Bonum Certa Men Certa

Microsoft's Insecure-by-Design (Sometimes With Back Doors) 'Contributions' to OpenSSH

Making a mockery out of the spirit of OpenBSD, having given money to OpenBSD

Manchester church Vulnerability (need for money) found in the Church of BSD



Summary: Microsoft is seemingly disrupting the high standards of the OpenSSH project (and by extension OpenBSD and Free/libre software), as its focus on security is ludicrous at best

LAST week, in our daily links, over a dozen links were included about a new revelations of flaws in a hugely popular encryption method. A paper presented by award-winning academics demonstrated a serious weakness. OpenSSH was among the alleged targets, potentially allowing spies to infiltrate, intercept and decrypt communications/data relayed over SSH. The philosophy and principles (UNIX) of OpenSSH had kept it strong for a very long time.



"Knowing the role that social engineering plays in weakening encryption, the last thing one needs right now is PRISM pioneer (first company) and a back doors proponent like Microsoft inside the OpenSSH community."Those who keep abreast of privacy news (including NSA leaks) will know that there is an aggressive effort to crack SSH. Some ciphers were recently phased out or deprecated as a result. Knowing the role that social engineering plays in weakening encryption, the last thing one needs right now is PRISM pioneer (first company) and a back doors proponent like Microsoft inside the OpenSSH community. As we pointed out earlier this year, OpenSSH is being subjected to E.E.E. (embrace, extend, extinguish) treatment from Microsoft [1, 2] because money talks. Microsoft has a lot of money (despite losses in the billions) and OpenBSD is underfunded, hence desperate for money.

Secure channels and Microsoft Windows are incompatible concepts. It cannot be done because Windows itself has back doors, allowing penetration at root (Administrator) level. Microsoft is now pushing its back-doored, insecure-by-design APIs into the SSH project and also puts people's keys on boxes with such inherent insecurities. How terrible a recipe is that? Is OpenBSD willing to compromise its credibility and reputation just because Microsoft gave it a 'generous' payment (some would call it a bribe)?

According to this update from Microsoft, they now intend to:

Leverage Windows crypto api’s instead of OpenSSL/LibreSSL and run as Windows Service...


People in the comments (not deleted, at least not yet) rightly post complaints. One said: "I don't think I like that your replacing an open source SSL with a closed source Windows crypto api."

Another commenter said: "Do I see a trap here?! If the Windows port uses the closed source crypto api is the whole OpenSource OpenSSH-idea then still intact?"

"Microsoft takes something that's not its own and then 'bastardises' it, making it an inferior 'Windows thing' which spreads only because of the network effect or illegal bundling."iophk told us: "How much key code can they replace with dodgy homebrew and still be allowed to use the same name? Without the crypto, it is not the same software and merely a derivative."

Well, that's just how E.E.E. has historically worked. Microsoft takes something that's not its own and then 'bastardises' it, making it an inferior 'Windows thing' which spreads only because of the network effect or illegal bundling.

iophk has also pointed out to us that Roger A. Grimes, who works for Microsoft and IDG (news publisher) at the same time (clearly a conflict of interests), presents a false dichotomy, "freedom or security" (right there in the headline). Computer security is never the goal at Microsoft; they want back doors for so-called 'national security' (i.e. state power with remote access to citizens' PCs).

"The first rule of zero-days is no one talks about zero-days," reads this new headline (remember that Microsoft wilfully enables NSA access through zero-days).

"If Microsoft cannot honour Free software and respect the APIs of OpenBSD, OpenSSH, OpenSSL etc. then maybe it's time to tell Microsoft to take back its 'bribe' money and go away, leaving OpenSSH alone (and secure)."Microsoft's E.E.E. tactics are becoming a big threat not just to GNU/Linux but also to BSD and Free software as a whole. Microsoft now tries to become a GNU/Linux host, despite its known record of scanning every single file (claiming to do so because of child pornography) and colluding with the government for warrantless access to data stored on servers.

The E.E.E. against GNU/Linux is perhaps best demonstrated by this new article about how Microsoft tries to take over Big Data (a lot of data, sometimes incredibly sensitive) on GNU/Linux servers. "Last month Microsoft did something extraordinary," says the author, "something which demonstrates how completely the company has changed since its third CEO, Satya Nadella, took over."

Satya Nadella just turned the company into more of a surveillance company, as Vista 10 serves to remind us. He continues to attack GNU/Linux in many ways (including patent extortion) while saying that Microsoft "loves Linux' (a lie as big as a lie can get).

If Microsoft cannot honour Free software and respect the APIs of OpenBSD, OpenSSH, OpenSSL etc. then maybe it's time to tell Microsoft to take back its 'bribe' money and go away, leaving OpenSSH alone (and secure). Almost every distribution of GNU/Linux comes with OpenSSH. Microsoft is a wolf in sheep's clothing and it has no room inside FOSS until it quits attacking FOSS and collaborating with abusive espionage agencies like GCHQ and the NSA.

