EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.08.15

More Back Doors Found in Microsoft’s Entrapments (Proprietary Software)

Posted in Microsoft at 11:02 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Urbis
Windows are famously easy to smash

Summary: Security flaws and even blatantly obvious loopholes for surveillance are identified in several of Microsoft’s so-called ‘products’, which turn users (and their data) into the real product (to be sold to private companies or shared with spies)

THOSE who pay close attention to the news (as we typically do) have lost count of the number of Microsoft back doors, affecting a large number of products and vast number of people. The whole spectrum of application has a plethora of ways to take over PCs and intercept messages. That’s not even an accident.

Neel Gupta wrote a month ago about Microsoft and the NSA, including the way this relates to UEFI (remote takeover at hardware level, aided by secret software and keys). Gupta wrote: “As Microsoft Windows has already lost this ‘trust’ through Spams, Blackmails, _NSAKEY, and not fixing critical bugs. So Microsoft changed it’s definition of ‘trust’ in computing: devices with dedicated microprocessor designed to secure the hardware against consumers, and only allow software signed(authorized) by the device manufacturer to run on the device.”

“There is not even a denial that there are back doors and wiretapping (without warrant). They just excuse themselves by saying “law enforcement”.”Curiously enough, based on [1] (below), Microsoft continues to expose users on the Web, making its use of HTTPS a total sham, almost definitely by design (and intention). When users go to Outlook to read their E-mails things get even worse [2,3]. “Backdoor in Outlook Web Application operates inside target’s firewall,” to quote a Microsoft-friendly writer/publication.

Microsoft ‘privacy’ is a lie, as software like Skype serves to demonstrate. There is not even a denial that there are back doors and wiretapping (without warrant). They just excuse themselves by saying “law enforcement”. The FBI never complains about encryption in Microsoft or Windows because there is none that’s truly effective.

Don’t believe what the media is saying right now about Vista 10 figures (e.g. number of devices or users) because these are lies, as we explained last week (many who tried Vista 10 moved away from it afterwards).

As Gupta’s SAP blog concludes: “Note that Windows XP, Vista, 7, and 8 are all going down. With the exodus from Windows, if we as SAP don’t create solutions on Linux and Mac/iOS, we will loose customers to those who do.”

Related/contextual items from the news:

  1. Microsoft sites expose visitors’ profile info in plain text

    If you think using secure HTTP would be enough to protect your privacy when checking webmail, think again. When users connect to their Microsoft user account page, Outlook.com, or OneDrive.com even when using HTTPS, the connection leaks a unique identifier that can be used to retrieve their name and profile photo in plaintext.

    A unique identifier called a CID is exposed because it’s sent as part of a Domain Name Service lookup for the address of the storage server containing profile data and as part of the initiation of an encrypted connection. As a result, it could be used to track users when they connect to services from both computers and mobile devices, possibly even identifying users as their requests leave the Tor anonymizing network.

  2. Microsoft OWA falls victim to password-pinching APT attack

    SECURITY RESEARCHERS FROM Cybereason have sounded a klaxon over a problem with the Microsoft Outlook Web Application (OWA) that could let attackers swoop in and tag and bag data and documents through the use of APT techniques.

    Cybereason discovered the bug when a customer with some 19,000 endpoints suspected that it was the victim of infection.

  3. New Outlook mailserver attack steals massive number of passwords

    Backdoor in Outlook Web Application operates inside target’s firewall.

NASA Gives Back What It Took Away in the Form of Patent Monopolies for Private Gain

Posted in America, Patents at 10:36 am by Dr. Roy Schestowitz

NASA Windows

Summary: Criticism of NASA’s habit of clinging onto patents when it is actually the public which pays for everything

THE ISSUE that we occasionally tackle here in Techrights (and the #techrights IRC channel) is unjust monopoly acquired or protected by hoarding of patents. It is especially unjust when it’s public money (tax) subsidising this kind of monopoly. Such was the case with NASA when it sold patents (paid for by the public) to patent trolls about 3 years ago. NASA had previously helped protect and expand Microsoft’s illegal monopoly [1, 2, 3].

“Some of the people who helped NASA build its rockets are the same people (and by extension their teams) that helped launch rockets into London in the second world war.”This time, for a change, NASA decides to give these patents back to those who paid for them, setting these patents free to all [1, 2, 3, 4, 5, 6, 7]. It is claimed that as many as 1200 patents (if not more) will be set free, but there are some caveats (see headlines that mention “free access to its patents for startup entrepreneurs”).

NASA’s work is funded by taxpayers, so the very idea of them ‘donating’ patents is ludicrous (or indicative of corruption). NASA shouldn’t waste its time on patents in the first place; it can just publish its ideas and inventions in its public-facing Web site.

Don’t romanticise too much over NASA and its glorified patents. Yours truly used to believe the popular lie that space exploration of NASA gave us Teflon. Well, Teflon was made for nuclear weapons (cold war), so even this isn’t a good example of NASA’s so-called ‘inventions’. Some of the people who helped NASA build its rockets are the same people (and by extension their teams) that helped launch rockets into London in the second world war.

The Coup D’état of Benoît Battistelli Follows an Imperialist Model, Threatens Opposition and Dissent

Posted in Europe, Patents at 10:16 am by Dr. Roy Schestowitz

Battistelli wants to ‘pacify’ the office by means of threats, bullying, and even exile

Mall window

Summary: SUEPO, the staff union, and boards that are independent from the EPO are both under attack and are constantly threatened by Benoît Battistelli and his goons

THE misconduct at the EPO is becoming an urgent issue to tackle. We wrote about patent trolls fighting against Android (i.e. Linux) in Europe just a few days ago and the UPC may soon become a reality, joining blatant injustices like the TPP.

“The EPO wants staff to blindly obey its decisions on patents and workers’ rights while the EPO itself does not obey the law.”Earlier this week the FFII’s President Benjamin Henrion wrote that “EPO does not follow the “rule of law” principle, which means any of its acts are not challengeable in front of a court” (i.e. above the law).

The EPO wants staff to blindly obey its decisions on patents and workers’ rights while the EPO itself does not obey the law. This is double standard of the highest order.

In “March of this year alone, the IPKat welcomed 212,040 site visitors,” it wrote earlier this month. Well, that’s obviously because of EPO scandals, especially the news from the Netherlands which made it a very busy month for EPO-related news. We are gratified to see that Merpel is back to covering this topic. Last week she wrote about some new developments and yesterday she wrote about Željko Topić's latest attacks on workers' rights, preceding next week's demonstration.

“We are gratified to see that Merpel is back to covering this topic.”“On this world day against software patents,” Henrion wrote, “we have to wake up sleeping Europeans against swpatv3 via the Unitary Patent Court” (UPC is just the latest among many plots or ploys that can further legitimise software patents in Europe from the back door).

“Cisco and Samsung cross-license to ignore the harm of patents,” he noted, but the “option [is] not available to small companies and developers” (it’s very much like OIN, which helps large corprations legitimise and preserve software patents, as we last explained last night).

SUEPO, the staff union at the EPO, seems eager to fight back and challenge the gangster of the management, Mr. Topić.

“Mr Zeljko Topic (VP4),” it wrote, “and Mr Raimund Lutz (VP5) issued on 2 October 2015 a Communiqué to EPO staff titled “Your rights” which was later published here by IPKat.

“SUEPO was sorely tempted to rebut the slanderous allegations of VP4 and VP5, but the public ridicule to which they are subjected speaks volumes on our behalf, see for instance the comments on IPKat.

“Based on the very latest from IP Kat, the EPO’s Battistelli is now destroying the boards (of appeal) that are supposed to provide an independent last resort when the EPO is misbehaving.”“If anyone has doubts about the legality of SUEPO’s actions or about the sincerity of the EPO’s offer of impartial legal assistance, the SUEPO committee will be happy to answer questions. At this moment, it will suffice to say that SUEPO applauds VP4 and VP5 for finally grasping the notion of the applicability of “basic fundamental rights” and “general principles of law”, and look forward to further progress reports about their seemingly ongoing study of fundamental legal doctrines.”

Based on the very latest from IP Kat, the EPO’s Battistelli is now destroying the boards (of appeal) that are supposed to provide an independent last resort when the EPO is misbehaving. As Merpel put it: “The drive to get the Boards out of Munich strikes Merpel as either deeply stupid or entirely cynical, and she doesn’t believe Mr. Battistelli is at all stupid. The purported problem identified in Mr Battistelli’s proposal to reform the Boards of Appeal was the “perception of independence”. You couldn’t, he argued, have Boards in the same building as other EPO employees whose decisions a Board might be reviewing — which is an odd argument, since there are no Examining or Opposition Divisions based in the Isar building.

“A rather more widespread perception around the EPO is that Mr Battistelli can’t bear to have the Boards in “his” building (Merpel seems to recall that they were there first, though), and/or that he wanted to teach the Boards a lesson. Even having his own private express lift from car park to the sumptuously appointed presidential floor does not always exclude the chance that he might encounter one face-to-face during his working day.

“The relationship was poisoned when the Enlarged Board decided Case R19/12, a decision about judicial independence about which Mr Battistelli was furious. You see, far from lacking independence, the real problem for EPO management is that the Boards are sometimes too damn independent and this cannot be tolerated. Yes, there’s a structural issue in how the Boards fit into the European Patent Organisation, which would require amendment of the Convention to fully remedy, but this did not seem to cause problems in practice until now. Nobody should pretend that this proposal to move the Boards out of Munich serves the interests of judicial independence. It is really the opposite: showing this group of ungrateful judges who’s really the boss, who’s in control of their careers.

“There are many things that are rotten at the EPO and the rest of the month will be spent putting some more ‘dirty laundry’ out there.”“Having established that the Boards had to get out of the current Munich headquarters, Mr Battistelli identified two options: find another building in Munich, or relocate the members of the Boards to Berlin (Vienna, which is now the front runner, appears to have been arranged behind the backs of the Administrative Council (AC) and of the Boards, since it never formed part of the formal proposal).”

So Battistelli wants them exiled like Napoleon. See what we recently (earlier this month) wrote about these attacks on the boards. There are many things that are rotten at the EPO and the rest of the month will be spent putting some more ‘dirty laundry’ out there.

Links 8/10/2015: Manjaro Linux Releases, Linksys WRT1900ACS, FOSS at NHS

Posted in News Roundup at 9:46 am by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

Free Software/Open Source

  • Developer creates an open source glucose monitoring and tracking app he can trust

    According to Diabetes.org, in 2012 over 29.1 million Americans (that’s 9.3% of the population) had diabetes. Chances are, you know someone who has diabetes and you can help them by supporting an open source project that they can trust. If you are a developer, contribute to improve the code; you can help with documentation, or language so it can be translated.

    That’s the only way any open source project succeeds – through collaboration and contribution; through people.

  • Open Source for Log Analytics – Let’s get serious

    “Making machine data accessible, usable, and valuable to everyone” was the main theme at the Splunk .conf2015 last month in Las Vegas. The thousands attending this event are a clear proof of the growing importance and interest in collecting, analyzing and gaining insights from machine data. This interest started years ago mostly with IT related logs but will spread to cover all types of machine generated data. The growing IoT space will make today’s pile of machine data dwarf compared to what else is coming our way in the form of logs and other data generated by machines and sensors.

  • Fears Grow For Safety of Imprisoned Syrian Open Source Developer, Bassel Khartabil

    Bassel sent his letters from Adra prison, a civilian jail in the northeast outskirts of Damascus. Even representatives of the Assad government admit that conditions in Adra are overcrowded and inhumane. The prison was designed for 2,500 and now houses 9-11,000 prisoners. Single rooms hold fifty to a hundred cellmates. Food rations are minimal and prisoners must often pay bribes for sleeping materials. Nearby, according to reports, anti-regime forces attempted to seize the compound.

  • SYRIA: Disclose Whereabouts of Detained Freedom of Expression Advocate Bassel Khartabil
  • Syria: Disclose Whereabouts of Detained Freedom of Expression Advocate

    EFF has joined with organizations around the world in calling for Syria to reveal the whereabouts of detained technologist Bassel Khartabil. Khartabil’s arbitrary detention and treatment by the Syrian authorities have been cause for concern since his initial arrest three and a half years ago. Fears have grown for his safety after he was taken from civil prison to an unknown destination on Saturday. He is one of the five current cases that EFF tracks in our Offline campaign to protect unjustly imprisoned technologists and bloggers.

  • Google AMP: “Instant Articles”-style mobile news plans unveiled – an open source standard for publishers’ content to be immediately in search
  • Google (GOOG) Releases Faster Mobile Web Browsing In New Open-Source Initiative With Twitter And 38 News Organizations

    We’re increasingly living in a mobile world, and Google wants to make it a better experience. The search giant on Wednesday announced an initiative called “Accelerated Mobile Pages” (AMP) that makes viewing news articles on a smartphone even faster, the company said at a New York City event.

  • VoiceNation Releases Revolutionary Open Source Live Answering Software. Georgia CALLS is an Early Adopter

    OpenAnswer is built on familiar open source technology like Asterisk, FreePBX, Apache, Linux, PF Sense, SIP and more.

  • Open Source Needs Enterprise Developers

    Open source projects have risen in prominence over the past few years and are becoming important assets to enterprises. A recent report indicates that some 78 percent of enterprises use open source, and two-thirds build software for their customers that is based on open source software.

  • Making B2B Open To Open Source

    The eCommerce software space is a crowded one, with vendors offering any number of ways to track product data. B2C may grab the spotlight with innovation and omnichannel initiatives, and B2B has some catching up to do. But as small businesses recognize the need to adapt quickly to satisfy both their customers and suppliers, flexible software can make all the difference, according to Yoav Kutner.

  • Events

  • Web Browsers

    • Mozilla

      • Proposed Principles for Content Blocking

        Content is not inherently good or bad – with some notable exceptions, such as malware. So these principles aren’t about what content is OK to block and what isn’t. They speak to how and why content can be blocked, and how the user can be maintained at the center through that process.

        At Mozilla, our mission is to ensure a Web that is open and trusted and that puts our users in control. For content blocking, here is what we think that means.

      • Thunderbird 38.3.0 Lands in All Ubuntu OSes

        Details about a number of Thunderbird vulnerabilities in Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems have been revealed by Canonical in a short security notice.

  • SaaS/Big Data

  • Databases

    • Industry Outlook: Open-Source Databases and IoT

      This week, Industry Outlook talks with Pierre Fricke about open-source databases and their role in the Internet of Things (IoT). Pierre has a long history in open-source software. He spent 10 years as director of product marketing for JBoss Middleware. He had joined JBoss Inc. just over a year before its acquisition by Red Hat in 2006 and stayed on until he joined EDB. Pierre first became involved in open-source software in 1998 during his 17 years at IBM. He played a critical role in establishing IBM’s Linux and open-source strategy, being one of seven team leaders whose contributions are still used today. He also spent five years as an industry analyst with an emphasis on Java and Microsoft application development and integration software.

      [...]

      PF: No. “Open source” does not equate to “less secure.” Enterprise open-source solutions such as EDB Postgres boast the same level of security as traditional solutions, including enhanced auditing, row-level security, SQL-injection-attack guard and other capabilities. In addition, better-managed open-source solutions also have fewer vulnerabilities than commercial products owing to the strict reviews and testing process that these types of systems must undergo. Furthermore, the inherent nature of open source—in which the code kernel is available to a large community of developers—means more individuals are looking for potential bugs and problems (an open process that is often prohibited in propriety systems).

  • Healthcare

  • Business

  • BSD

    • NetBSD 7.0 Released With New ARM Board Support, Lua Kernel Scripting

      NetBSD 7.0 was quietly released at the end of September.

      NetBSD 7.0 is a big release for this BSD operating system and it features Lua kernel scripting support, GCC 4.8.4 is the default compiler, DRM/KMS graphics support, multi-core support for ARM, Raspberry Pi 2 with SMP support, NPF improvements, and a variety of other enhancements.

  • Project Releases

  • Openness/Sharing

  • Programming

  • Standards/Consortia

    • EU digital policy moves into public comment phase

      The normal procedural step that the Commission takes after the introduction of such a strategy is to seek specific input and feedback—via a public consultation process—for the general ideas and proposals that they are presenting. A public consultation, as the phrase implies, is an invitation to answer a long list of wide ranging questions on these issues. Although procedural, the information gleaned from the consultation will help shape any formal legislation or other actions and regulations that the Commission deems necessary to achieve the goals of the DSM.

Leftovers

  • Security

    • Malware Peddling Vigilantes behind Linux.Wifatch Speak Up

      The group also add that Linux.Wifatch was never intended to be secretive and added that to be “truly ethical, it needs to have a free license.” However, the developers did not go out of their way to make the Wifatch’s presence known in the wider community, to avoid detection by other malware authors.

      The group haven’t revealed their identity and contend that they are “nobody important,” while adding that although they can be trusted not to do “evil things” with users’ devices anybody could steal the key (speaking figuratively), no matter how well the group protects it.

    • Government Accountability Offices Finds Government Still Mostly Terrible When It Comes To Cybersecurity

      The government has done a spectacularly terrible job at protecting sensitive personal information over the past couple of years. Since 2013, the FDA, US Postal Service, Dept. of Veterans Affairs, the IRS and the Office of Personnel Management have all given up personal information. So, it’s no surprise the Government Accountability Office’s latest report on information security contains little in the way of properly-secured information.

    • This New ‘Secure’ App for Journalists May Not Be Secure At All

      When I started working as a journalist in Colombia in 2006, “What do I do if I get kidnapped?” was a common topic at parties. In fact in 2007, my brother (not a journalist) got kidnapped in a small town outside of Medellín. The Colombian anti-kidnapping squad (GAULA) rescued him.

      So let’s just say I take an interest in journalist security tools. New apps have the potential to help journalists do their jobs, and stay safe while doing so.

      Unfortunately, Reporta, a new app from the International Women’s Media Foundation (IWMF) billed as “the only comprehensive security app available worldwide created specifically for journalists,” sounds like it may put journalists in danger.

  • Defence/Police/Secrecy/Aggression

    • NYT Plays Up Risks to Bomber Pilots, Downplays the Civilians They Kill

      Cooper does her best nevertheless to make the reader empathize with the risks faced by bomber pilots, despite a former flyer’s admission that “if you stay above 10,000 feet, you’re not going to be hit.” Though the mechanical difficulties faced by Yip Yip dominate the story, Cooper asserts that “engine troubles are not the only risk at 25,000 feet.” What else is there? Well, there’s acceleration: “The F/A-18s today require more G-forces than the planes of the Top Gun era, and pilots today pull nine Gs instead of four and five Gs”—so pilots have to make sure they are “not dehydrated or hungover from drinking and crooning the Righteous Brothers to Kelly McGillis at a bar the night before.”

      For comparison purposes, riders on the Shock Wave roller coaster at Six Flags Over Texas experience six Gs–placing the amusement park-goers somewhere between Maverick and Bones on the toughness scale.

  • PR/AstroTurf/Lobbying

  • Privacy

    • What’s in a Boarding Pass Barcode? A Lot

      The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.

    • US Secret Service Violated Privacy Policy to Embarrass Congressman

      The Secret Service thought we all needed a reminder that databases of personal information will be exploited for political gain. The chair of the Oversight and Government Reform Committee, Rep. Jason Chaffetz, was leading the investigation into one of the recent cases of Secret Service misconduct. Agents within the service accessed records concerning Chaffetz’ application to the Secret Service (which was not acted upon) and then disseminated that information within the agency and talked to the press about it.

    • Anti-Piracy Activities Get VPNs Banned at Torrent Sites

      This week users of popular torrent sites found that they could no longer access them using their VPN. Speaking with TorrentFreak the operator of one of the affected sites revealed that the IP ranges of a popular VPN provider had been banned after they were used for massive anti-piracy activities. Using a VPN for copyright enforcement is apparently quite common.

    • In China, Your Credit Score Is Now Affected By Your Political Opinions – And Your Friends’ Political Opinions

      China just introduced a universal credit score, where everybody is measured as a number between 350 and 950. But this credit score isn’t just affected by how well you manage credit – it also reflects how well your political opinions are in line with Chinese official opinions, and whether your friends’ are, too.

    • Rise of ad-blockers shows advertising does not understand mobile, say experts

      Apple has made ad-blocking mainstream, prompting fears in the $31.9bn mobile ad market. But those grappling with the problem say the user must come first

  • Civil Rights

    • Rupert Murdoch hints that Barack Obama isn’t ‘real black president’

      Murdoch was praising Republican presidential candidate Ben Carson and his wife on Twitter Wednesday evening when he wrote: “Ben and Candy Carson terrific. What about a real black President who can properly address the racial divide?”

    • Saudi husband is caught groping and forcing himself on his maid after his suspicious wife set up a hidden camera… but now SHE faces going to jail

      A Saudi woman may face going to jail after she caught her husband cheating with the family maid and posted it on social media.

      The woman used a hidden camera to catch her husband in the act, but despite his proven infidelity, she may be the one who ends up being punished.

      The video, which she uploaded to YouTube, shows the man forcing himself on one of the family’s members of staff, while the maid appears to attempt to resist his advances.

    • Tacoma Police Sued Over Heavily-Redacted Stingray Non-Disclosure Agreement

      Despite there being multiple copies of nearly-identical FBI/Stingray non-disclosure agreements in the public domain at this point, the Tacoma (WA) Police Department still refuses to provide FOIA requesters with an unredacted version of its own NDA.

      In late 2014, the Tacoma Police Dept. handed Seattle’s Phil Mocek a copy of its NDA, which, perhaps unsurprisingly, failed to disclose much about the non-disclosure agreement. The only things left unredacted were the two opening paragraphs of the agreement and the signatures at the end of it. In the middle was a solid wall of black ink.

    • Sweden is shifting to a 6-hour work day

      Despite research telling us it’s a really bad idea, many of us end up working 50-hour weeks or more because we think we’ll get more done and reap the benefits later. And according to a study published last month involving 600,000 people, those of us who clock up a 55-hour week will have a 33 percent greater risk of having a stroke than those who maintain a 35- to 40-hour week.

      With this in mind, Sweden is moving towards a standard 6-hour work day, with businesses across the country having already implemented the change, and a retirement home embarking on a year-long experiment to compare the costs and benefits of a shorter working day.

  • DRM

    • TPP Also Locks In Broken Anti-Circumvention Rules That Destroy Your Freedoms

      We already wrote about how New Zealand has released some of the details about the finalized TPP agreement before the official text is released. The one we discussed is forcing participants into a “life plus 70 years” copyright term, even as the US had been exploring going back towards a life plus 50 regime like much of the rest of the world. That won’t be possible any more.

    • [Apple] What is the “rootless” feature in El Capitan, really?

      I have just learned about the “Rootless” feature in El Capitan, and I am hearing things like “There is no root user”, “Nothing can modify /System” and “The world will end because we can’t get root”.

      What is the “Rootless” feature of El Capitan at a technical level? What does it actually mean for the user experience and the developer experience? Will sudo -s still work, and, if so, how will the experience of using a shell as root change?

  • Intellectual Monopolies

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts