04.18.14

Some Perspective on Heartbleed®

Posted in GNU/Linux, Microsoft, Security at 8:12 am by Dr. Roy Schestowitz

Summary: Our views on the whole Heartbleed® bonanza, which seems like partly a PR stunt (for multiple stakeholders)

A LOT has been said about Heartbleed® since the firm of Microsoft's 'former' security chief (who had worked with the FBI, the NSA’s more evil twin) irresponsibly 'leaked' the flaw, and did so at the very same moment that Windows XP users rushed to GNU/Linux for security reasons. I know of such users (even corporations I deal with) and I saw their reaction to this unforeseen ‘leak’. Funny timing.

In this post we outline some key facts (carefully and patiently studied over the past 10 days). As my doctoral degree is not far from cryptography and I have consulted people who do security for a living, I can assure readers that we do grasp the technical details, unlike many so-called ‘journalists’ with degrees in English or history. We are not going to delve into less plausible theories like a connection between the flaw and the NSA although there are circumstantial connections, an NSA program specifically designated to this (NSA operation ORCHESTRA), and we already know that Red Hat relays non-SELinux code directly from the NSA to Torvalds, as we covered earlier this year (meaning that only a developer in the middle knows where the code originally came from). In this particular post we are going to focus on other important points that ought to be made now that Heartbleed® is mostly out of the headlines and little new information will come out during Easter. This post is based on assessment of about 100 reports and subsequent research lasting many hours.

A little and slightly old tidbit shared with us by iophk (a network security professional) said that even the NSA and its circles are negatively affected by Heartbleed®. This article states: “”I am waiting for a patch,” said Jeff Moss, a security adviser to the U.S. Department of Homeland Security and founder of the Def Con hacking conference.”

There are reasons to believe that the NSA was not aware of this flaw or had not exploited it. For instance, the government’s demands from Lavabit may suggest that OpenSSL back doors were not known at that time (2013). Also, reading all about the personal background of the man behind the bug, it’s nearly impossible to find any connection to the NSA and its ilk. The guy is German, but another German Danish developer (Poul-Henning Kamp, a FreeBSD and Varnish developer) spoke only some months ago about a US program of introducing bugs into FOSS (see “NSA operation ORCHESTRA” above).

iophk responds to the article about firewalls woes by asking: “Why the hell is he not running one based on Linux or BSD? Something’s not right. Proprietary “solutions” have no place in infrastructure for just these kinds of reasons.”

Well, with Windows, for example, the NSA perhaps assumes a monopoly on back doors. It’s a form of total control.

The BSD community, which is also behind OpenSSH, has begun doing some commendable things [1,2] short of throwing away OpenSSL [3]. There is a new release of GnuTLS [4], for example, but we cannot be 100% certain that GnuTLS is immune to “bug doors”, as Julian Assange recently called them. “GnuTLS was immune to the OpenSSL bug,” writes iophk, “but in regards to the latter was ‘responsible disclosure’ followed? I got the feeling that it wasn’t and that the web site was set up and publicized before even the OpenSSL team was informed. Where can I find a detailed timeline of events?”

Well, a deceiving timeline was later published by the Australian press. Security gurus have widely chastised this form of ‘responsible’ disclosure of Heartbleed®; even the project site of OpenSSL hadn’t been patched before the disclosure. The same goes for the FBI, which again helps validate claims that the government was not fully aware of the issue.

OpenSSL was having limited resources and some articles covered it [5-7]. Regardless, it’s now claimed NSA knew about the bug for 2 years and we should always remember that Microsoft’s Howard Schmidt was connected to FBI before his firm published Heartbleed® for fame, fun, and profit. It’s not just Microsoft that makes his motives a tad suspicious. The whole Heartbleed® thing “has a very media friendly name and a cute logo,” as a British FOSS professional put it. It’s like a branding exercise. Also see this post titled “What Heartbleed Can Teach The OSS Community About Marketing”. “Ties in a bit with what you’ve posted,” iophk told me after I had noted the marketing angle.

As a recap, Heartbleed® was pretty much branded and released like a product by a firm headed by a Microsoft (and FBI) veteran. This firm also works with Microsoft, so the disclosure on Windows XP’s EOL date is too hard to ignore, If this was already known about by the NSA for years, then one may wonder if the disclosure came through whispers rather than research. Glyn Moody was told by Wikileaks (Twitter account seemingly run only by Julian Assange) that “Assange spoke about vulnerability of OS’s to bribes and bugdoors in upstream components.”

Howard Schmidt (chairman of board of company that marketed Heartbleed®) worked with the FBI and another NSA partner/PRISM pioneer (Microsoft). If the NSA knew about the bug, then one wonders what role Schmidt may have played. The last thing that the NSA wants is people (especially outside the US) adopting Free software and GNU/Linux because Microsoft is where back doors are; by design, not by accident. Heartbleed® was reportedly known to the NSA for years (every article that claims this cites Bloomberg, which is notable corporate press and usually a bit dubious when it comes to agenda). If true, this was the type of bug that Edward Snowden’s leaks had alluded to (bug doors, not back doors). Schmidt et al. might be trying to exploit it for FUD and profit, by opportunistically divulging it as soon as mass migration to GNU/Linux in enterprises and homes begins. A decade ago it seemed like a back door had been put inside Linux by the NSA, but the developers caught the intrusion and removed it. There were numerous reports last year saying that the NSA had approached Torvalds, asking him for back doors in Linux, so what Seggelmann did in OpenSSL should not be treated too lightly. The time of the committal is a little suspicious [8] (people away from home to celebrate New Year) and the reputation of OpenSSL is now thoroughly destroyed, which will help its competitors (including proprietary) [9]. There is now a lot of FUD out there about FOSS (the only one we’re willing to cite is [10] because it’s not too malicious), sometimes coming from the mouths of Microsoft boosters or challenging Torvalds’ famous “law” [11,12]. I even get taunted over this in Twitter. The old FUD is back, never mind Coverity’s latest report which again contradicts such FUD.

Mind the article “Heartbleed security flaw may not be as dangerous as thought” [13], which sheds some light on who’s able to exploit and who’s not able to exploit Heartbleed® given the resource limitations (the thing about crackers of the NSA and GCHQ is that they have supercomputers to have a crack at it, and the same is probably true when it comes to the FBI, which is in many ways worse and more aggressive than the NSA; the FBI infiltrates Windows with CIPAV). If the widely-cited reports are true and the NSA knew Heartbleed® (and used it for two years) [14-17], then it’s a massive revelation (the NSA denies this, but denials from the NSA are worthless given its track record when it comes to truth-telling).

Perhaps the most disturbing thing about the story is, the NSA may have discovered Heartbleed® years ago (if not made it, which sounds unlikely [18]) and the firm of Microsoft’s ‘former’ security chief is making a profit from this [19] (the Heartbleed® bounty is partly paid by Microsoft and the partly Microsoft-owned Facebook). A bunch of opportunists got paid for irresponsible disclosure that damaged the Internet [20,21] and harmed many people’s privacy (potentially leading to some people’s deaths).

The GNU/Linux brand is profoundly damaged by this (many GNU/Linux sites mentioned it [22-24]) even though the bug also affects Windows and Apple operating systems. To us it will always seem like marketing campaign coordinated to take place at a strategic date (Windows XP EOL).

Has Microsoft’s Howard Schmidt decided to ‘leak’ it to distract from XP EOL (which means insecurity by policy)? Perhaps. Schmidt had worked with the FBI, so he could have some inside knowledge. He might have former colleagues who could tell him about this (even leak it to him) before he would hype it up, give it a scary name, make a dot com web site, a logo, et cetera, essentially ‘merchandising’ the FUD. █

Related/contextual items from the news:

1. OpenBSD Team Cleaning Up OpenSSL

2. OpenBSD has started a massive strip-down and cleanup of OpenSSL

3. Please Put OpenSSL Out of Its Misery

4. GNUtls: GnuTLS 3.3.0

5. How to stop the next Heartbleed bug: pay open-source coders to protect us

6. Will Open-Source Money Prevent the Next Heartbleed?

7. 3 big lessons to learn from Heartbleed

   The devastating OpenSSL vulnerability proves the importance of data center orchestration, the wisdom of running older versions, and the need to give back to the OpenSSL project

8. Heartbleed: developer who introduced the error regrets ‘oversight’

   Submitted just seconds before new year in 2012, the bug ‘slipped through’ – but discovery ‘validates’ open source

9. After Heartbleed: 4 OpenSSL alternatives that work

10. Heartbleed: Open source’s worst hour”>Heartbleed: Open source’s worst hour

11. Does the Heartbleed bug refute Linus’s Law?

    The mistake being made here is a classic example of Frederic Bastiat’s “things seen versus things unseen”. Critics of Linus’s Law overweight the bug they can see and underweight the high probability that equivalently positioned closed-source security flaws they can’t see are actually far worse, just so far undiscovered.

12. Heartbleed: Is Linus Torvald’s law invalid?

    How much data was compromised? How many billions lost? None that we know of. How much does the world loses every year because of Microsoft’s proprietary technologies? Billions of dollars are lost; nations’ securities are compromised and people lives are exposed to risks.

    A majority of NSA attacks won’t be possible without bugs in Microsoft products which the company reportedly shares with the agency so that it can be exploited to hack into computers that NSA can spy on. Microsoft bugs allowed USA to take down nuclear programs of countries like Iran, Microsoft bugs enabled NSA to spy on French president. Microsoft bugs allowed ‘alleged’ Chinese crackers to run a massive scale espionage against human rights activists in the US. In addition there are unaccounted thousands of cases every year where people and businesses lose millions due to security holes in Microsoft products.

13. Heartbleed security flaw may not be as dangerous as thought

    But today, the content distribution network CloudFlare has announced Heartbleed may not allow access to those private keys after all. In two weeks of testing, the company has been unable to successfully access private keys with Heartbleed, suggesting the attack may not be possible at all. “If it is possible, it is at a minimum very hard,” researcher Nick Sullivan writes. “And we have reason to believe… that it may in fact be impossible.” If true, it makes Heartbleed much less dangerous than many had feared, offering a saving grace for compromised sites. Sullivan acknowledged that, in security tests, some private keys had been revealed by first requests to Apache servers, but he linked this to the process of restarting the server, which would severely limit the exposure to outside actors. Methods have also surfaced to help services tell if attackers have hit their servers using the bug. “Heartbleed still is extremely dangerous,” says CEO Matthew Prince, “but some of the worst fears about it having been used by organizations like the NSA to hoover up everyone’s private SSL keys look pretty unlikely to us based on this testing.”

14. NSA has been exploiting Heartbleed for two years, leaving Americans exposed to cyber criminals: report [updated]

    As people were wondering NSA’s role in Heartbleed, it turned out that the agency was reportedly aware of the bug, as Bloomberg reports, for the last two years and has been exploiting it to spy on people. If the reports are true and NSA was aware of the bug and instead of getting it fixed it let extremely critical info of US citizens exposed to cyber criminals then NSA does need more oversight from the government.

    Heartbleed was not some minor bug, it affected almost every major web-service including Gmail, Amazon, Yahoo! and many more – holding the potential of exposing sensitive data to criminals. However, as soon as the bug was discovered the Open Source community immediately responded, patched the bug and start pushing the updates.

    While the Americans and the people from around the globe were exposed to cybercriminals, NSA was supposedly busy harvesting passwords and other critical to add it to already massive database.

    Bloomberg quotes Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer, “It flies in the face of the agency’s comments that defense comes first. They are going to be completely shredded by the computer security community for this.”

15. NSA Said to Exploit Heartbleed Bug for Intelligence for Years

16. Bloomberg: NSA Knew About, Exploited Open Source Heartbleed Bug for Years

17. The NSA has exploited Heartbleed bug for years, Bloomberg reports

18. Heartbleed coder admits ‘oversight’ but backs open source

    Seggelmann submitted the code at 11:59pm on New Year’s Eve 2011, but claims the timing had nothing to do with the mistake. Although the bug was also missed by the review process for OpenSSL, an open source project written and reviewed by volunteers, Seggelmann told British newspaper The Guardian that the bug’s eventual discovery shows the value of publically available open source code.

19. Why a hacker got paid for finding the Heartbleed bug

    Microsoft and Facebook have also provided financial backing to Internet Bug Bounty, out of which Mehta’s prize money came, after running their own internal bug bounties that were very successful. Their money is benefiting the internet as a whole, but they don’t decide what money goes where.

20. The Internet’s Telltale Heartbleed

21. Heartbleed developer explains OpenSSL mistake that put Web at risk

22. SteamOS Affected by Heartbleed Bug, Valve Hasn’t Updated the OS Yet

23. Linux Foundation Responds to the Heartbleed Bug

    It’s nearly impossible to know for sure, due to the nature of the vulnerability, how much the Heartbleed vulnerability was used to snoop on secure data. We recommend for our sites the same as for other sites: first, watch for a statement to come out from your financial institutions, email providers, and others, which shares whether they were affected. Start changing your passwords. Use different passwords on different sites and store them in a password safe like KeePass, LastPass or 1Password. That way, if any sites that remain vulnerable leak your password, it won’t affect any other sites. Check back on sites that post statements after you changed the password, and then change the passwords again if needed.

24. Working Out “Serious Security Flaws” In DRM Drivers

    While many are still busy working through fallout of the OpenSSL Heartbleed bug within organizations, on a separate but security related note, kernel developers specializing in the Direct Rendering Manager (DRM) graphics drivers are working to beef up their own driver security.

Permalink A Single Comment      Send this to a friend

Microsoft is Leaving Windows — Including Vista 8.1 — Vulnerable to Non-Government Crackers, Not Only to NSA

Posted in Microsoft, Security, Windows at 6:39 am by Dr. Roy Schestowitz

Install the latest back doors or be left vulnerable to crackers other than the NSA

Summary: Microsoft makes it ever more evident that securing users of Windows is not at all a priority, and perhaps not even a desire

MICROSOFT WILL never brag about it to the public (only to the government), but Windows, including Vista 8, contains back doors for the NSA. While FOSS developers work hard to ensure security of their programs, with Microsoft any such concerns are irrelevant because security is not even a goal.

It was rather amusing to see this report which says “Microsoft TechNet blog makes clear that Windows 8.1 will not be patched; users must get Windows 8.1 Update if they want security patches” (the report is titled “Microsoft confirms it’s dropping Windows 8.1 support” and it was published by the Microsoft-affiliated IDG).

But wait, it gets worse than abandonment of users and NSA back doors. According to this: “If you still have XP and use Microsoft Security Essentials you will have problems today.. You will get errors relating to MsMpEng.exe when trying to go into windows and windows will slow down to a crawl mimicking a virus.. You need to boot into safe mode and disable the Microsoft Antimalware Service in your services then boot into your normal profile and uninstall the program.”

“Microsoft makes shutdown of their meaningless “security” application cripple XP,” wrote Will Hill. “I’m surprised that I have not gotten any calls about this. Oh yeah, no one is at work yet. I don’t think the treatment planning computers use this, but I’m going to sent a heads up.”

So Microsoft goes further in making Windows XP users less secure from non-government crackers. Wonderful! █

Permalink Leave Your Comment      Send this to a friend

04.16.14

More Microsoft Subsidies to Patent Troll Intellectual Ventures

Posted in Bill Gates, Microsoft, Patents at 3:03 pm by Dr. Roy Schestowitz

Patent sharks still collaborate

Summary: Microsoft hands money to Bill Gates’ close friend who is the world’s largest patent troll

WE recently explained that Apple and Microsoft were helping trolls and preventing patent reform in the United State. Intellectual Ventures, the world’s largest patent troll (funded in part by Microsoft and Bill Gates) was having financial difficulties, so guess who’s stepping in to the rescue, essentially subsidising trolling? Intellectual Ventures is said to have “persuaded Microsoft and Sony to invest in its latest acquisition fund” (of patents). Once again, as in Rockstar, Microsoft and Sony align in patent agenda and as Masnick puts it, “while many of the companies have indeed avoided giving IV any more money, it appears that Microsoft and Sony were quite happy to dump a lot more cash into IV, which has now ramped up its patent buying efforts again (as well as its lobbying and political contributions in an effort to kill off patent reform). Microsoft, of course, has always been close to IV, seeing as it was started by the company’s former CTO, Nathan Myhrvold, who is also a close friend of Bill Gates (who has directly helped IV get some patents). Similarly, Microsoft has become one of the most aggressive patent abusers over the last decade, increasingly relying on its stock of patents to make money from other people’s innovations, rather than innovating on its own.”

“This is racketeering by proxy.”Masnick correctly concludes that “via Intellectual Ventures and its own patent holdings, Microsoft seems to be trying to make sure Gates’ prediction is a reality. It all fits in to the same paradigm we’ve observed for years. When you’re young, you innovate. When you’re old, you litigate. Microsoft appears to have given up on innovation, but is ramping up on litigation, and re-investing in patent trolling via Intellectual Ventures is merely the latest step.”

This is racketeering by proxy. It’s part of the patent-stacking strategy which includes even Nokia and Apple. Bill Gates, which is a close partner of the world’s largest troll, has a lot to do with it. In a system where billionaires enjoy zero accountability jails are reserved only for petty ‘crimes’. █

Permalink Leave Your Comment      Send this to a friend

Aiding Microsoft Under the Disguise of ‘Pro-FOSS’

Posted in Free/Libre Software, Microsoft, Mono at 2:47 pm by Dr. Roy Schestowitz

Summary: Not everything which is FOSS necessary becomes, by virtue of existence, a positive contribution, as we are constantly reminded by projects that help proprietary software and/or restrictions get a strong grip on FOSS

THE word is out that Mono booster Seif Lotfy has just joined the Microsoft Trojan horse best known as Ximian/Novell/Xamarin — the company where Microsoft MVP Miguel de Icaza uses financial support from Microsoft to infect everything (not just FOSS) with .NET. This is yet another recruitment which helps reinforce our suspicions about the goals of Xamarin.

Meanwhile, suggests this post from a UEFI ‘secure’ boot apologist, “a significant proportion of existing systems can probably have their Secure Boot implementation circumvented.”

So why support them in the first place? We have already shown several ways of breaking ‘secure’ boot and even remotely vendalising entire motherboards using ‘secure’ boot. Both Mono and ‘secure’ boot deserve to be dropped into the digital wastebasket. Their outcome is harm to FOSS and to computing in general. █

Permalink Leave Your Comment      Send this to a friend

04.15.14

Apple and Microsoft Actively Lobbying Against Patent Reform in the US

Posted in Apple, Microsoft, Patents at 10:23 am by Dr. Roy Schestowitz

Summary: Apple and Microsoft are reportedly intervening/interfering with US law in order to ensure that the law is Free/libre software-hostile

HALF A DECADE after the Bilski case, where SCOTUS helped legitimise software patents by not striking them out, SCOTUS gets another chance to kill software patents in their country of origin.

The SFLC wrote about its role a few days ago, noting: “In each Supreme Court brief that SFLC has filed over the years we have included a little note on the first page declaring that the brief was made using only free software. This point was particularly important in our most recent brief, for a case named Alice Corporation v. CLS Bank, which was argued in front of the court last week. Our use of free software was particularly important this time because we argue in our brief that free software has been responsible for the major software innovations of the modern era. In partial support of that claim I want to show you our document creation process and tell you about the free software we use to take text from an email and turn it into a camera-ready Supreme Court brief, then a website, then an eBook.”

Watch how Microsoft and Apple work to eliminate the possibility that software patents or even patent trolls will be eliminated. As TechDirt put it some days ago: “Back in December, we noted that the House Judiciary Committee had approved an unfortunately watered-down, anti-patent troll bill. It was better than nothing, but we hoped that the Senate would approve a much stronger version. For a while it seemed like that was likely to happen, but… those who abuse patents are pretty damn powerful. Even those who have been hit by patent trolls in the past, like Apple and Microsoft, have decided to join forces in lobbying against meaningful patent reform. They’ve been pushing to water down the Senate’s bill, taking out nearly everything that would make the bill useful — and it appears that they’re succeeding.” █

Permalink Leave Your Comment      Send this to a friend

Lawsuit by Microsoft Shareholder Targets Fine for Crimes Rather Than the Crimes Themselves

Posted in Antitrust, Bill Gates, Courtroom, Microsoft at 10:13 am by Dr. Roy Schestowitz

Summary: A new lawsuit by a Microsoft shareholder shows everything that’s wrong with today’s model of accountability, where those who are responsible for crimes are accused of not avoiding fines rather than committing the crimes

THE MENTALITY OF greedy investors, and more so investors who put their money in a criminal enterprise, is worth noting. Microsoft has a long history of crime and the investors occasionally sue not because the act of committing crime is bad but because Microsoft fails to dodge the fines (i.e. there is conviction for the crimes).

Here we have a new example of an investor in a criminal company complaining about the wrong thing. To quote the Indian press: “The lawsuit, brought by shareholder Kim Barovic in federal court in Seattle on Friday, charges that directors and executives, including founder Bill Gates and former chief executive officer Steve Ballmer, failed to manage the company properly and that the board’s investigation was insufficient into how the miscue occurred.”

The problem is not that they “failed to manage the company properly”; as we saw in court documents, the crimes go all the way to the top and include instructions from Bill Gates, who chose to break competition laws. This “Supreme Villain” is now spending his wealth on PR (distracting from his crimes), in order to gain yet more wealth while paying virtually nothing in tax.

Here is a new article about protests against Bill Gates profiteering from private prisons.

Criminals rarely change their spots, they just change how the public perceives them. Gates was personally responsible for many of Microsoft’s crimes (and we have the documents to prove it), but nowadays he is busy bribing much of the press and even blogs in order to paint a different picture while he keeps hoarding a lot more money (at everyone else’s expense). Historically there were people like Gates who used the same tactics to alter public opinion. What’s truly shameful is that the biggest (more expensive) crimes still lead to no jail sentence, especially when the government is funded and run by corporations. █

Permalink Leave Your Comment      Send this to a friend

Public Institutions Must Dump PRISM-Associated Software

Posted in GNU/Linux, Microsoft at 9:56 am by Dr. Roy Schestowitz

Image by Will Hill

Summary: Another reminder that taxpayers-subsidised services should refuse, as a matter of principle, to pay anything for — let alone deploy — proprietary software with back doors

A FEW days ago we spoke about those who choose PRISM at taxpayers' expense, essentially choosing spyware at the expense of taxpayers who will suffer from it. Glyn Moody has published a good article about how it’s done to the British public [1], where the government pays Microsoft a lot of money because Microsoft’s own software is very insecure. This is a problem not just here in the UK.

Mr. Pogson links to IDG reports that say US “Tax collector has 58,000 PCs still running the aged XP; will spend $30M to upgrade to Windows 7″ (not even immediately). There is more about this in the British press [2] and it turns out not to be the exception.

What’s worth noting, however, is that NSA works with Microsoft, a US-based company, so the above behaviour is even more irresponsible when done outside the US. There is an interesting new petition at Avaaz titled “Computers in the post-Snowden era: choose before paying!”

To quote: “When you buy a computer, a telephone, a tablet-pc, etc., you make your choice first, and then you pay. But meanwhile, quite often you first pay the licence of an operating system (Microsoft Windows, MacOS, etc) which you then choose to use or to replace with another one. As a result, the vast majority of us all use the operating system that mainly beneficiates from this forced sale. Our addiction is so high that even those actors that should be neutral in principle help this situation continue: state, administration, school, city administration, etc. We are thus technologically very dependent, hence vulnerable. Thanks to Edward Snowden, it is now established that intelligence agencies modify hardware (computers, routers, firewalls, etc) and software (Microsoft Windows, probably all Apple operating systems, probably one GNU-Linux distribution, etc) to massively listen to communications and illegally penetrate into computers.”

It is time to publicly chastise government institutions — more so than private businesses which are only accountable to themselves and the law — over use of spyware such as Microsoft Windows. █

Related/contextual items from the news:

1. Windows XP: End of an Era, End of an Error

   This is little more than polite blackmail: if you don’t upgrade, your systems will become infected, you will lose data, and your reputation may well be ruined as a result. The stakes are incredibly high: the Microsoft-sponsored study I wrote about last week puts the global cost of flaws in Microsoft’s software at around $500 billion for 2014 alone.

   And yet despite the astonishing magnitude of the threat, laid out by Microsoft itself again and again, in various ways, people still stick with Windows XP. Really, there is no greater condemnation of Windows XP’s successors than the fact that huge swathes of Microsoft’s user base simply don’t want to upgrade.

   Shockingly, that applies to the UK government, too. Of course, they at least realise that they can’t simply carry on using Windows XP without at least nominal protection, but the price they pay for their stubborn refusal to move off XP is high…

2. US taxman blows Win XP deadline, must now spend millions on custom support

   The April 15 deadline for Americans to pay their federal income taxes is fast approaching, but the US Internal Revenue Service has already missed an important deadline of its own – namely, Microsoft’s end-of-support date for Windows XP.

3. Windows XP Alive & Well in ICS/SCADA Networks

   End-of-life for XP support not raising many red flags in critical infrastructure environments, where patching is the exception.

Permalink Leave Your Comment      Send this to a friend

Microsoft Gets Its Money’s Worth From Xamarin: PlayStation 4 Now Polluted by Microsoft

Posted in Deception, Microsoft, Mono at 4:33 am by Dr. Roy Schestowitz

Summary: The Trojan horse of Microsoft, Xamarin, is pushing .NET into Microsoft’s console competitor

EARLIER this month we learned about Xamarin signing deals with Microsoft after receiving funds from the firm of ‘former’ Microsoft executives. Those two entities not only collaborate on code inside Mono but they also collaborate on many other things, including, based on Phoronix, infecting the PlayStation 4 like they tried to infect Android for years. “For those wanting to work on console games in C#, Mono’s PlayStation 4 support work appears to be progressing well,” Phoronix explains, citing Microsoft MVP Miguel de Icaza, who has more to say.

Never think that people who work for Microsoft will do anything other than promote Microsoft’s agenda. The firm Black Duck, created by a Microsoft manager (and now enjoying a special partnership with Microsoft), is still pretending to be a spokesperson for FOSS. How gross is that? █

Permalink Leave Your Comment      Send this to a friend