Recent Techrights' Posts

GNU/Linux and ChromeOS in Qatar Reach 4%, an All-Time High
Qatar has money to spend, but not much of it will be spent on Microsoft, or so one can hope
This 'Article' About "Linux Malware" is a Fake Article, It's LLM Slop (Likely Spewed Out by Microsoft Chatbot)
They're drowning out the Web
Early Retirement Age: Linus Torvalds Turns 55 Next Week
Now he's almost eligible for retirement in certain European countries
 
Technology: rights or responsibilities? - Part XI
By Dr. Andy Farnell
Links 22/12/2024: Election Rants and More Sites Available via Gemini
Links for the day
Links 22/12/2024: North Pole Moving and Debian's Joey Hess Goes Solar
Links for the day
Gemini Links 22/12/2024: Solstice and IDEs
Links for the day
BetaNews: Microsoft Slop is Your "Latest Technology News"
Paid-for garbage disguised as "journalism"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 21, 2024
IRC logs for Saturday, December 21, 2024
Links 21/12/2024: EU on Solidarity with Ukraine, Focus on Illegal and Unconstitutional Patent Court in the EU (UPC)
Links for the day
[Meme] Microsofters at the End of David's Leash
Hand holding the leash. Whose?
Deciphering Matt's Take on WordPress, Which is Under Attack From Microsofters-Funded Aggravator
the money sponsoring the legal attacks on WordPress and on Matt is connected very closely to Microsoft
Gemini Links 21/12/2024: Projections, Dead Web ('Webapps' Replacing Pages), and Presentation of Pi-hole
Links for the day
American Samoa One of the Sovereign States Where Windows Has Fallen Below 1% (and Stays Below It)
the latest data plotted in LibreOffice
[Meme] Brian's Ravioli
An article per minute?
Links 21/12/2024: "Hey Hi" (AI) or LLM Bubble Criticised by Mainstream Media, Oligarchs Try to Control and Shut Down US Government
Links for the day
LLM Slop is Ruining the Media and Ruining the Web, Ignoring the Problem or the Principal Culprits (or the Slop Itself) Is Not Enough
We need to encourage calling out the culprits (till they stop this poor conduct or misconduct)
Christmas FUD From Microsoft, Smearing "SSH" When the Real Issue is Microsoft Windows
And since Microsoft's software contains back doors, only a fool would allow any part of SSH on Microsoft's environments, which should be presumed compromised
Paywalls, Bots, Spam, and Spyware is "Future of the Media" According to UK Press Gazette
"managers want more LLM slop"
Google Has Mass Layoffs (Again), But the Problem is Vastly Larger
started as a rumour about January 2025
On BetaNews Latest Technology News: "We are moderately confident this text was [LLM Chatbot] generated"
The future of newsrooms or another site circling down the drain with spam, slop, or both?
"The Real New Year" is Now
Happy solstice
Microsoft OSI Reads Techrights Closely
Microsoft OSI has also fraudulently attempted to censor Techrights several times over the years
"Warning About IBM's Labor Practices"
IBM is not growing and its revenue is just "borrowed" from companies it is buying; a lot of this revenue gets spent paying the interest on considerable debt
[Meme] The Easier Way to Make Money
With patents...
The Curse (to Microsoft) of the Faroe Islands
The common factor there seems to be Apple
Electronic Frontier Foundation Defends Companies That Attack Free Speech Online (Follow the Money)
One might joke that today's EFF has basically adopted the same stance as Donald Trump and has a "warm spot" for BRICS propaganda
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 20, 2024
IRC logs for Friday, December 20, 2024
Gemini Links 21/12/2024: Death of Mike Case, Slow and Sudden End of the Web
Links for the day
Links 20/12/2024: Security Patches, Openwashing by Open Source Initiative, Prison Sentence for Bitcoin Charlatan and Fraud
Links for the day
Another Terrible Month for Microsoft in Web Servers
Consistent downward curve
LLM Slop Disguised as Journalism: The Latest Threat to the Web
A lot of it is to do with proprietary GitHub, i.e. Microsoft
Gemini Links 20/12/2024: Regulation and Implementing Graphics
Links for the day
Links 20/12/2024: Windows Breaks Itself, Mass Layoffs Coming to Google Again (Big Wave)
Links for the day
Microsoft: "Upgrade" to Vista 11 Today, We'll Brick Your Audio and You Cannot Prevent This
Windows Update is obligatory, so...
The Unspeakable National Security Threat: Plasticwares as the New Industrial Standard
Made to last or made to be as cheap as possible? Meritocracy or industrial rat races are everywhere now.
Microsoft's All-Time Lows in Macao and Hong Kong
Microsoft is having a hard time in China, not only for political reasons
[Meme] "It Was Like a Nuclear Winter"
This won't happen again, will it?
If You Know That Hey Hi (AI) is Hype, Then Stop Participating in It
bogus narrative of "Hey Hi (AI) arms race" and "era/age of Hey Hi" and "Hey Hi Revolution"
Bangladesh (Population Close to 200 Million) Sees Highest GNU/Linux Adoption Levels Ever
Microsoft barely has a grip on this country. It used to.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 19, 2024
IRC logs for Thursday, December 19, 2024