EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.13.14

Forget the FUD About Bash and OpenSSL, Microsoft Windows Blamed for Massive Credit Cards Heist

Posted in Microsoft, Security, Windows at 12:56 pm by Dr. Roy Schestowitz

Knob sets

Summary: Home Depot learns its lesson from a Microsoft Windows disaster, but it stays with proprietary software rather than move to software that is actively audited by many people and is inherently better maintained (Free/libre software)

MEDIA that is owned by large corporations likes to talk about FOSS bugs that have logos and brands not because there are many known incidents where harm was done but because FOSS is an easy scapegoat. Microsoft Windows, which has had bug doors for nearly two decades (very serious and remotely exploitable), should not be used on any production environment, but some businesses are evidently foolish enough to put it on critical systems, knowing damn well (they definitely should know it by now) that the NSA collaborates with Microsoft on back doors access and uses back doors for espionage (both industrial and political).

Earlier this year we asked journalists to call out Windows and urged Home Depot to speak about the role of Microsoft Windows in its massive (existence-threatening) incident that left millions of people (with credit card details) in the hands of crackers.

Microsoft Windows — not some FOSS bug with a logo and/or a name — punished not only Home Depot but also millions of innocent customers who did not know that Home Depot relied on Microsoft Windows for storing/processing sensitive details.

“Microsoft Windows — not some FOSS bug with a logo and/or a name — punished not only Home Depot but also millions of innocent customers who did not know that Home Depot relied on Microsoft Windows for storing/processing sensitive details.”Now there is acknowledgement of this, based on the report “Home Depot blames Windows for record hack, rushes out to buy Macs and iPhones afterward”. So basically they are moving to another proprietary platform with back doors. Apple has already admitted the existence of back doors in iOS, for example, and tried to pass them off as “diagnostics”. If Home Depot is serious about security, then GNU/Linux and other Free software (even BSD) should be universally used at Home Depot.

Home Depot should generally cleanse itself of proprietary software, which is totally unsuitable for credit cards handling because it has back doors and other security issues, mostly inherent issues. Other companies should learn from Home Depot’s mistake and never again process important data using proprietary software. The bad reputation that Home Depot gets from this incident is now putting the whole business in jeopardy and based on news reports about surveillance software Skype (after the Microsoft takeover), Microsoft wants to put it at the very heart of businesses, enabling wiretapping of unprecedented proportions, even inside private businesses (not some mundane chats). Only days ago the Electronic Frontier Foundation warned that Skype is inherently insecure and so is WhatsApp, which is owned by a partly Microsoft-owned company (Facebook). Here is what Beta News wrote:

Secure communication is something we all crave online, particularly after Edward Snowden’s NSA revelations increased public interest in privacy and security. With dozens of messaging tools to choose from, many claiming to be ultra-secure, it can be difficult to know which one to choose and which one to trust. Electronic Frontier Foundation (EFF) has published its Secure Messaging Scorecard which rates a number of apps and services according to the level of security they offer.

Businesses should shun not only Microsoft but proprietary software in general (Microsoft tends to be one of the worst among them) if they wish to secure their communications, respect their customers’ safety, and ultimately assure their survival. Use of proprietary software is no joking matter; it can be lethal. The corporate press has hardly done enough — if anything at all — to highlight the real culprit in the Home Depot disaster.

Windows ‘Update’ and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows

Posted in Microsoft, Security, Windows at 12:22 pm by Dr. Roy Schestowitz

Summary: The back doors-enabled Microsoft Windows is being revealed and portrayed as the Swiss cheese that it really is after massive holes are discovered (mostly to be buried by a .NET propaganda blitz)

Windows ‘Update’, which essentially translates into Microsoft manipulating binaries on people’s machines without any changelog (at least not in source code form), is making the news again this month. Windows ‘Update’ is happening quite often (a monthly recurrence), but this time there is a lot to say about it.

The British NHS, which holds full medical records of very many individuals, recently received a lot of flack for sticking with an unsupported operating system that was released when I was a teenager instead of upgrading to recently-built Free software like GNU/Linux. Guess what happened to the NHS? “NHS XP patch scratch leaves patient records wide open to HACKERS” says the British press, meaning that not only the NSA gets access to NHS data:

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal.

Another story of a botched update of Windows says that “Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud”:

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft’s Windows Update mechanism.

That’s what one gets when using weak ciphers that the NSA promotes and Microsoft willingly spreads. Windows Update is a dangerous tool for many reasons not just because it is bricking Linux devices these days but because it’s a tool that gives the NSA a lot of power. Before an update kicks in the NSA is given information that allows it to take full control of PCs with Windows, remotely even (this is done every month). This may sound benign until one learns about Stuxnet (weaponised malware of the NSA) and considers this latest Patch Tuesday:

Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows. And applying the patches will be time consuming, experts say.

“Next week will tell us how many CVEs are involved but suffice to say, this patch load will be a big impact to the enterprise,” says Russ Ernst, the director of product management for Lumension.

CBS, being not just a proponent of espionage, mass surveillance, assassination and violent wars but also a proponent of back doors, had its site ZDNet downplay the above. “So far in calendar year 2014,” it said, “Microsoft has fixed 215 vulnerabilities in Internet Explorer” (lots of potential NSA back doors). Then come some lame excuses and damage control from Microsoft in the update, trying to make its bad record look like a positive, neglecting that fact that Microsoft has been secretly patching holes to yield fake numbers and give a false sense of security. Here is the full summary:

So far in calendar year 2014, Microsoft has fixed 215 vulnerabilities in Internet Explorer, with more coming out today. There have been security updates to Internet Explorer every month this year except for January.

This other report, titled “Potentially catastrophic bug bites all versions of Windows. Patch now”, does not entertain the possibility of back/bug doors in Microsoft Windows being exploited, despite that fact that Microsoft already told the NSA (prodifing exploit knowledge), which undoubtedly engages in illegal intrusions/cracking. A report from IDG notes that this bug is nearly two decades old and add that only “[w]ith help from IBM, Microsoft has patched a critical Windows vulnerability that flew under the radar for nearly two decades. ”

“How many times might this flaw have been exploited by now?”So IBM, despite having no access to source code (as far as we can tell), was perhaps the only reason why Microsoft addressed this issue two decades late, eh? How many times might this flaw have been exploited by now? A reader of us, alluding to that nonsense .NET PR, explains: “Perhaps a big reason for the PR teams trumpeting the open-core or freemium model?”

It sure serves as a good distraction. When Windows XP support (patches) came to an end a Microsoft-connected firm immediately (on the very same day) started throwing brands and logos in relation to an OpenSSL bug, stealing the show and spreading FUD for many months, generalising it so as to appear like a serious, inherent issue in FOSS.

Watch this critical remote code execution flaw in Windows. It is extremely serious, but there is no logo or brand for it (unlike FOSS FUD like “Heartbleed” or “Shellshock” — with a brand that was even perpetuated by the Russia-based Mandriva the other day).

Revealed: Microsoft is Trying to Corrupt the UK in Order to Eliminate Its OpenDocument Format-Oriented Standards Policy

Posted in Microsoft, Open XML, OpenDocument at 11:43 am by Dr. Roy Schestowitz

British flag

Summary: Microsoft interference with Britain’s preference for ODF is now confirmed, thanks to a valuable news report from Computer Weekly; OOXML lock-in is being unleashed by Microsoft on Android users

NUMEROUS articles in the British press have been pointing out too slow an adoption of ODF in the UK, despite policies that demand it. Now we have a better understanding of potential causes.

As a quick recap, here is a partial chronology of this year’s developments:

  1. UK Government Seems to Be Serious About Moving to Free Software and OpenDocument Format This Time Around
  2. In Another Attempt to Derail British ODF Policy Microsoft Calls Its Systematic Bribery “Internationally Recognised”
  3. Response to ODF as Government Standard Proposal
  4. Amended Comment Regarding ODF as Document Standard in the UK
  5. UK Government Adopts OpenDocument Format (ODF) and Microsoft Already Attacks the Government Over It, Showing Absolutely No Commitment to Open Standards
  6. Groklaw Back in the Wake of ODF in the UK?

So ODF adoption in the UK is only a matter of time. But we have already known based on limited evidence (or a conspiracy of silence) that Microsoft worked silently to crush this policy. Yes, Microsoft claims that it “loves” FOSS and Linux or “supports” ODF while secretly attacking them all by corrupting the political system in the UK, striving to suppress them and ultimately kill them.

Now comes new evidence that shows how people at the highest levels at Microsoft are getting involved to block ODF, i.e. anything which merely permits Free software to compete on fair grounds. Computer Weekly has a couple of good articles, the first of which states that “Departments lack common targets for implementing open-document standards” and the second one telling us “the curious case of Microsoft and the minister”. As it turns out, the software monopolist clearly strikes back behind people’s backs. To quote the article: “Microsoft consistently opposed the policy, which the software giant saw as its last chance to overturn the UK government’s broader plans for open standards. As emails seen by Computer Weekly reveal, the decision became an issue in the supplier’s Seattle boardroom, and brought the lobbying powers of the software giant into full force in Whitehall.

“There has been speculation about the role played by senior government minister David Willetts, then minister of state for universities and science in the Department for Business, Innovation and Skills (BIS), but who later left the post in David Cameron’s 2014 summer reshuffle.

“An investigation by Computer Weekly has revealed that – according to well-placed sources – Microsoft turned to Willetts to help win its case, with the supplier’s global chief operating officer (COO) Kevin Turner getting involved. But neither BIS nor David Willetts himself is willing to discuss the role the minister played in Microsoft’s attempts to influence this obscure but vitally important part of government IT policy.

“Willetts was the government’s liaison point for Microsoft, as a major employer and investor in the UK economy. He also served as co-chair of the Information Economy Council, a body set up to enable dialogue between Whitehall and the IT industry over future policy.”

One should bear in mind that Britain is perhaps at the forefront of ODF adoption. There is an imminent London-based ODF event, just like those Plugfests from back in the days, and departments of government are expected to move to ODF. However, based on recent reports they are slow to conform or obey these requirements.

Last week we wrote to Linda from the Cabinet Office, hoping to get her and her colleagues’ attention amid dirty tricks from Microsoft. In a personal E-mail I stated:

Several months ago we had an amicable exchange in which I alerted Cabinet Office, through the comments, that Microsoft would likely oppose its policies in subversive and underhanded/secretive ways.

Two new articles from Computer Weekly serve to prove my point now and I hope that you and your colleagues will spare some times to read them, especially the following article:

http://www.computerweekly.com/news/2240234078/Government-open-standards-the-curious-case-of-Microsoft-and-the-minister

The more transparent the Cabinet Office makes this process, the more the British public will be able to protect the Cabinet Office from such self-serving foreign influence that strives to expand the reach of back doors, surveillance, predatory pricing, and format lock-in.

To quote the aforementioned (first) article from Computer Weekly:”Whitehall departments have begun to publish their plans on how to implement the government’s open-document standards policy – but so far, each appears to be working to very different timescales. One department – the Treasury – has stated it won’t see full implementation until as late as 2018.

“The Department for Communities and Local Government (DCLG), Department for Environment, Food and Rural Affairs (Defra), UK Trade & Investment (UKTI) and the Treasury have published their plans so far. The Treasury said it will not be fully implementing the mandated open-document standard until February 2018, three years after other departments.”

The ODF-friendly UK policy might not survive if the British public does not get involved and helps the politicians or public servants resist brutal lobbying from Microsoft, which knows no boundaries. Here is another new article of interest:

From this week, it has promised to publish PDFs and Word documents in PDF/A and ODS formats respectively.

However, on Excel, which are most commonly published as “live” data tables, it said: “Content producers should convert to ODS format before submitting to digital content teams.

“However the statisticians have identified problems with certain spreadsheets – where drop-down filters fail to work when converted – more work needs to be done on finding a solution to this problem and DCLG will to commit to the spreadsheets where possible will be published from 1 November 2014 being in an ODS format.”

DCLG said that it is committed to opening up government and providing a level playing field for open source systems, providing the citizen with free access to government information.

I was in Whitehall some days ago, so I passed next to many of these government offices. The place is plagued by greedy businessmen and tourists, so the voice of the British people can hardly be heard. We need to become more loud about it and contact such people without shame or shyness. Microsoft is so desperate to spread OOXML everywhere that it now goes after users of the most widely used operating system (Android/Linux), aided by spin from Microsoft partner and booster Tony Bradley among other spinners who are spreading OOXML lock-in by promoting OOXML for mobile devices (Android does not even handle ODF out of the box, which is a great shame for Google). Microsoft first sought a monopoly on the application (office suite), then it pursued a monopoly on the format (OOXML), and now it is pursuing even a monopoly on the files with its so-called ‘cloud’ (storing all files on Microsoft’s servers).

11.12.14

.NET is NOT “Open Source”, But Microsoft’s Minions Shamelessly Openwash It Right Now

Posted in Deception, Microsoft, Mono at 2:06 pm by Dr. Roy Schestowitz

How many clueless or lazy journalists will drink the Kool-Aid?

Woman addicted

Summary: The openwashing of .NET continues with yet another publicity stunt that is intended to lock in developers

THERE is some propaganda campaign going on right now. Judging by who’s spreading it with love letters to Microsoft, one cannot miss the source and the method of distribution. We must write quickly to counter the marketing, which is basically a load of selective/subjective misinformation and spin.

The biggest disappointment (but not a surprise) comes from Phoronix, which habitually covers Mono (for over 5 years now). One can see the comments (forum) for corrections. Michael Larabel is relaying Microsoft PR without quite checking the facts and so do a few other writers who jump the gun and are spreading to some Linux sites Microsoft’s misinformation. One can expect this from Microsoft-funded networks like GigaOm (Microsoft used to pay Om Malik for Microsoft advertising disguises as articles), so nonsense like this is not too shocking. We sure are expecting lots of Redmond-based and Microsoft-affiliated Web sites to virtually spam the news until the weekend (and even after the the weekend) with false claims that .NET is “open source” even though it’s not. Watch Microsoft press minions like Mary Jo Foley spreading the PR (at least not with a misleading headline). We also expected the likes of Miguel de Icaza to continue to openwash .NET because Microsoft does an “open core” PR publicity stunt (promoting a trap as though it’s “open”). Don’t be fooled by this widely-cited post with a bad headline that is very misleading. Down at the body is says: “There are three components being open sourced: the .NET Framework Libraries, .NET Core Framework Libraries and the RyuJit VM. More details below.”

“Xamarin’s Nat Friedman and Microsoft’s Scott Hanselman can scream and shout “open source” all they want but merely talking about some components going MIT licence and saying that “Visual Studio Community is now FREE to download” is not the same as .NET becoming “open source”.”So that’s not the whole. The headline is sensationalist garbage. It is very misleading as Microsoft is doing an “open core” PR stunt, it is not open-sourcing .NET. Net Friedman and other Microsoft minions (funded by Microsoft veterans to essentially act as moles inside FOSS) repeat these same claims that may actually bamboozle a lot of journalists. Jo Shields and fellow Xamarin puppets of Microsoft, for example, try to mislead similarly while very openly promoting Microsoft’s marketing (they even relay Microsoft staff’s tweets verbatim, showing who they’re rooting for).

Well, taking the actually news into account, no doubt it’s good for Xamarin, but it’s a proprietary software company whose interests intersect with those of Microsoft, not FOSS.

Xamarin’s Nat Friedman and Microsoft’s Scott Hanselman can scream and shout “open source” all they want but merely talking about some components going MIT licence and saying that “Visual Studio Community is now FREE to download” is not the same as .NET becoming “open source”. It’s just ‘free’ proprietary, it’s gratis. It’s tied to pricey malware with back doors.

Microsoft is just so desperate to lock in developers, who are rapidly moving away to FOSS and saying goodbye to Windows because Android/Linux is on the rise. The Linux Foundation’s CEO, Jim Zemlin, has already commented on Microsoft’s openwashing attempt, correctly pointing out that Microsoft is just trying to lure in developers because Windows is no longer dominant.

All in all what we deal with is merely a deceiving charm offense, as Microsoft and its minions already made similar announcements some years ago about some components, never the whole. Anyone who states something like .NET is “going open source” is either a liar or a person with reading comprehension issues. Microsoft sure has antagonism for the truth and its followers can be blinded by greed. Gratis proprietary software or proprietary software which includes components that are not proprietary is of no practical use. This is merely an exercise in marketing and presentation.

11.10.14

Microsoft-Armed Patent Troll MOSAID (Now Conversant) Wants to Sweep up More Patents for Litigation

Posted in Law, Microsoft, Patents at 4:38 pm by Dr. Roy Schestowitz

Summary: Reports about patent trolls and scope of patents serve to show what the foes of Free software are up to right now

WE HAVE spent almost half a year covering analyses of the Alive case because it may signal the demise of software patents in the United States (home of software patents). Lawyers were consistently denying it would have an impact on granting/rulings, but facing the real facts they must now admit that they were wrong. One patent-wielding parasite, a law firm called Barnes & Thornburg LLP, wrote an article in a few sites of lawyers, concluding: “For patent litigation, the data are not as clear as the USPTO data, but data suggest that § 101 challenges to issued patents are becoming more common—as well as more likely to succeed. New patent litigation filed in September 2014 (329 cases) was a 40% reduction compared to September 2013 (549 cases).7 Over the past few years, new patent litigation cases are reduced over the summer but increase again in September. However, a post-summer increase did not happen this year. Although correlation does not equal causation, the Alice decision may make patent holders hesitant to file new litigation due to not wanting to proceed with possible invalid claims under § 101. However, Alice is not the only factor. The America Invents Act provided an alternative pathway to challenge patents–2003 inter partes reviews (IPRs) and 240 covered business method reviews (CBMs) have been requested since September 16, 2012.8 In the first two years, the PTAB has found all challenged claims invalid in 65% of the 126 final decisions. Thereby, there are most likely several contributing factors leading to the decrease in patent litigation, whereby Alice is probably one of several factors.”

What’s nice about this analysis is that it very much contradicts what many law firms foresaw or turned into what was their failed self-fulfilling prophecy. Things are not working out too well for them now. The incentive to patent software is now decreasing and based on this new analysis, even the government is now trying to stop the parasites:

Scanner Patent Troll Slapped On The Wrist By FTC; Told To Stop Misleading Behavior.

For a few years now, the FTC has talked about taking on patent trolls. In 2011, 2012 and 2013, we heard stories about the FTC putting patent trolls “on notice” and getting ready to crack down on them for deceptive practices. Last year, it finally “launched an investigation” into certain patent trolls, starting with notoriously crazy patent troll MPHJ, famous for its rather aggressive form of trolling, using a questionable patent on “scan-to-email” technology, sending out thousands of demand letters from a range of shell companies, telling lots of small businesses that they had to pay between $900 to $1200 per employee if they had a scanner with the “scan-to-email” function (most modern scanners).

Another troll and parasite, the Microsoft-connected MOSAID, is now mentioned in the site of one of the few patent lawyers who early on warned — correctly to his credit — that Alice would do a lot to harm software patents. Check out this part:

John Lindgren, President and CEO of Conversant (formerly MOSAID Technologies), was also on the first panel. He concurred that “the calculus has changed.” He and others on the panel recognized what everyone in the industry has been speaking about, namely that the market for acquiring patents is dead, at least from the point of view of the patentees. The agreement on the panel was that well run non-practicing entities are in a particularly good position to start accumulating patents at a steep discount. Lindgren also predicted that we will see consolidation of the industry both with respect to private and public companies in the NPE or patent monetization space. I concur completely. Recently I wrote about the inevitable rise of super trolls, or super patent trolls. The market is not going away and the actions of Congress and the Supreme Court, which have made individual patents worth far less, and portfolios likewise worth far less, will ultimately work to create the monster that all of this anti-patent activity was intended to prevent. But that is always what happens when politicians attempt to regulate an industry that they don’t understand and Judges are more interested in playing the part of super legislators.

Notice that they have renamed. Conversant is probably an attempt to dodge the bad publicity.

MOSAID is of interest to us because Microsoft has been trying to use it as a proxy, a bit like SCO. Microsoft arranged for MOSAID to receive many of Nokia’s patents, whose optimal and expected target would of course be Android/Linux. Our goal should be to eliminate such patents, not only such nasty trolls, as we are already seeing, as pointed out in the previous post, how protectionism is pursued in the courts, especially corrupt ones like CAFC.

11.05.14

Microsoft Coup D’état: After Paying the Apache Software Foundation and Paying Apache Man to Become Microsoft Employee He Immediately Becomes President

Posted in Free/Libre Software, Microsoft at 7:26 am by Dr. Roy Schestowitz

“Working behind the scenes to orchestrate “independent” praise of our technology, and damnation of the enemy’s, is a key evangelism function during the Slog. “Independent” analyst’s report should be issued, praising your technology and damning the competitors (or ignoring them). “Independent” consultants should write columns and articles, give conference presentations and moderate stacked panels, all on our behalf (and setting them up as experts in the new technology, available for just $200/hour). “Independent” academic sources should be cultivated and quoted (and research money granted). “Independent” courseware providers should start profiting from their early involvement in our technology. Every possible source of leverage should be sought and turned to our advantage.”

Microsoft, internal document [PDF]

Summary: Microsoft staff installed as head of the Apache Software Foundation just half a decade after the Apache Software Foundation sold out

ABOUT six years ago, Apache (or ASF) made itself vulnerable to a Microsoft coup d’état by becoming financially dependent on Microsoft. Apache has, in some sense, sold out. Our previous posts about this include (to list just a subset):

  1. Embrace, Extend, and Apache
  2. Yesterday’s Microsoft Slashvertisement and Apache’s Trip to Redmond
  3. Microsoft Starts the Media Charade Ahead of Apache Conference
  4. Microsoft Pays for a More Microsoft-Obedient Apache
  5. Microsoft Now Tries to Invade Eclipse, Apache (Updated)
  6. Glyn Moody, Pam Jones: Apache Sponsorship Likely an Anti-GNU/Linux Move
  7. Does Apache Show That Money Talks?
  8. Haters of Software Freedom Inside Planet Apache
  9. Microsoft’s Path of LAMP Destruction: From Novell to Apache (the L to the A)
  10. Microsoft Hates Apache, Wanted to Sue It, Now Wants to Ruin It

Apache has since then been trying to pretend it Microsoft would not corrupt the foundation, but readers have sent us links to this new press release asking for money (making the foundation inherently vulnerable), signed by Microsoft’s Ross Gardler, acting as “President”. The word “President” in the press release could just as well be substituted with the word “Microsoft”, as if the press release actually comes from Microsoft. To put it in Gardler’s own words, “I work at Microsoft Open Technologies, Inc.”

He also represents Microsoft at events and “Microsoft Open Technologies” is basically a Trojan horse inside FOSS, dedicated to derailing Free software and injecting Microsoft influence. It’s a shrewd proxy strategy.

This appointment is apparently not quite so new, it’s just that the media didn’t cover it. Based on Wikipedia:

Shortly after joining Microsoft Open Technologies, Inc. the Apache Software Foundation board elected Gardler to act as President…

Wow, what a timing! Reverse Elop?

It apparently dates back to last year. We have heard from some prominent FOSS luminaries that Microsoft tried to buy them off (bribe) too, either with bizarre job offers or some funding (which some may often accept wi,th or without disclosure). Sadly, not all of them are principled and disciplined enough to decline. Microsoft uses its money to crush its competition from the inside (divide and rule) and it’s proving rather effective so far.

11.04.14

Cryptome Reveals How Microsoft Gives the FBI and the NSA Back Doors to Crack Encryption

Posted in Microsoft, Security at 3:06 pm by Dr. Roy Schestowitz

Cryptome

Summary: Cryptome has an article, comprised/composed of hard evidence, revealing ways in which Microsoft enables aggressive spies to break encryption

The FBI does not even pretend not to be pursuing back doors; quite the contrary! It demands them and now insists on legislation that would make them mandatory. The same goes for the NSA, Microsoft’s very special partner. Anyone who still thinks that back doors in encryption are within the realm of “conspiracy theory” must not have paid attention. We wrote about such issues more than half a decade ago. At this stage, judging by thousands of articles on the topic, these factual observations are very commonplace in the press, even in the corporate media.

“Anyone who still thinks that back doors in encryption are within the realm of “conspiracy theory” must not have paid attention.”“Microsoft backdoor bitlocker key escrow for the FBI & NSA,” writes to us David Sugar ‏from GNU Telephony. “From the OS that loves to spy on you,” he added.

Some months ago we showed that a former Microsoft engineer working on Windows BitLocker confirmed that the US government asks Microsoft for back doors and now we have more details on how this is done, courtesy of cryptology enthusiasts in Cryptome:

Microsoft OneDrive in NSA PRISM

A sends:

1) Bitlocker keys are uploaded to OneDrive by ‘device encryption’.

“Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected.

If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created.”

http://technet.microsoft.com/en-us/library/dn306081.aspx

2) Device encryption is supported by Bitlocker for all SKUs that support connected standby. This would include Windows phones.

“BitLocker provides support for device encryption on x86 and x64-based computers with a TPM that supports connected stand-by. Previously this form of encryption was only available on Windows RT devices.”

http://technet.microsoft.com/en-us/library/dn306081.aspx#BKM…

3) The tech media and feature articles recognise this.

“… because the recovery key is automatically stored in SkyDrive for you.”

http://www.zdnet.com/surface-bitlocker-and-the-future-of-encryption-7000024613/

4) Here’s how to recover your key from Sky/OneDrive.

“Your Microsoft account online. This option is only available on non-domain-joined PCs. To get your recovery key, go to …onedrive.com…”

http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq

5) SkyDrive (now named OneDrive) is onboarded to PRISM. (pg 26/27)

http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-

Documents-Uncompressed.pdf

When Microsoft speaks about security it usually means “national security”, i.e. the ability of the state to break security of software. It’s about interception, not security. When Microsoft speaks about ‘secure boot’ it speaks about an antifeature in UEFI that enables the state to remotely brick computers, too.

The sad thing is that amid many BSD milestones as of recently (FreeBSD, OpenBSD, PC-BSD and others) there are those who fall for the false promise of UEFI, which does more harm than good to security. OpenBSD, which takes security very seriously, has already blasted UEFI 'secure boot' and blasted those who support it (including Red Hat), whereas FreeBSD got bamboozled into UEFI 'secure boot' and with it, the FreeBSD-derived PC-BSD gets bamboozled too:

Marking the twenty-first birthday of FreeBSD was the release of FreeBSD 10.1-RC4 and separately was the FreeBSD-derived PC-BSD 10.1 RC2 release.

FreeBSD 10.1-RC4 is expected to be the final RC build of FreeBSD 10.1 and brought fixes for ATA CF ERASE breakage and a race fix that could cause an EPT misconfiguration VM-exit.

More details on FreeBSD 10.1-RC4 can be found via its Sunday release announcement. The official release of FreeBSD 10.1 is now hopefully a few days out with its many new features and changes.

This is not a good idea at all. PC-BSD needs to follow the example set by OpenBSD, not FreeBSD (with its codebase). It sure starts looking like not only Microsoft but Red Hat too is bending over to its lucrative clients and contracts with the Deep State. Based on established observations from one decade ago, including more recent developments that Red Hat refuses to comment on, it seems possible that back doors in encryption (by default) is the de facto standard among large corporations. When they speak about “security” there must be fine prints and they’re omitted from the advertising. At risk of breaking the silence about systemd (because we don’t want to inflame ‘civil wars’), systemd replaces/obviates so much highly mature software that it certainly increases the likelihood of bug doors being introduced in RHEL/Red Hat (systemd‘s patron) and by extension/inheritance many other distributions of GNU/Linux.

11.01.14

Microsoft Still Engages in Criminal Activities Against Linux, Openwashing Efforts Continue Nonetheless

Posted in Courtroom, GNU/Linux, Google, Microsoft at 5:48 am by Dr. Roy Schestowitz

Novell coupons

Image from Wikimedia

Summary: Microsoft collusion with patent extortion (as in the early days of the Microsoft-Novell deal) continues to this date, reveals Samsung

MICROSOFT must be in a state of panic. It does irrational things, like a stranded criminal. Microsoft's lie about 'loving' Linux was facing sheer resistance from FOSS luminaries because the lie is just outrageous beyond words]. It is the very inversion of the truth and it is as ridiculous as saying that BP loves Shell and Shell loves BP, to give just one hypothetical example. It makes no sense at all, so why does Microsoft bother trying?

This new article titled “Samsung says Microsoft deal invites ‘charges of collusion’: filing” has been rather fascinating. Microsoft is apparently ‘loving’ Linux so much that it colludes against it. Well, will Nadella go to prison? Bill Gates and Steve Ballmer perhaps? What silly questions! Rich people don’t get sent to prison for rich people’s (white-collar) crimes. Microsoft pretends to “love” Linux while quite clearly attacking it, still. Android uses the Linux kernel, just as a reminder.

“This is beyond extortion. It’s an antitrust violation and even collusion/corruption.”To quote the article: “Samsung said its collaboration with Microsoft on Windows phones raised antitrust problems once Microsoft completed its acquisition of Nokia’s handset business, according to a court filing.”

So here we have a criminal company using collusion and abuses under the guise and cover of NDAs. As SJVN put it in his blog: “Samsung fires another shot at Microsoft in Android patent battle”

SJVN’s argument is that “[t]his move came as no surprise to lawyers who’ve been following the case. One intellectual property (IP) attorney whose firm is covering the case closely said that Samsung is simply adding another argument to their contention that their existing Microsoft Android patent deal is invalid on business contract grounds.

“According to Reuters, Samsung said it agreed to pay Microsoft Android patent license royalties in 2011, but the deal also stated that Samsung would develop Windows phones and share confidential business information with Microsoft. If Samsung were to sell a certain number of Windows phones, then Microsoft would reduce the Android royalty payments.”

This is beyond extortion. It’s an antitrust violation and even collusion/corruption. Will criminal charges be brought against anyone? Will anyone in government bother trying to press charges? Not likely.

As Mr. Pogson put it the other day, Windows is in very serious trouble and therefore Microsoft is too. GNU/Linux, on the other hand, keeps growing, especially in smaller devices such as phones and tablet, notably owing to Android. To quote Pogson’s conclusion:

So, XP is dead, “7” is dying, “8” is a zombie, and “10” is vapourware with nowhere to call home. M$ continues layoffs. POOF! It all falls down. In the meantime Google and the OEMs will crank out many millions of ChromeBooks. Canonical, Linpus, RedHat, Suse… and the OEMs will crank out many millions of GNU/Linux PCs. Several OEMs will crank out many millions of GNU/Linux thin clients. Android/Linux will reverberate with another billion or so units of small cheap computers(tablets, smartphones). This looks like good news to me.

Yes, well, Microsoft too realises that Linux is winning, so it is left with either the option to demonise it or to monetise it, e.g. through hosting or patent extortion. In a sense, Microsoft needs Linux more than Linux needs Microsoft. Linux needs none of Microsoft. All that Microsoft does is commit crimes against Linux, so Linux proponents can only hope for total elimination of Microsoft.

There are layoffs at Microsoft, as Pogson pointed out, and this includes salespeople. To quote Value Walk: “According to knowledgeable sources who spoke to Business Insider on Friday, October 31st, Microsoft Corporation (NASDAQ:MSFT) is laying off its entire global advertising sales team. The reduction in force comes as the ad sales positions have become largely redundant as individual divisions are handling their own ad sales today.”

Here again we see that these layoffs were not about Nokia. Microsoft tried hard to paint that sort of picture to save face.

When it comes to Microsoft, the more layoffs, the merrier. This company destoryed many jobs using its crimes and these sorts of crimes clearly continue to this date. In a sense, GNU and Linux won’t be safe until Microsoft is totally gone.

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts