  16. Red Hat: 2013:1521-01: python-django: Moderate Advisory
  17. European businesses urged implement anti-cyber security systems

    The European Cyber Security Directive, which proposes that European businesses have a legal obligation to ensure they have suitable IT security mechanisms in place, is soon to be enforced in the UK.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 9/2/2016: Linux in Robotics, Hyperledger Project

    Links for the day



  2. Besieged Benoît Battistelli Mimics 'Damage Control' Tactics of FIFA or Blatter as More Judges Start Getting Involved in EPO Scandals

    Rumours and a new rant from Battistelli reinforce suspicions that actions are being organised behind the scenes, possibly as part of an upcoming, high-level campaign to unseat/dethrone Battistelli, who has become a reputational disaster to the European Patent Office (EPO), much like Sepp Blatter at FIFA



  3. Several Political Parties Directly Challenge the European Patent Office for Ignoring the Law, Not Obeying Court Orders

    Politicians make it crystal clear that the EPO, despite its unique status, cannot just raise its nose at the rulings of courts of law, definitely not in Dutch territory where the EPO operates



  4. Even the Legal Community is Upset at Benoît Battistelli for the Damage He Did to the EPO

    A recent article from lawyers' media (in German) speaks of the great damage (or mess) left by its current president, who has become somewhat of a laughing stock and growingly synonymous with farcical trials even in the circles of stakeholders, not just his own staff



  5. EPO Union (SUEPO) Getting Busted: “More and More People are Joining the Union, but Fewer and Fewer People Dare to Take on Leading Positions There.”

    The union-busting actions taken by EPO management in collaboration with Control Risks (for weak accusations against staff representatives) and FTI Consulting (for 'damage control') as described in a recent article, in the words of SUEPO lawyer Liesbeth Zegveld



  6. Microsoft's Copyrights- and Patents-Based Attacks on GNU/Linux Carry on

    The SCO case is still going on and Microsoft has just signed a patent deal with GoPro over its FOSS-based software, relating to “certain file storage and other system technologies”



  7. The EPO's Benoît Battistelli is the Dictator Who Can No Longer Dictate Like He Used to

    The European Patent Office's mechanism of oversight is starting to work just a little because, based on a new report from Juve, Battistelli is now reluctant to make proposals that would prove unpopular among delegates



  8. La Más Detallada Explicación (hasta ahora) de ¿Qué esta mal con la OEP?

    La insistencia de la OEP que permanece arriba de la ley no sólo est bajo fuego en los medios pero también esta siendo desafiada basado en personas familiares con la aplicabilidad de la ley a organizaciones internacionales.



  9. Links 8/2/2016: Vista 10 Nags Help GNU/Linux, Nautilus Updated

    Links for the day



  10. The European Patent Office “is Acting as Though the Law Does Not Apply to It.”

    An article from Nieuwsuur which provides the words of Liesbeth Zegveld (for SUEPO) and Guillaume Minnoye (for the European Patent Office), reaffirming the EPO's bizarre notion that it is above the law, even in the face of human rights violations and a court ruling against the EPO



  11. Microsoft-Connected FRAND Lobbying (Software Patents Against Free/Open Source Software) in Brussels

    Anti-Free/Open Source software (FOSS) talking points and FRAND (anti-FOSS) lobbying groups in Brussels as seen by proponents of FRAND, who also worked for Microsoft



  12. Latest Propaganda From the EPO's Management an Effort to Make the EPO the Tool of Megacorporations

    A quick roundup of some of the latest spin and paid-for (bought) coverage that helps introduce a distorted patent system whose beneficiaries are not European (or even people)



  13. 'Aversion to Change' Propaganda From the EPO Echoes or Parrots Lenin and Stalin

    The out-of-control EPO management is trying to fool the media by blaming staff representatives for getting fired, simply because they stood up to a highly abusive and megalomaniacal dictator



  14. The Gates Foundation Subjected to Criticism, But Over a Decade Too Late

    Reckoning and accepting the fact that even some in the media now openly speak about Bill Gates' corrupting influence in everything, including politics



  15. Links 8/2/2016: Zenwalk 8.0 Beta 2, Q4OS 1.4.7

    Links for the day



  16. SIPO (China's Patent Office) Taken Over by Patent Maximalists

    A look at China's race to the bottom (decline in quality) when it comes to patents, assuming quite wrongly that quantity is more important than quality and severe penalties for perceived infringement will spur innovation



  17. The Alice Case Continues to Smash Software Patents (This Time OpenTV's); Will the EPO Ever Pay Attention?

    The potency or the grip of software patents in the United States is quickly eroding, but the EPO continues to act as though software patents are legitimate



  18. EPO Staff Responds to Team Battistelli's Expansion to Include French Economic Propagandist on the Payroll

    With strings attached (like string puppets of Battistelli in various units including the Investigative Unit), can the new Chief Economist, who is French and paid by Battistelli, ever be trusted?



  19. UPC: To Understand Who Would Benefit From It Just Look at Who's Promoting It (Like TPP)

    The UPC, which is designed to aid patent trolls and aggressors (and their lawyers), is still being advanced by the EPO and some misinformed (but loyal to these former groups) politicians



  20. Trolls Molestos: Rovi (del famoso Angry Birds) Ayuda al Más Largo Troll de Patentes de Microsoft Intellectual Ventures (Corregido)

    Alguna vez conocido como hacedor de juegos y más tarde como vigilancia en masa en jugadores, Rovi ahora se ESTA ALIANDO CON EL MÁS GRANDE TROLL DE PATENTES



  21. Estadísticas de Invalidación de Patentes y Costos de Litigación de Patentes (incluso si son falsas) Muestran que la Esfera de Patentes y los Estándares de Examinación son un Probleman, No Sólo en Los Estados Unidos

    Demasiadas falsas patentes que no deberían haber sido otorgadas en primer lugar y fraudulentes jucios de patentes que terminan en favor del acusado sirve para mostrar el costo externo (o externalidad) cuando set trata de un bajisímo sistema de patentes que se esfuerza en otorgar muchas patentes irrespectivamente de su mérito.



  22. The 'Offenses' of EPO Staff Representatives Boil Down to Truth-Telling

    Dutch television examined the documents of the mock 'trials' against SUEPO leaders and concluded that whistle-blowing (i.e. exposing abuses by EPO management), not misconduct, is the reason for overzealous dismissals



  23. Rumours About Dismissal of Benoît Battistelli and New Letter From Union Syndicale Federale Blasting Battistelli's Behaviour

    hings have been heating up since the dismissal of staff representatives at the European Patent Office (EPO) and some even spread rumours about withdrawal/dismissal of the EPO's President



  24. VirnetX Case Against Apple Shows Not the Problem With Patent Trolls But With Software Patents

    What the media really ought to be talking about after the high-profile VirnetX case, rather than obsess about the status of Apple or patent trolls in the Eastern District of Texas



  25. Diápositivas de Nueva Charla Explican la Connección Entre la Corte De Patentes Unitarias (UPC) y Patentes de Software

    Benjamín Henrion habló el pasado Domingo acerca de las patentes de software europeas -una presentación que habla de la Corte Unitaria de Patentes, por la que la OEP aboga sin cesar y que es lo que significa para las patentes de software.



  26. Las Políticas de Microsoft Alienan Incluso a los Hinchas Más Acérrimos de Microsoft, Incluyendo Pro-Microsoft Web Sites

    El agresivo comportamiento de Microsoft y su BAJA CALIDAD DE PRODUCTOS dejan algunos de sus últimos restos de ´hinchas´ descorazonados y molestos.



  27. Links 6/2/2016: CoreOS Rocket 1.0, Scientific Linux 7.2

    Links for the day



  28. Maybe It's Time for Class Action Lawsuits Against Microsoft for Forced Vista 10 'Upgrades', Which Were Definitely No Accident

    The sheer arrogance of Microsoft, which silently changes the operating system on people's computers (without their consent), makes lawsuits imperative, not just a possibility



  29. Readers' Article: A Strange Conspiracy of Silence in the German Media (Part II)

    Željko Topić's allegedly dark background, which includes a suicide, a retreat of potential witnesses, German funds in Topić's private bank account and several more interesting bits



  30. Links 5/2/2016: Wine 1.9.3, Slackware 14.2 Beta 2

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts