EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.18.14

Links 18/4/2014: New KDE, Kubuntu, and More

Posted in News Roundup at 5:16 pm by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

Free Software/Open Source

Leftovers

  • Security

  • Defence/Police/Secrecy/Aggression

    • Amnesty Responds to Comments on CIA torture by Dr James Mitchell
    • John Pilger: Obama’s coup in Ukraine has ignited a civil war and lured Putin into a trap

      Since the collapse of the Soviet Union, the US has ringed Russia with military bases, nuclear warplanes and missiles as part of its Nato enlargement project. Reneging on the Reagan administration’s promise to the Soviet president Mikhail Gorbachev in 1990 that Nato would not expand “one inch to the east”, Nato has all but taken over eastern Europe. In the former Soviet caucuses, Nato’s military build-up is the most extensive since the second world war.

    • Why Allende had to die

      The truck owners’ strike was the final blow. Because of the wild geography of the country, the Chilean economy is at the mercy of its transport. To paralyse trucking is to paralyse the country. It was easy for the opposition to co-ordinate the strike, for the truckers’ guild was one of the groups most affected by the scarcity of replacement parts and, in addition, it found itself threatened by the government’s small pilot programme for providing adequate state trucking services in the extreme south of the nation. The stoppage lasted until the very end without a single moment of relief because it was financed with cash from outside. “The CIA flooded the country with dollars to support the strike by the bosses and . . . foreign capital found its way down into the formation of a black market,” Pablo Neruda wrote to a friend in Europe. One week before the coup, oil, milk and bread had run out.

    • In War, Truth Is the First Casualty

      Thank God we live in America, where this kind of thing doesn’t happen.

    • Greece’s Golden Dawn party describes Hitler as ‘great personality’
    • The criminalisation of anti-fascist protest

      Tomorrow, 14 April, the Metropolitan police and CPS will prosecute five anti-fascists arrested on 1 June 2013 while trying to stop the British National party from marching on the Cenotaph. Police decided the anti-fascist protest was a “threat to public safety” and imposed a dispersal order under section 12 of the Public Order Act 1986; 59 people were arrested. A few months later 286 protesters against the English Defence League, which had declared its intention to march on a park named after Altab Ali, who was murdered in a racist attack, were arrested in Tower Hamlets.

  • Environment/Energy/Wildlife

  • Finance

    • Seattle’s Elite Begin Their Counter Attack

      Seattle’s corporations were blindsided, it all happened so fast. Socialist candidate Kshama Sawant’s successful City Council campaign tore through Seattle politics like a tornado, leaving the 1% devastated, unable to cope with a storm they didn’t see coming. The Seattle elite had no way to counter her arguments, silence her supporters, or keep her from gathering a tidal wave of support for the $15 campaign. The establishment was paralyzed, powerless.

    • Caring too much. That’s the curse of the working classes

      “What I can’t understand is, why aren’t people rioting in the streets?” I hear this, now and then, from people of wealthy and powerful backgrounds. There is a kind of incredulity. “After all,” the subtext seems to read, “we scream bloody murder when anyone so much as threatens our tax shelters; if someone were to go after my access to food or shelter, I’d sure as hell be burning banks and storming parliament. What’s wrong with these people?”

      It’s a good question. One would think a government that has inflicted such suffering on those with the least resources to resist, without even turning the economy around, would have been at risk of political suicide. Instead, the basic logic of austerity has been accepted by almost everyone. Why? Why do politicians promising continued suffering win any working-class acquiescence, let alone support, at all?

      I think the very incredulity with which I began provides a partial answer. Working-class people may be, as we’re ceaselessly reminded, less meticulous about matters of law and propriety than their “betters”, but they’re also much less self-obsessed. They care more about their friends, families and communities. In aggregate, at least, they’re just fundamentally nicer.

    • Matt Taibbi: America Has A ‘Profound Hatred Of The Weak And The Poor’

      Living in America has taught Matt Taibbi that we as a society have “a profound hatred of the weak and the poor.”

      That’s one claim the former Rolling Stone writer makes in his new book, “The Divide: American Injustice in the Age of the Wealth Gap.” Taibbi defended this statement in a HuffPost Live interview on Tuesday.

    • Happy Tax Day, and Why the Top 1% Pay a Much Lower Tax Rate Than You

      It’s tax time again, April 15, when our minds turn toward paying the taxes we owe or possibly getting a tax refund. But what we don’t think about enough is whether our tax system is fair. The richest 1 percent of Americans are now getting the largest percent of total national income in almost a century. So you might think they’d pay a much higher tax rate than everyone else.

    • New study finds US to be ruled by oligarchic elite

      Political scientists show that average American has “near-zero” influence on policy outcomes, but their groundbreaking study is not without problems.

      It’s not every day that an academic article in the arcane world of American political science makes headlines around the world, but then again, these aren’t normal days either. On Wednesday, various mainstream media outlets — including even the conservative British daily The Telegraph — ran a series of articles with essentially the same title: “Study finds that US is an oligarchy.” Or, as the Washington Post summed up: “Rich people rule!” The paper, according to the review in the Post, “should reshape how we think about American democracy.”

    • PR/AstroTurf/Lobbying

      • The Corruption of Mainstream Media

        America’s mainstream media still pretends it is the custodian of “serious journalism,” but that claim continues to erode as the corporate press shies away from its duty to challenge propaganda emanating from various parts of the U.S. government, as Danny Schechter describes.

    • Censorship

      • Censorship on the rise: CPJ

        According to the New York-based Committee to Protect Journalists (CPJ), the latest report documents 52 instances of censorship during the first three months of 2014 compared with 45 during the same period last year. The most notable example is the abrupt blackout of a live telecast on the final moments of parliamentary deliberations and voting on a controversial bill to create the new state of Telangana. While the government claims the blackout was due to a technical glitch, the opposition Bharatiya Janata Party (BJP) insists it was a tactical move by the ruling Congress party to ram through the vote to shore up support during an election in which its prospects look grim. Other parties also slammed the blackout as “undemocratic.”

      • Oliver Stone: China’s film-makers need to confront country’s past

        Hollywood’s habit of allowing Chinese censors to cut offending material from blockbuster movies has led to accusations of artistic surrender from some critics. But at least one US film-maker has clearly not been reading the script: Oliver Stone has told an audience in Beijing that the world’s most populous nation desperately needs to confront its past on the big screen if its burgeoning film industry is to be taken seriously.

      • Weibo Warns Censorship Could Hit Future Earnings
      • Turkey to censor tweets with ‘malicious’ content

        Twitter might not be banned in Turkey anymore, but the country’s government isn’t quite done putting it through the censorship wringer yet. In fact, Turkish Communications Minister Lütfi Elvan just released a written statement that says: “We [Twitter and Turkey] have reached a consensus to ‘neutralize’ malicious content that is the object of court decisions by pixelating.” He didn’t expound on what he means by “pixelating,” but it’s typically associated with the mosaic-like classic approach to censorship. If Turkish authorities can indeed blur out tweets, then this saga might have taken an even crazier turn. Since that’s bordering on the absurd, though, it’s possible that “pixelating” might have just been the term Lütfi used for Twitter’s Country Withheld Tool, which the website uses to hide tweets and accounts from a whole nation.

    • Privacy

    • Civil Rights

      • Answers and Questions About Military, Law Enforcement and Intelligence Agency Chatbots

        Sgt. Star is the U.S. Army’s dedicated marketing and recruitment chatbot, and he isn’t going to turn whistleblower any time soon. There’s no use threatening him for answers either—he’s programmed to report that kind of hostility to the Army Criminal Investigation Division.

      • Army comes clean about its recruitment AI, accidentally discloses info about pedophile- and terrorist-catching chatbots that roam the net

        Dave from the Electronic Frontier Foundation writes, “Not too long ago, Boing Boing covered EFF’s (at the time) unsuccessful attempt to retreive records about Sgt. Star (the Army’s recruiter-bot) using the Freedom of Information Act. We’ve now received the files and compiled our research: It turns out Sgt. Star isn’t the only government chatbot — the FBI and CIA had them first.

      • US Has A ‘Secret Exception’ To Reasonable Suspicion For Putting People On The No Fly List

        Over the past few months, we covered the bizarre trial concerning Rahinah Ibrahim and her attempt to get off the no fly list. In January, there was an indication that the court had ordered her removed from the list, but without details. In February, a redacted version of the ruling revealed that the whole mess was because an FBI agent read the instructions wrong on a form and accidentally placed her on the no fly list, though we noted that some of the redactions were quite odd.

      • Outside counsel to probe FBI’s action in Guantánamo 9/11 case

        A four-day hearing meant to edge legal arguments closer to an actual 9/11 trial ended in uncertainty Thursday as the war crimes prosecutor named a special outside counsel to probe for possible FBI spying on defense lawyers.

      • Iranian woman pardons son’s killer — after slapping him at the gallows — moments before his scheduled execution

        But at the last minute, Hosseinzadeh’s mother, Samereh Alinejad, forgave him, after giving a speech to the crowd and then slapping Bilal in the face. Hosseinzadeh’s father helped take the noose off of Bilal, whose weeping mother hugged Alinejad in thanks, as seen in the photos.

      • Arundhati Roy: Another World Is Not Only Possible, She Is on Her Way

        Speech to the People’s University of the Occupy Movement

        Yesterday morning the police cleared Zuccotti Park, but today the people are back. The police should know that this protest is not a battle for territory. We’re not fighting for the right to occupy a park here or there. We are fighting for Justice. Justice, not just for the people of the United States, but for everybody. What you have achieved since September 17, when the Occupy Movement began in the United States, is to introduce a new imagination, a new political language, into the heart of Empire. You have reintroduced the right to dream into a system that tried to turn everybody into zombies mesmerized into equating mindless consumerism with happiness and fulfillment. As a writer, let me tell you, this is an immense achievement. I cannot thank you enough.

      • Bay Area transit police conduct militarized training exercises with TSA

        Among the problems that got us here is that the federal government asserts we have no Fourth Amendment rights at the border, and claims that the border extends a full 100 miles inside the country. That extremely broad definition of “the border” means two-thirds of Americans live in the Constitution Free Zone. To give you a sense of the magnitude of this assertion, consider that both the Bay Area and the entire state of Massachusetts fall within this 100-mile rights-swallowing vortex.

    • DRM

      • Kill-switch coming to smartphones

        CTIA and participating wireless companies today announced the “Smartphone Anti-Theft Voluntary Commitment,” which is the most recent effort by the industry to deter smartphone thefts in the U.S. The safety and security of wireless users remain the wireless industry’s top priority, and is why this commitment will continue to protect consumers while recognizing the companies’ need to retain flexibility so they may constantly innovate, which is key to stopping smartphone theft.

    • Intellectual Monopolies

      • Grand majority of Parliament votes in favour of a regulation on investor-state lawsuits – Greens sharply criticise the result

        Investor-state dispute settlement (ISDS) has come into the focus of critics since the start of negotiations on a free trade agreement with the US (TTIP). ISDS means that foreign investors can sue the states hosting their investments in front of international courts when they see their rights and profit expectations violated. Often it is environmental or social legislation of a state which investors claim to be in violation of their investment expectations. Currently, for example, Vattenfall is suing the German federal government for 3 billion euros because of the German nuclear phase-out. Since Lisbon, the EU has gained the competence on investment policy, and thus also on ISDS policy. This Regulation establishes rules on whether EU or Member States act as a defendant in ISDS proceedings and who pays in the case of successful investor claims.

      • Copyrights

Some Perspective on Heartbleed®

Posted in GNU/Linux, Microsoft, Security at 8:12 am by Dr. Roy Schestowitz

Looking through the tube

Summary: Our views on the whole Heartbleed® bonanza, which seems like partly a PR stunt (for multiple stakeholders)

A LOT has been said about Heartbleed® since the firm of Microsoft's 'former' security chief (who had worked with the FBI, the NSA’s more evil twin) irresponsibly 'leaked' the flaw, and did so at the very same moment that Windows XP users rushed to GNU/Linux for security reasons. I know of such users (even corporations I deal with) and I saw their reaction to this unforeseen ‘leak’. Funny timing.

In this post we outline some key facts (carefully and patiently studied over the past 10 days). As my doctoral degree is not far from cryptography and I have consulted people who do security for a living, I can assure readers that we do grasp the technical details, unlike many so-called ‘journalists’ with degrees in English or history. We are not going to delve into less plausible theories like a connection between the flaw and the NSA although there are circumstantial connections, an NSA program specifically designated to this (NSA operation ORCHESTRA), and we already know that Red Hat relays non-SELinux code directly from the NSA to Torvalds, as we covered earlier this year (meaning that only a developer in the middle knows where the code originally came from). In this particular post we are going to focus on other important points that ought to be made now that Heartbleed® is mostly out of the headlines and little new information will come out during Easter. This post is based on assessment of about 100 reports and subsequent research lasting many hours.

A little and slightly old tidbit shared with us by iophk (a network security professional) said that even the NSA and its circles are negatively affected by Heartbleed®. This article states: “”I am waiting for a patch,” said Jeff Moss, a security adviser to the U.S. Department of Homeland Security and founder of the Def Con hacking conference.”

There are reasons to believe that the NSA was not aware of this flaw or had not exploited it. For instance, the government’s demands from Lavabit may suggest that OpenSSL back doors were not known at that time (2013). Also, reading all about the personal background of the man behind the bug, it’s nearly impossible to find any connection to the NSA and its ilk. The guy is German, but another German Danish developer (Poul-Henning Kamp, a FreeBSD and Varnish developer) spoke only some months ago about a US program of introducing bugs into FOSS (see “NSA operation ORCHESTRA” above).

iophk responds to the article about firewalls woes by asking: “Why the hell is he not running one based on Linux or BSD? Something’s not right. Proprietary “solutions” have no place in infrastructure for just these kinds of reasons.”

Well, with Windows, for example, the NSA perhaps assumes a monopoly on back doors. It’s a form of total control.

The BSD community, which is also behind OpenSSH, has begun doing some commendable things [1,2] short of throwing away OpenSSL [3]. There is a new release of GnuTLS [4], for example, but we cannot be 100% certain that GnuTLS is immune to “bug doors”, as Julian Assange recently called them. “GnuTLS was immune to the OpenSSL bug,” writes iophk, “but in regards to the latter was ‘responsible disclosure’ followed? I got the feeling that it wasn’t and that the web site was set up and publicized before even the OpenSSL team was informed. Where can I find a detailed timeline of events?”

Well, a deceiving timeline was later published by the Australian press. Security gurus have widely chastised this form of ‘responsible’ disclosure of Heartbleed®; even the project site of OpenSSL hadn’t been patched before the disclosure. The same goes for the FBI, which again helps validate claims that the government was not fully aware of the issue.

OpenSSL was having limited resources and some articles covered it [5-7]. Regardless, it’s now claimed NSA knew about the bug for 2 years and we should always remember that Microsoft’s Howard Schmidt was connected to FBI before his firm published Heartbleed® for fame, fun, and profit. It’s not just Microsoft that makes his motives a tad suspicious. The whole Heartbleed® thing “has a very media friendly name and a cute logo,” as a British FOSS professional put it. It’s like a branding exercise. Also see this post titled “What Heartbleed Can Teach The OSS Community About Marketing”. “Ties in a bit with what you’ve posted,” iophk told me after I had noted the marketing angle.

As a recap, Heartbleed® was pretty much branded and released like a product by a firm headed by a Microsoft (and FBI) veteran. This firm also works with Microsoft, so the disclosure on Windows XP’s EOL date is too hard to ignore, If this was already known about by the NSA for years, then one may wonder if the disclosure came through whispers rather than research. Glyn Moody was told by Wikileaks (Twitter account seemingly run only by Julian Assange) that “Assange spoke about vulnerability of OS’s to bribes and bugdoors in upstream components.”

Howard Schmidt (chairman of board of company that marketed Heartbleed®) worked with the FBI and another NSA partner/PRISM pioneer (Microsoft). If the NSA knew about the bug, then one wonders what role Schmidt may have played. The last thing that the NSA wants is people (especially outside the US) adopting Free software and GNU/Linux because Microsoft is where back doors are; by design, not by accident. Heartbleed® was reportedly known to the NSA for years (every article that claims this cites Bloomberg, which is notable corporate press and usually a bit dubious when it comes to agenda). If true, this was the type of bug that Edward Snowden’s leaks had alluded to (bug doors, not back doors). Schmidt et al. might be trying to exploit it for FUD and profit, by opportunistically divulging it as soon as mass migration to GNU/Linux in enterprises and homes begins. A decade ago it seemed like a back door had been put inside Linux by the NSA, but the developers caught the intrusion and removed it. There were numerous reports last year saying that the NSA had approached Torvalds, asking him for back doors in Linux, so what Seggelmann did in OpenSSL should not be treated too lightly. The time of the committal is a little suspicious [8] (people away from home to celebrate New Year) and the reputation of OpenSSL is now thoroughly destroyed, which will help its competitors (including proprietary) [9]. There is now a lot of FUD out there about FOSS (the only one we’re willing to cite is [10] because it’s not too malicious), sometimes coming from the mouths of Microsoft boosters or challenging Torvalds’ famous “law” [11,12]. I even get taunted over this in Twitter. The old FUD is back, never mind Coverity’s latest report which again contradicts such FUD.

Mind the article “Heartbleed security flaw may not be as dangerous as thought” [13], which sheds some light on who’s able to exploit and who’s not able to exploit Heartbleed® given the resource limitations (the thing about crackers of the NSA and GCHQ is that they have supercomputers to have a crack at it, and the same is probably true when it comes to the FBI, which is in many ways worse and more aggressive than the NSA; the FBI infiltrates Windows with CIPAV). If the widely-cited reports are true and the NSA knew Heartbleed® (and used it for two years) [14-17], then it’s a massive revelation (the NSA denies this, but denials from the NSA are worthless given its track record when it comes to truth-telling).

Perhaps the most disturbing thing about the story is, the NSA may have discovered Heartbleed® years ago (if not made it, which sounds unlikely [18]) and the firm of Microsoft’s ‘former’ security chief is making a profit from this [19] (the Heartbleed® bounty is partly paid by Microsoft and the partly Microsoft-owned Facebook). A bunch of opportunists got paid for irresponsible disclosure that damaged the Internet [20,21] and harmed many people’s privacy (potentially leading to some people’s deaths).

The GNU/Linux brand is profoundly damaged by this (many GNU/Linux sites mentioned it [22-24]) even though the bug also affects Windows and Apple operating systems. To us it will always seem like marketing campaign coordinated to take place at a strategic date (Windows XP EOL).

Has Microsoft’s Howard Schmidt decided to ‘leak’ it to distract from XP EOL (which means insecurity by policy)? Perhaps. Schmidt had worked with the FBI, so he could have some inside knowledge. He might have former colleagues who could tell him about this (even leak it to him) before he would hype it up, give it a scary name, make a dot com web site, a logo, et cetera, essentially ‘merchandising’ the FUD.

Related/contextual items from the news:

  1. OpenBSD Team Cleaning Up OpenSSL
  2. OpenBSD has started a massive strip-down and cleanup of OpenSSL
  3. Please Put OpenSSL Out of Its Misery
  4. GNUtls: GnuTLS 3.3.0
  5. How to stop the next Heartbleed bug: pay open-source coders to protect us
  6. Will Open-Source Money Prevent the Next Heartbleed?
  7. 3 big lessons to learn from Heartbleed

    The devastating OpenSSL vulnerability proves the importance of data center orchestration, the wisdom of running older versions, and the need to give back to the OpenSSL project

  8. Heartbleed: developer who introduced the error regrets ‘oversight’

    Submitted just seconds before new year in 2012, the bug ‘slipped through’ – but discovery ‘validates’ open source

  9. After Heartbleed: 4 OpenSSL alternatives that work
  10. Heartbleed: Open source’s worst hour”>Heartbleed: Open source’s worst hour
  11. Does the Heartbleed bug refute Linus’s Law?

    The mistake being made here is a classic example of Frederic Bastiat’s “things seen versus things unseen”. Critics of Linus’s Law overweight the bug they can see and underweight the high probability that equivalently positioned closed-source security flaws they can’t see are actually far worse, just so far undiscovered.

  12. Heartbleed: Is Linus Torvald’s law invalid?

    How much data was compromised? How many billions lost? None that we know of. How much does the world loses every year because of Microsoft’s proprietary technologies? Billions of dollars are lost; nations’ securities are compromised and people lives are exposed to risks.

    A majority of NSA attacks won’t be possible without bugs in Microsoft products which the company reportedly shares with the agency so that it can be exploited to hack into computers that NSA can spy on. Microsoft bugs allowed USA to take down nuclear programs of countries like Iran, Microsoft bugs enabled NSA to spy on French president. Microsoft bugs allowed ‘alleged’ Chinese crackers to run a massive scale espionage against human rights activists in the US. In addition there are unaccounted thousands of cases every year where people and businesses lose millions due to security holes in Microsoft products.

  13. Heartbleed security flaw may not be as dangerous as thought

    But today, the content distribution network CloudFlare has announced Heartbleed may not allow access to those private keys after all. In two weeks of testing, the company has been unable to successfully access private keys with Heartbleed, suggesting the attack may not be possible at all. “If it is possible, it is at a minimum very hard,” researcher Nick Sullivan writes. “And we have reason to believe… that it may in fact be impossible.” If true, it makes Heartbleed much less dangerous than many had feared, offering a saving grace for compromised sites. Sullivan acknowledged that, in security tests, some private keys had been revealed by first requests to Apache servers, but he linked this to the process of restarting the server, which would severely limit the exposure to outside actors. Methods have also surfaced to help services tell if attackers have hit their servers using the bug. “Heartbleed still is extremely dangerous,” says CEO Matthew Prince, “but some of the worst fears about it having been used by organizations like the NSA to hoover up everyone’s private SSL keys look pretty unlikely to us based on this testing.”

  14. NSA has been exploiting Heartbleed for two years, leaving Americans exposed to cyber criminals: report [updated]

    As people were wondering NSA’s role in Heartbleed, it turned out that the agency was reportedly aware of the bug, as Bloomberg reports, for the last two years and has been exploiting it to spy on people. If the reports are true and NSA was aware of the bug and instead of getting it fixed it let extremely critical info of US citizens exposed to cyber criminals then NSA does need more oversight from the government.

    Heartbleed was not some minor bug, it affected almost every major web-service including Gmail, Amazon, Yahoo! and many more – holding the potential of exposing sensitive data to criminals. However, as soon as the bug was discovered the Open Source community immediately responded, patched the bug and start pushing the updates.

    While the Americans and the people from around the globe were exposed to cybercriminals, NSA was supposedly busy harvesting passwords and other critical to add it to already massive database.

    Bloomberg quotes Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer, “It flies in the face of the agency’s comments that defense comes first. They are going to be completely shredded by the computer security community for this.”

  15. NSA Said to Exploit Heartbleed Bug for Intelligence for Years
  16. Bloomberg: NSA Knew About, Exploited Open Source Heartbleed Bug for Years
  17. The NSA has exploited Heartbleed bug for years, Bloomberg reports
  18. Heartbleed coder admits ‘oversight’ but backs open source

    Seggelmann submitted the code at 11:59pm on New Year’s Eve 2011, but claims the timing had nothing to do with the mistake. Although the bug was also missed by the review process for OpenSSL, an open source project written and reviewed by volunteers, Seggelmann told British newspaper The Guardian that the bug’s eventual discovery shows the value of publically available open source code.

  19. Why a hacker got paid for finding the Heartbleed bug

    Microsoft and Facebook have also provided financial backing to Internet Bug Bounty, out of which Mehta’s prize money came, after running their own internal bug bounties that were very successful. Their money is benefiting the internet as a whole, but they don’t decide what money goes where.

  20. The Internet’s Telltale Heartbleed
  21. Heartbleed developer explains OpenSSL mistake that put Web at risk
  22. SteamOS Affected by Heartbleed Bug, Valve Hasn’t Updated the OS Yet
  23. Linux Foundation Responds to the Heartbleed Bug

    It’s nearly impossible to know for sure, due to the nature of the vulnerability, how much the Heartbleed vulnerability was used to snoop on secure data. We recommend for our sites the same as for other sites: first, watch for a statement to come out from your financial institutions, email providers, and others, which shares whether they were affected. Start changing your passwords. Use different passwords on different sites and store them in a password safe like KeePass, LastPass or 1Password. That way, if any sites that remain vulnerable leak your password, it won’t affect any other sites. Check back on sites that post statements after you changed the password, and then change the passwords again if needed.

  24. Working Out “Serious Security Flaws” In DRM Drivers

    While many are still busy working through fallout of the OpenSSL Heartbleed bug within organizations, on a separate but security related note, kernel developers specializing in the Direct Rendering Manager (DRM) graphics drivers are working to beef up their own driver security.

Microsoft is Leaving Windows — Including Vista 8.1 — Vulnerable to Non-Government Crackers, Not Only to NSA

Posted in Microsoft, Security, Windows at 6:39 am by Dr. Roy Schestowitz

Install the latest back doors or be left vulnerable to crackers other than the NSA

Back doors

Summary: Microsoft makes it ever more evident that securing users of Windows is not at all a priority, and perhaps not even a desire

MICROSOFT WILL never brag about it to the public (only to the government), but Windows, including Vista 8, contains back doors for the NSA. While FOSS developers work hard to ensure security of their programs, with Microsoft any such concerns are irrelevant because security is not even a goal.

It was rather amusing to see this report which says “Microsoft TechNet blog makes clear that Windows 8.1 will not be patched; users must get Windows 8.1 Update if they want security patches” (the report is titled “Microsoft confirms it’s dropping Windows 8.1 support” and it was published by the Microsoft-affiliated IDG).

But wait, it gets worse than abandonment of users and NSA back doors. According to this: “If you still have XP and use Microsoft Security Essentials you will have problems today.. You will get errors relating to MsMpEng.exe when trying to go into windows and windows will slow down to a crawl mimicking a virus.. You need to boot into safe mode and disable the Microsoft Antimalware Service in your services then boot into your normal profile and uninstall the program.”

“Microsoft makes shutdown of their meaningless “security” application cripple XP,” wrote Will Hill. “I’m surprised that I have not gotten any calls about this. Oh yeah, no one is at work yet. I don’t think the treatment planning computers use this, but I’m going to sent a heads up.”

So Microsoft goes further in making Windows XP users less secure from non-government crackers. Wonderful!

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts