EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.22.13

More Details Revealed About How the NSA Infiltrates Windows and Other Proprietary Software, Governments Should Now Ban Microsoft

Posted in Europe, Microsoft, Security, Windows at 2:46 pm by Dr. Roy Schestowitz

RSA Conference

Summary: RSA is the latest (known) entity to have received bribes from the NSA in exchange for back doors; Germany may move towards banning software from companies that share data with the NSA

A COUPLE of nights ago Reuters published an explosive report about RSA, basically showing that Windows does not have back doors, it is a back door and so is a lot of the software that’s proprietary. Free/libre software does not suffer from the trap [1]. This is a serious wakeup call to any government that still relies on proprietary software and US companies that collect data.

Munich moved to GNU/Linux owing to political determination to do so [2], but what about other cities? Their politicians are in serious trouble and a constant threat of espionage.

“This is a serious wakeup call to any government that still relies on proprietary software and US companies that collect data.”As the Reuters report revealed [3] (and there was a lot of journalism linking to it [4,5]), “RSA Weakened Encryption For $10M From NSA,” to quote Slashdot, which consequently also published the item “Microsoft Security Essentials Misses 39% of Malware” (especially NSA malware that enables system compromise). Remember that Windows XP will soon receive no patches, so not just the NSA will get easy access through back doors. IDG’s advice on this matter is misguided as it basically offers continued use of Windows XP rather than runaway to a secure platform like GNU/Linux. As the author put it, “Microsoft’s support for Windows XP ends in less than four months, and the company has warned users repeatedly that it’s time to move on. But a lot of them are sticking with the aged OS. And for Microsoft, that’s a problem.”

Security is not really a problem here because there was never really any security to begin with. As we showed in our articles about the NSA, Windows is just a Trojan horse. It is obviously not secure and the only variable is, how many people can seize control of it?

The latest news makes almost all proprietary software suspect, even fake ‘open source’ like TrueCrypt (it is proprietary). As one tweet put it, “Check all on this list who use Dual_EC_DRBG as possible recipients of NSA bribes [...] Note Blackberry, Cisco, Juniper [...] Blast from the past: Call tracking Dual_EC_DRBG “Bribe Finder”: Any use by default post 2007 required either an implicit or explicit bribe.”

This is another good reason to avoid all proprietary software, including widely-used GNU/Linux programs like Skype. One tweet said that “Dual EC_DRBG was suspiciously absent from Wednesday’s report by President Obama’s NSA advisory panel.”

Going back to Microsoft’s flawed detection of malware, MinceR wrote that “their alleged “anti-malware” efforts started with stopping detecting claria as malware just as they were about to buy it, so i don’t know why anyone trusts them with such … [it] manages to out-sleaze even the other “antivirus” companies.”

” With Microsoft, NSA gets video/audio surveillance, not just through Skype but also through people’s webcams on computers that have Windows installed (and are idle).”Sosumi said that “they don’t detect NSA backdoors as malware, so why trust them?”

Nobody can trust Microsoft. The above report says that “latest tests from Dennis Publishing’s security labs saw Microsoft Security Essentials fail to detect 39% of the real-world malware thrown at it.”

It’s not just a case of access to one’s files by the way. See the new post titled “Windows users: Your webcam lights aren’t safe from the FBI either” (we wrote about CIPAV almost 5 years ago).

“In recent news,” says the post, “it was revealed the FBI has a “virus” that will record a suspect through the webcam secretly, without turning on the LED light. Some researchers showed this working on an older Macbook. In this post, we do it on Windows.”

“The more you know about how the NSA gets along with RSA & Microsoft,” writes one Twitter user, “the more perspective you have on their handling of Lavabit.” With Microsoft, NSA gets video/audio surveillance, not just through Skype but also through people’s webcams on computers that have Windows installed (and are idle). This is a good enough reason to immediately abandon Microsoft and some politicians in Germany already think about moving in this direction. See [6,7] below for details of the latest news and pay attention to the explosive new article “Snowden ally Appelbaum claims his Berlin apartment was invaded” [8]; clearly it’s not about terrorism but about cracking down on activists [9].

Following the revelations above there is some new effort [10] — including from GNU/Linux developers [11] — to sack with prejudice potential NSA moles.

Related/contextual items from the news:

  1. Worried OpenSSL uses NSA-tainted crypto? This BUG has got your back

    As fears grow that US and UK spies have deliberately hamstrung key components in today’s encryption systems, users of OpenSSL can certainly relax about one thing.

    It has been revealed that the cryptography toolkit – used by reams of software from web browsers for HTTPS to SSH for secure terminals – is not using the discredited random number generator Dual EC DRBG.

    And that’s due to a bug that’s now firmly a WONTFIX.

    A coding flaw uncovered in the library prevents “all use” of the dual elliptic curve (Dual EC) deterministic random bit generator (DRBG) algorithm, a cryptographically weak algorithm championed by none other than the NSA.

    No other DRBGs used by OpenSSL are affected, we’re told.

  2. Moving a city to Linux needs political backing, says Munich project leader

    This year saw the completion of the city of Munich’s switch to Linux, a move that began about ten years ago. “One of the biggest lessons learned was that you can’t do such a project without continued political backing,” said Peter Hofmann, the leader of the LiMux project, summing up the experience.

    The Munich city authority migrated around 14,800 of the 15,000 or so PCs on its network to LiMux, its own Linux distribution based on Ubuntu, exceeding its initial goal of migrating 12,000 desktops.

  3. Exclusive: Secret contract tied NSA and security industry pioneer

    As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

  4. NSA Gave RSA $10 Million To Promote Crypto It Had Purposely Weakened

    Earlier this year, the Snowden leaks revealed how the NSA was effectively infiltrating crypto standards efforts to take control of them and make sure that backdoors or other weaknesses were installed. Many in the crypto community reacted angrily to this, and began to rethink how they interact with the feds. However, Reuters has just dropped a bombshell into all of this, as it has revealed that not only did the NSA purposefully weaken crypto, it then paid famed crypto provider RSA $10 million to push the weakened crypto, making it a de facto standard.

  5. How much did NSA pay to put a backdoor in RSA crypto? Try $10m – report

    Latest Snowden claims: Flawed encryption tech switched on by default in exchange for cash

  6. Germany should ban U.S. contracting companies passing data to NSA – report

    U.S. contracting companies such as Cisco, which manages much of the German armed forces’ data, should be contractually barred from passing sensitive information to the U.S. security services, a spokesman for Chancellor Angela Merkel’s conservatives was quoted saying.

  7. German government buildings and charities were targets of GCHQ and NSA, says Edward Snowden

    Humanitarian organisations and German government buildings are among the targets of UK and US surveillance agencies, documents leaked by Edward Snowden are said to show.

    The latest disclosures from the Snowden archive also highlight the key role in national security played by the small Cornish holiday resort town of Bude.

    A government listening facility on the Cornish coast had a unit that was used to analyse samples of electronic date to assess whether surveillance targets were worth the effort of listening in on their communications more frequently.

    A significant amount of the Bude listening post’s funding comes from the National Security Agency (NSA), the US surveillance body, because of shared operational projects.

  8. Snowden ally Appelbaum claims his Berlin apartment was invaded

    Jacob Appelbaum, a US Internet activist and one of the people with access to Edward Snowden’s documents, has told a Berlin paper that his apartment was broken into, saying he suspected US involvement.

  9. The Real Purpose of Oakland’s Surveillance Center

    City leaders have argued that Oakland needs a massive surveillance system to combat violent crime, but internal documents reveal that city staffers are also focused on tracking political protesters.

  10. Critics: NSA agent co-chairing key crypto standards body should be removed (updated)

    Security experts are calling for the removal of a National Security Agency employee who co-chairs an influential cryptography panel, which advises a host of groups that forge widely used standards for the Internet Engineering Task Force (IETF).

    Kevin Igoe, who in a 2011 e-mail announcing his appointment was listed as a senior cryptographer with the NSA’s Commercial Solutions Center, is one of two co-chairs of the IETF’s Crypto Forum Research Group (CFRG). The CFRG provides cryptographic guidance to IETF working groups that develop standards for a variety of crucial technologies that run and help secure the Internet. The transport layer security (TLS) protocol that underpins Web encryption and standards for secure shell connections used to securely access servers are two examples. Igoe has been CFRG co-chair for about two years, along with David A. McGrew of Cisco Systems.

  11. Kevin M. Igoe should step down from CFRG Co-chair

    I’ve said recently that pervasive surveillance is wrong. I don’t think anyone from the NSA should have a leadership position in the development or deployment of Internet communications, because their interests are at odds with the interest of the rest of the Internet. But someone at the NSA is in exactly such a position. They ought to step down.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Only Two Weeks on the Job, Judge Patrick Corcoran is Already Being Threatened by EPO Management

    The attack on a technical judge who is accused of relaying information many people had already relayed anyway (it was gossip at the whole Organisation for years) carries on as he is again being pushed around, just as many people predicted



  2. EPO Board of Appeal Has an Opportunity to Stop Controversial Patents on Life

    Patent maximalism at the EPO can be pushed aback slightly if the European appeal board decides to curtail CRISPR patents in a matter of days



  3. Links 16/1/2018: More on Barcelona, OSI at 20

    Links for the day



  4. 2018 Will be an Even Worse Year for Software Patents Because the US Supreme Court Shields Alice

    The latest picks (reviewed cases) of the Supreme Court of the United States signal another year with little or no hope for the software patents lobby; PTAB too is expected to endure after a record-breaking year, in which it invalidated a lot of software patents that had been erroneously granted



  5. Patent Trolls (Euphemised as “Public IP Companies”) Are Dying in the United States, But the Trouble Isn't Over

    The demise of various types of patent trolls, including publicly-traded trolls, is good news; but we take stock of the latest developments in order to better assess the remaining threat



  6. EPO Management and Team UPC Carry on Lying About Unified Patent Court, Sinking to New Lows in the Process

    At a loss for words over the loss of the Unitary Patent, Team UPC and Team Battistelli now blatantly lie and even get together with professional liars such as Watchtroll



  7. China Tightens Its Knot of Restrictive Rules and Patents

    Overzealous patent aggressors and patent trolls in China, in addition to an explosion in low-quality patents, may simply discourage companies from doing production/manufacturing there



  8. Microsoft's Patent Racket Has Just Been Broadened to Threaten GNU/Linux Users Who Don't Pay Microsoft 'Rents'

    Microsoft revisits its aggressive patent strategy which it failed to properly implement 12 years ago with Novell; it wants to 'collect' a patent tax on GNU/Linux and it uses patent trolls to make that easier



  9. EPO Scandals Played a Considerable Role in Sinking the Unified Patent Court (UPC)

    Today's press coverage about the UPC reinforces the idea that the EPO saga, culminating in despicable attacks on Patrick Corcoran (a judge), may doom the UPC once and for all (unless one believes Team UPC)



  10. J Nicholas Gross Thinks Professors Stop Being Professors If They're Not Patent Extremists Like Him

    The below-the-belt tactics of patent trolls and their allies show no signs of abatement and their tone reveals growing irritation and frustration (inability to sue and extort companies as easily as they used to)



  11. The US Supreme Court Has Just Denied Another Chance to Deal With a Case Similar to Alice (Potentially Impacting § 101)

    There is no sign that software patents will be rendered worthwhile any time in the near future, but proponents of software patents don't give up



  12. Litigation Roundup: Nintendo, TiVo, Apple, Samsung, Huawei, Philips, UMC

    The latest high-profile legal battles, spanning a growing number of nations and increasingly representing a political shift as well



  13. Roundup of Patent News From Canada, South America and Australia

    A few bits and pieces of news from around the world, serving to highlight patent trends in parts of the world where the patent offices haven't much international clout/impact



  14. Links 15/1/2018: Linux 4.15 RC8, Wine 3.0 RC6

    Links for the day



  15. PTAB is Being Demeaned, But Only by the Very Entities One Ought to Expect (Because They Hate Patent Justice/Quality)

    The latest rants/scorn against PTAB -- leaning on cases such as Wi-Fi One v Broadcom or entities like Saint Regis Mohawk Tribe, Apple etc. -- are all coming from firms and people who profit from low-quality patents



  16. If Ericsson and Its Patent Trolls (Like Avanci and Unwired Planet) Cannot Make It, the Patent Microcosm Will Perish

    The demise of patent-asserting/patent assertion business models (trolling or enforcement by proxy) may see front groups/media supportive of it diminishing as well; this appears to be happening already



  17. European Patent Office Causes Physical Harm to Employees, Then Fires Them

    Another one (among many) EPO documents about the alarming physical wellbeing of EPO employees and the management’s attitude towards the issue



  18. Battistelli Was Always (Right From the Start and Since Candidacy) All About Money

    “I have always admired creative people, inventors, those who, through their passion and their work, bring about scientific progress or artistic evolution. I was not blessed with such talent myself,” explained the EPO‘s President when pursuing his current job (for which he was barely qualified and probably not eligible because of his political work)



  19. “Under the Intergovernmental EPC System It is Difficult to Speak of a Functional Separation of Powers”

    An illustration of the glaring deficiency that now prevails and cannot be tolerated as long as the goal is to ensure democratic functionality; absence of the role of Separation of Powers (or Rule of Law) at the EPO is evident now that Battistelli not only controls the Council (using EPO budget) but also blatantly attacks the independence of the Boards of Appeal



  20. The Patent Microcosm Thinks It's Wonderful That IP3 is Selling Stupid Patents, Ignores Far More Important News

    IP3, which we've always considered to be nothing but a parasite, does what it does best and those who love stupid patents consider it to be some sort of victory



  21. Automotives, Artificial Intelligence, Internet of Things and Industry 4.0 Among the Buzz Terms Used to Bypass Alice and the EPC Nowadays

    In order to make prior art search a lot harder and in order to make software patents look legitimate (even in various courtrooms) the patent microcosm and greedy patent offices embrace buzzwords



  22. Blockchain Becomes the Target Not Only of Financial Institutions With Software Patents But Also Trolls

    Blockchain software, which is growing in importance and has become ubiquitous in various domains other than finance, is perceived as an opportunity for disruption and also patent litigation; CNBC continues to publish puff pieces for Erich Spangenberg (amid stockpiling of such patents)



  23. EPC Foresaw the Administrative Council Overseeing the Patent Office, Jesper Kongstad Made It “Working Together”

    An old open letter from the EPO shows the famous moment when Jesper Kongstad and Battistelli came up with a plan to empower both, rendering the Administrative Council almost subservient to the Office (complete inversion of the desired topology)



  24. 2010: Blaming the Messenger (SUEPO) for Staff Unhappiness at the European Patent Office (EPO)

    Tactics of SUEPO (EPO union) blaming go further back than Battistelli and can be found in the previous administration as well



  25. 2010: Deterioration of Working Conditions (e.g. Office Space) for EPO Staff

    Old EPO proposals which suggested the reduction of office space for EPO staff (among other things) — something which later happened to DG3, following the ‘exile’ to Haar



  26. Budget at the EPO Decided Before Consultation

    An old consultation meeting (GAC) at the EPO coincided with a meeting (MAC) which is perceived as ignoring the actual consultation — something which clearly should not be happening



  27. Less Than Half a Year in the Job, Battistelli Already Disobeys/Disregards Rulings From ILO's Tribunal

    As EPO President, Battistelli shows poor comprehension or lack of respect for the rule of law just months after taking the job



  28. Only Half a Year in the Job, Battistelli Breaks EPO Nomination Rules

    oing back to the dawn of the Battistelli era, irregularities appear very early on



  29. Patent Troll Finjan Manages to Defend a Patent (on Appeal) and the Trolls' Lobby is Loving It

    Blue Coat (now owned by Symantec) has attempted — and failed — to invalidate all of Finjan’s patents using Section 101/Alice; those who are in the business of trolling view that as particularly good news because the judgment came from Timothy Dyk and Todd Hughes (much younger and appointed a few years ago)



  30. Top Rank at USPTO Goes to the Biggest Patent Bully, IBM

    With 2017 figures coming to light (and to the mainstream/corporate media), we scrutinise what has received the most attention and why it's detrimental to the reputation of the US patent system


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts