Summary: Observations and analysis of some recent deception in corporate news sites (like Condé Nasty), trying to pretend that Microsoft is secure, that Microsoft is pursuing security, and that FOSS and Android security or privacy are inherently poor
THE KARMA (or blowback) that Microsoft is meeting right now is a result of it sucking up (for government subsidies) to the NSA et al. for a decade and a half. Putting back doors in one’s software is not a safe bet for a business.
As longtime Internet saboteur (most recently Microsoft broke No-IP and offered no real apology, knowing perhaps it would fuel lawsuits by admission) Microsoft should never be trusted for anything Web-based. This is perhaps why China has put Microsoft’s latest Office push on the blacklist. “Yesterday,” said one article “Microsoft convinced a judge to let it take over No-IP’s DNS service, shutting down name service for many websites, in order to stop a malware attack. Today, the company fake-pologized.”
Never mind the fact that, as we explained before, the malware was partly Microsoft’s fault, for making a piece of software that’s insecure by design (and with back doors). “Microsoft’s PR mailout says that “some customers” experienced “temporary” loss of service but that everything was fine now; shortly after, the company’s PR emailed journalists again to say that things were still massively screwed up. It blamed the whole mess on a “technical error,” but when you look at what the judge believed about No-IP when the order came down, it’s clear that the “technical error” was a gross overstatement of both No-IP’s involvement in Microsoft’s woes, and the best way to sort them out.”
Notice how Microsoft is rallying so-called journalists. It is a company of liars and cover-ups. Why would anyone believe a single word?
The very fact that Microsoft was able to shut down millions of legitimate services shows just how much Microsoft corrupted its government. It used the Court for powers like hijacking a whole network. The No-IP story turned out to be far more outrageous than most people realised, as the press had been deceiving them at Microsoft’s behest. People should be fuming and Microsoft sued out of existence, but we just don’t know if this is actually going to happen. If Tux Machines was still on No-IP (as it had been for year, until recently), then it would have been one among millions of victims, potentially down for days.
Now, watch the audacity of Microsoft. With help from Gates’ fan press it pretends to be “against the NSA” and “transparent”. A lie bigger than that is hard to imagine, but this is marketing. This is part of a propaganda campaign which is going on at the moment (in many countries) and would have the gullible believe that Microsoft ‘fights back’ against the NSA, or something along those lines. One piece of propaganda was titled “Microsoft mocks NSA” and another doubts that it is “NSA-proof” (it is not, as with PRISM Microsoft can provide direct access, never mind NSLs).
Corporate media is meanwhile trying hard to push FOSS as “insecure” back into the debate. Gates’ fan press recently did this (citing familiar FOSS-hostile firms) and ‘Information’ Age conflates “proprietary” with “enterprise”, insinuating that FOSS is inherently not for enterprises (this is another type of FUD). Apparently, in addition to all that, a few lines of code (one bug) are the beginning of a new world. It’s that “Heartbleed” nonsense — a word coined by a Microsoft-linked firm for greater impact in an already-FOSS-hostile media (here is Adrian Bridgwater’s cheeky attacks on FOSS, using/exploiting news from 3 months ago, and here is another example). What corporate press rarely tells reader about “Heartbleed” is the insidious connection to Microsoft. There are those who look for bugs in old versions of Android which can leak location data because of the Wi-Fi stack, but these are not critical. “Android phones running 3.1 and newer versions of Google’s mobile operating system are leaking Wi-Fi connection histories, the Electronic Frontier Foundation has discovered,” says one source. Furthermore, says The Mukt, “Android seems to be the center of attention when it comes to mobile security concerns. In the latest, Electronic Frontier Foundation (EFF) has made claims that if you are an Android smartphones user, there is a high risk that your location history is being broadcasted to those within your Wi-Fi range.”
So basically, when it comes to FOSS there is nothing to really complain about except privacy bugs and some security bug from three months ago. As Ryan pointed out some days ago in IRC (citing IDG): “UPDATE: IBM on Monday corrected its report to say that the problem is not as widespread as originally thought. “The vulnerability affects Android 4.3 only. Thanks for the Android Security Team for correcting our advisory,” IBM said. About 10.3 percent of Android devices run Android 4.3.”
“That’s some sloppy reporting,” Ryan wrote. “First they reported that 86% of Android devices were affected by a critical security hole. Then they issued a correction, that it was only one version of Android that represents 10% of devices, and not even the latest version. We also don’t know that all Android 4.3 devices are affected, because OEMs can backport patches to their current firmware even when they don’t want to do a major Android upgrade at the moment. Archos kept backporting patches to Android 4.0 for a long time.
The original report, as far as we can tell, came from Android and Linux basher Dan Goodin. He led the way for writers, including in his former employer, to hide up an Android vulnerability. “It’s hard to exploit,” said his former employer, but in Condé Nasty it is called “serious”. This, in our view, is part of the hype which seeks to paint FOSS as ” insecure”, never mind the many back doors we now know of in proprietary software like Microsoft’s.
Just remember that Condé Nasty, and especially its writer Dan Goodin, has been on some kind of villainous Jihad against GNU/Linux for months now, distorting facts to make it seem as thought FOSS cannot be trusted.
To us it seems clear why all this FUD is being disseminated. Citing security concerns, large governments are moving away from pricey proprietary software with back doors, notably Microsoft’s. Watch Microsoft lying to governments of the world:
No backdoors in our code: Microsoft bid to convince governments
In yet another sign that the revelations about blanket NSA spying are biting into business revenue, Microsoft is offering to open up its source code to governments so they can satisfy themselves that there are no backdoors implanted.
There appears to be a fear among technology companies that if Microsoft is forced to do the government’s bidding, then American cloud businesses which operate in other countries could stand to lose a lot of business.
Snowden’s revelations have led to a drop in overseas business for at least two technology firms – Cisco and IBM. Additionally, the Boeing company lost an order from Brazil, which opted to go with Sweden’s Saab for $US4.5 billion worth of aircraft.
These are lies and Snowden’s revelations provided enough hard evidence to prove this. Expect many more attacks on FOSS from a security angle. Microsoft will try to save its cash cows, using a new ‘flavour’ of disinformation, as usual. █