EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.20.15

Lenovo’s Superfish Scandal is Spyware on Top of Spyware (Microsoft Windows), the Problem is Inherently Proprietary Software

Posted in Microsoft, Security at 8:55 pm by Dr. Roy Schestowitz

Summary: Shifting focus to the root problem, which is neither Lenovo nor its laptops but the non-free programs installed on hardware

WHEN it was revealed that governments had constructed Stuxnet to sabotage computers almost all reporters refused to call out Windows, despite Stuxnet being exclusive to Windows. The same is happening right now in relation to Superfish. We posted links to a lot of articles about it (see our daily links for about a dozen) and none of them bothered reporting the fact that only clients of Microsoft (the NSA’s ally) were affected. Having watched dozens of articles about it we can say that almost not a single article emphasised that it only affects Windows. Lenovo says it didn’t know about it and given the shadowy background of Superfish (its CEO came from the surveillance complex) it’s possible that Lenovo was tricked or bribed into installing this back door.

“Lenovo’s ThinkPads, which originally came from IBM, are famously GNU/Linux-friendly.”The CBS-owned ZDNet has Microsoft booster Mary Branscombe spinning that Superfish scandal to even imply that people should “love Windows”. Well, at least she points out that it’s a Windows issue, albeit that’s not her intention (she is just a Microsoft mouthpiece seeking to divert blame).

Robert Pogson responded to Branscombe by stating:

I recommend everyone switch to GNU/Linux. It’s easy. Demand your local retailers sell them. Shop online for a GNU/Linux PC. Heck, install it yourself. Heck, you can even get that other OS to start the process. I recommend Debian GNU/Linux, software that works for you, not some corporation with the morality of a snake. The beauty of it is that the licence you get with the downloads includes the right to examine, modify and distribute the software, so you can cut out all that third-party crapware, if there were any. Debian doesn’t bother attaching crapware to PCs it doesn’t sell…

It’s not just that. Windows, with or without crapware, has back doors. GNU/Linux hasn’t. Free software is essential for those who pursue real computer security, as opposed to so-called ‘national security’.

Here is the statement that the FSF has just made about it (hours ago):

Security experts have discovered a highly threatening vulnerability in software preinstalled on some Windows computers manufactured by Lenovo through January 2015. Extreme negligence on the part of Lenovo and unscrupulous programming by its adware partner Superfish seem to have caused the vulnerability.

The FSF does point out that it’s a “Windows computers” issue. Well, there is no such thing as “Windows computers”, as such computers can have Windows wiped and GNU/Linux installed instead. Lenovo’s ThinkPads, which originally came from IBM, are famously GNU/Linux-friendly.

02.14.15

Obsession With Branded Bugs in Free Software, Not Bugging by Proprietary Software

Posted in Free/Libre Software, Microsoft, Security at 4:01 pm by Dr. Roy Schestowitz

Discussions revolve around brands, not objectivity

Rebranded

Summary: The bogus ‘debate’ about bugs, where built-in bugs (like wiretapping, bugging, and back doors in proprietary software) are conveniently overlooked

DESPITE acknowledging that Free software is more secure than proprietary software, Veracode recently turned opportunistic. It was using bugs with "branding" to promote itself and it wasn’t alone.

“FOSS has some bugs, whereas proprietary software is a bug.”Several opportunistic firms, including Black Duck, are appearing in the press again, exploiting “branding” of few bugs in FOSS to sell proprietary stuff. Veracode is again doing it and Black Duck’s latest FUD piece is resurfacing yet again, as very recently noted by us after its placement had been pushed by IDG — an extensive network which gives this proprietary firm a platform as author on FOSS matters. “Black Duck Software presents 5 tips for a secure enterprise relationship with open source,” says IDG, but since when is Black Duck an authority in the area? It’s a proprietary software firm.

FOSS has some bugs, whereas proprietary software is a bug. It’s bugging. We recently wrote about Outlook being ousted as a surveillance platform and amid revelations about the NSA’s spying on EU Parliament Outlook (the ‘app’) is reportedly banned. To quote a British report: “The EU Parliament has blocked politicians from using the Microsoft mobile Outlook app in the wake of security and privacy concerns centred on the siphoning of corporate credentials to a third party, according to reports.

“The Parliament’s IT department, DG ITEC, has reportedly told staff to delete the app and reset corporate email passwords if it was used.”

Nevertheless, the jingoistic Microsoft Peter (Peter Bright) tries to paint Microsoft as “cool” while it is “shutting down a[nother] competitor” as a source put it to us, citing this article:

Microsoft on Wednesday confirmed its purchase of mobile calendar app Sunrise.

This will immediately become a PRISM-included surveillance app. Reading reports about it helps show that the security issue is proprietary software, especially Microsoft’s (the NSA’s top ally). It oughtn’t be so shocking that Black Duck, which is strongly connected to Microsoft, would hastily and repeatedly overlook Microsoft’s ill effect on software, turning software into bugs, wiretapping everyone.

02.11.15

Microsoft Back Door in Windows (All Versions) Intentionally Left Open For Over a Year, Existed for 15 Years

Posted in Microsoft, Security, Servers at 9:38 am by Dr. Roy Schestowitz

Summary: It has become more obvious that Windows back doors are there by design (or knowingly left there by intention) even after Snowden’s NSA leaks

THERE ARE SOME corporate media reports about Microsoft patches, but few realise the significance of it. Microsoft tells the NSA about unpatched holes in Windows and other Microsoft software, which is the equivalent of giving the NSA back door access.

As we noted some weeks ago, evidence shows that Microsoft doesn't care about security and it is evidently the same with Apple. They both sat on known flaws that were critical for longer than 3 months, refusing to patch them. Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).

“Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).”Dan Goodin, who typically spends his ‘journalism’ career bashing Free software over security, has finally decided to shift some focus and write about a massive Windows flaw. It’s a major one, no doubt; But no name, no “branding”…

In Goodin’s own words:

Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.

The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines.

The significant part is in the second paragraph above (“took Microsoft more than 12 months to fix”). We can interpret that as saying that the hole, which NSA used for over a year for back door access (because Mirosoft told the NSA about it), is finally being acknowledged to the public. Therein lies the ‘magic’ of proprietary software. Is the NSA now ‘done’ cracking all the world’s networks that have Windows in them? Is it now ‘safe’ to finally close this back door?

Microsoft Windows is an utter joke when it comes to security, as Microsoft’s own actions serve to show. Back doors surely look like the goal, not an error. Windows was recently used to crack Sony years after the NSA had cracked North Korea’s network. Those who knowingly used an operating system with back doors can’t blame anyone other than themselves and perhaps Microsoft/NSA. Misplaced blame these days typically names China, Russia, or North Korea.

Remember that Microsoft leaves security holes open/in fact anyway, no matter if versions of Windows are supported or not (upgrades are neither simple nor free). As Goodin’s former employer puts it:

What happens six months from now, on 14 July? That’s the date Microsoft issues its last security fix ever for Window Server 2003 – the end of extended support from the server operating system’s maker.

The article states that many servers will basically be left with permanent back doors. Many of them contain customers’ (or patients’) data.

As Robert Pogson put it, “Server 2003, which is due to go without support this summer won’t be fixed for a recent Patch Tuesday revelation of a vulnerability built-in by design a decade ago and impossible to fix without breaking everything…”

He concludes correctly: “Maybe it’s time people switched to GNU/Linux, an operating system not designed by salesmen. It’s not perfect but at least the bugs are fixable.”

Yes, even bugs with special names, logos, and “branding” — those that the corporate media loves to hype up.

02.07.15

Parasitical Firms Like Black Duck Exploit Bugs With Branding to Market Nonfree Services/Software

Posted in Free/Libre Software, Security at 4:53 pm by Dr. Roy Schestowitz

Skulls

Summary: Parasites that take advantage of public panic and lack of comprehension are occupying paper space, as usual

LAST WEEK we wrote about the overblown threat called/dubbed “GHOST” (all capital letters) by the company seeking to make money from it despite being only the third to discover it and knowing it was not much of a big deal. We have not yet heard about any major exploit, which pretty much can be said about the OpenSSL bug as well (this one too was discovered by two entities before a Microsoft-connected firm irresponsibly publicised it, giving it a name and a logo to sell its own services and spread FOSS-hostile FUD for many months to come). What unifies the GLibC and OpenSSL bugs is that they got “brand recognition” very quickly. It was like a marketing campaign rather than a non-alarmist discussion about security — something that non-technical/technically-illiterate journalists would surely fail at.

“As more stories are published in the media about big “hacks” (cracks) against large corporations we can’t help but feel that the media neglects to mention that Microsoft Windows — not OpenSSL or Bash, let alone GLibC — is usually to blame.”Days ago we saw the most FOSS-hostile IDG Web site becoming a platform of Black Duck, a Microsoft-connected firm that sells proprietary software by spreading and accentuating fear of FOSS. The article at hand uses bugs with “branding” to spook FOSS users while Black Duck, paying to publish this self-promotional press release on the same day, is still pretending to be an authority in FOSS.

The bugs with “branding” were also exploited by Veracode in this article (on the same day) and as Eric Lorenzo pointed out: “If businesses don’t update legacy software, often they will will have bugs fixed in later versions! Shock!”

“I wonder what percentage of businesses are using obsolete Windows without updates,” he added.

As more stories are published in the media about big “hacks” (cracks) against large corporations we can’t help but feel that the media neglects to mention that Microsoft Windows — not OpenSSL or Bash, let alone GLibC — is usually to blame. It not only sports back doors but is also badly designed and won't patch known critical holes. It is basically designed to be not secure.

When it comes to reporting on computer security, the corporate press has almost zero legitimacy. All it knows is brands and it is eager to promote corporate partners that piggyback those brands (like “heartbleed”) or stories (Anthem, Sony, etc.), claiming to be experts and offering remedies other than patches which were already issued and are free to apply by all.

01.30.15

Qualys Admits That Its Scare Campaign (So-called ‘GHOST’) Somewhat Baseless

Posted in FUD, Security at 6:14 am by Dr. Roy Schestowitz

Giving names to bugs to make them sound scary

Scare campaign

Summary: Even the company that bombarded the media with its “GHOST” nonsense admits that this bug, which was fixed two years ago, does not pose much of a threat

TWO days ago we wrote about the self-promotional FUD campaign from Qualys, noting that it had been blown out of proportion, as intended all along by Qualys (which even gave it the name “GHOST” and paid for expensive press releases in corporate news). A Red Hat employee reveals that even Qualys itself realised that its pet PR/marketing charade, “GHOST”, is not much of a risk.

He said that “the people at Qualys that worked hard to hype GHOST into a doomsday bug had to admit that most software calling the gethostbyname function couldn’t be forced to exploit the bug. As they say themselves (from “the Qualys Security Advisory team”):

“Here is a list of potential targets that we investigated (they all call gethostbyname, one way or another), but to the best of our knowledge, the buffer overflow cannot be triggered in any of them:

apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.”

“To put things in perspective see this [discussion],” he added. It’s LWN refuting Dan Goodin, the anti-GNU/Linux ‘security’ rhetoric person from Condé Nast (we took note of his coverage the other day).

“But as always,” added the guy from Red Hat, “the truth isn’t that clickbaiting…

“It was a bug. It has been fixed. But it wasn’t that simple to exploit. Patches are available and as it seems no one got hurt.”

01.28.15

Qualys Starts Self-Promotional FUD Campaign, Naming a Bug That Was Already Fixed 2 Years Ago and Distros Have Covered With Patches

Posted in FUD, GNU/Linux, Google, Red Hat, Security, Ubuntu at 12:23 pm by Dr. Roy Schestowitz

Ghostwriting a Qualys horror story for maximal FUD (fear, uncertainty, and doubt)

Spooky

Summary: Responding to the media blitz which paints GNU/Linux as insecure despite the fact that bugs were evidently found and fixed

THERE IS something to be said about the “top” news regarding GNU/Linux. It’s not really news. The so-called “GHOST” publicity stunt needn’t be repeated by FOSS sites. It is about a bug which was patched two years ago, but some sites overlook this important fact and stick lots of spooky logos, playing right into the hands of Qualys, an insecurity firm (making money from lack of security or perception of insecurity).

We have watches the ‘news’ unfolding over the past day and a half and now is a good time to explain what we deal with. The so-called “GHOST” (all capital letters!) bug is old. Qualys is going two years ago into bugfixes, giving a name to the bugfixes, then making plenty of noise (all over the news right now). Qualys does not look like a proxy of Microsoft or other GNU/Linux foes, but it is self-serving. Insecurity firms like Qualys probably learned that giving a name to a bug in GNU (SJVN mistakenly calls it “Linux”, but so do many others) would give more publicity and people will pay attention to brands and logos rather than to substance. Just before Christmas an insecurity firm tried to do that with "Grinch" and it turned out to be a farce. SJVN says that this old “vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.”

Well, it was patched back in 2013. Use of names for marketing is what makes it “news”; the opportunists even prepared a PRESS RELEASE and pushed it into ‘big’ sites like CNN. It has marketing written all over it, just like “Heartbleed” that had strong Microsoft connections behind the disclosure. It is sad that Linux sites fall for this. Phoronix copies the press release as though it’s reliable rather than self-promotional. Michael Larabel writes: “The latest high-profile security vulnerability affecting Linux systems us within Glibc, the GNU C Library.”

It is not “latest”, it is 2 years old. Larabel says that “Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18.”

OK, so it’s not news. FOSS Force cites SJVN to amplify the scare and other FOSS sites are playing along as though this is top news. It oughtn’t be. It is already widely patched (maybe requiring a reboot), so let’s patch and move on (unless it was already patched upstream/downstream years ago). IDG has already published at least three articles about it [1, 2], including one from Swapnil Bhartiya, who is not too alarmist to his credit. He noted that “there was a patch released back on May 21, 2013, between the releases of glibc-2.17 and glibc-2.18. However it was not considered to be a security risk and thus major Linux distributions that offer long term support and get security updates remained vulnerable, including Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04.”

It affects very specific versions, mostly long-term support releases that already have reliable patches available. It should be clear that some headlines such as this or that clarify the limited scope of impact (not bad reporting) unlike the alarmist trolls.

What Techrights generally found was that early coverage came from so-called ‘security’ sites or blogs of insecurity firms that try to sell their services (e.g. [1, 2, 3]). These set the tone for many.

The response to this bug is proportional to the perceived danger (e.g. due to media hype), not the severity of the bug. Some security news sites [1, 2] focus on names and logos while facts remain only a side issue. This so-called “ghost” nonsense (some lines of code basically) was fixed 2 years ago and as the blog post “long term support considered harmful” explains it: “In theory, somebody at glibc should have noticed that fixing a buffer flow in a function that parses network data has security implications. That doesn’t always happen, however, for many reasons. Sometimes the assessment isn’t made; sometimes the assessment fails to consider all possible exploit strategies. Security bugs are “silently” fixed frequently enough (without evil intentions) that we should consider them a fact of life and deal with them accordingly.”

Some of the worst kind of coverage we found came from The Register with its flamebait headlines (scary headlines for maximum effect) and the troll Brian Fagioli. They are only some among many who are using the name to come up with puns and FUD. Jim Finkle is back to his GNU/Linux-hostile ‘reporting’, bringing this to the corporate media (there is some in the UK also) and LWN quickly cited the GNU/Linux-hostile Dan Goodin. He called “Highly critical” a bug that was patched two years ago.

Debunking some of the latest security FUD we had Fedora Magazine which stated “don’t be [worried], on supported Fedora versions.”

For unsupported version there is a lot more than this one bug that one needs to worry about.

Apple fans were quick to take advantage of the news, despite the fact that Apple is leaving systems vulnerable for many months, knowingly (like Microsoft does, until Google steps in).

See, with proprietary systems one knows for a fact that there is no security. With GNU/Linux is an open question and it depends on what measures one takes to keep it secure. For Apple and Microsoft security is not at all the goal; back doors and unpatched flaws are not really as “interesting” and important for them to patch as helping spying agencies. Google is not at fault here, Google just saw that Apple and Microsoft had no plans to plug serious holes — a patch evidently wasn’t going to be made ready before the public finds out about it, owing to Google. Apple chooses to blame Google; same as Microsoft. They should only blame themselves both for the bugs and for negligence after the bugs were highlighted to them. There is no room here for properly comparing GNU/Linux (Free/libre) to OS X or Windows (proprietary) because evidence clearly shows that the latter are not interested in security and not pursuing security when it is trivially possible.

What we find curious amid the latest FUD campaign is that Apple back/bug doors are not as widely publicised as a GNU bug that was patched 2 years ago and mostly affects LTS systems (which already have patches available). “Nothing I can think of,” said a reader of ours about this media hype, “but the LTS model followed by RHEL and Ubuntu have different goals and purposes than the short, fast development cycle like OpenBSD.”

Nobody is forced to use an LTS release and those who choose it must be aware of the potential risk.

Regarding the other FUD that flooded the press in recent weeks, targeting for the most part Google and Android, our reader XFaCE wrote the following:

I assume you want to write about that new Android vulnerability. Basically I can see the narrative being pushed through three points

- Microsoft supported Windows XP/7/etc. for years, why doesn’t Google support old Android versions

- Google told Microsoft about a very old bug in their software, so they are hypocritical

- Heartbleed bug was fixed way back for 4.1.1

For the last point, it’s a bullshit comparison because

a) 4.1.1 was one point release where upgrading to 4.1.2 fixed the issue (it was already fixed back when 4.1.2 was released)

b) The fix was one file, as evident by XDA members patched it themselves on phones manufacturers refused to upgrade to 4.1.2 SOURCE: http://forum.xda-developers.com/showthread.php?t=2712916

c) As shown by the link, a lot of manufacturers DIDN’T update certain 4.1.1 devices to 4.1.2, hence proving Google’s point. The fix there was SIMPLE, but the OEMs didn’t bother to do it

With Webview, not only is webview involved, but so is the webkit rendering engine, so the fix for all those previously releases is much more complicated

As for the second point, Google did catch it, with KitKat, and furthermore made KitKat supported on more low-end devices so theoretically older 512mb or less devices could be updated

For example, HTC said (when Jelly Bean 4.1 came out) that they would not update any device with 512 mb of RAM (SOURCE: http://www.cnet.com/news/htc-one-v-and-desire-c-will-never-get-jelly-bean/ ), so naturally when KitKat came out, they updated those devices because the OS officially was designed for such low ram devices

oh wait

http://www.androidpit.com/android-4-4-kitkat-update-plans

“Later this year, the entry-level smartphone the HTC Desire 500, should also be seeing the KitKat update. However, the One X, One X+, One S, and One V will be left in the dust and will be receiving no more official updates from HTC.”

So the OEMs are at fault for not upgrading the devices, not Google, which leads to point 1 – Google doesn’t control the Android OEMs like Microsoft does OEM pay Microsoft for the support whereby Microsoft controls all updates, Google doesn’t get paid or have the agreemeent in that way

OEMs like HTC could easily fix this by porting Kitkat to those devices, but they won’t cause they want you to buy a new HTC phone or whatever phone brand

Techrights did not cover that (except in daily links) because it should be self-evident that free-of-charge Android upgrades make it inhernetly different from proprietary software and keeping up to data typically ensures security. A lot of the analogies (Android and Windows) were inherently flawed and the FUD rather shallow.

01.24.15

Apple — Like Microsoft — Not Interested in the Security of Its Operating Systems

Posted in Apple, Google, Microsoft, Security at 9:54 am by Dr. Roy Schestowitz

A big hole in Apple, but Apple doesn’t mind as long as the public doesn’t know

Foul apple

Summary: Apple neglected to patch known security flaws in Mac OS X for no less than three months and only did something about that vector of intrusion when the public found out about it

LAST year Apple admitted having back doors in iOS, conveniently dubbing them “diagnostics” (Orwellian newspeak). Apple did this only after a security researcher had found and publicised severe flaws that enabled remote intrusion into any device running iOS (there are unfortunately many such devices out there). This led us to alleging that not only Microsoft and the NSA worked to enable back doors for secret access into Windows. Both Apple and Microsoft are in PRISM and both produce proprietary software onto which it’s trivial to dump back doors, both undetectable and immutable.

Weeks ago we showed that Microsoft does not strive to make Windows secure, based on its very own actions whenever the public is unaware of the insecurities (only the NSA/GCHQ and the reporter/s are 'in the know'). Now we come to realise that Apple too — like Microsoft — did not close back/bug doors in Mac OS X for 90 days despite knowing about them. This isn’t a 0-day, it is a 90-day. It’s incompetence, negligence and might one even say deliberate sabotage by Apple. Apple just chose to leave the serious flaws in tact until it was too late because the public found out about it, owing to Google.

Do not let the Wintel-centric media blame Google for merely informing the public that proprietary operating systems like Windows and Mac OS X have holes in them that Microsoft and Apple refuse to patch. We should generally be thankful for this information. It says quite a lot about Microsoft’s and Apple’s priorities. It helps prove China right for banning Windows and Apple operating systems in government.

There is increasing consensus that Apple is going down the bin when it comes to users’ trust and browsing the Net these days I often read or hear from people who abandon Apple for GNU/Linux. Suffice to say, based on public appearances, the NSA is intimately involved in the build process of OS X (for a number of years now), which does make one wonder.

01.22.15

Microsoft Symptoms of a Dying Company: More Boosters Depart, Back Doors Revealed, Microsoft’s Outlook Cracked

Posted in Microsoft, Security, Vista 10, Windows at 12:15 pm by Dr. Roy Schestowitz

Journalists currently under heavy barrage from Microsoft marketing (outsourced and in-house)

Office of telemarketing

Summary: Bad news for Microsoft shortly before the marketing extravaganza served to cover much of it up

IF YOU believe the hype (Microsoft has been talking about it for nearly 2 years), you will easily believe that Vista 10 is the return of Windows monopoly and supposed OS ‘leadership’, even though Microsoft is shrinking along with its notorious back doors and criminal behaviour (less Microsoft means less crime).

Those of us who have watched Microsoft closely for years saw a lot of the company’s boosters ebbing away. Microsoft laid off a lot of marketing people. It’s a ‘luxury’ it cannot afford anymore as breaking/infiltrating the media is not cheap. Last week we learned that Paul Thurrott left as well; he had been one of Microsoft’s leading boosters and now, according to a source of ours, he “[p]robably moved to be able to change focus, adding FUD against non-Microsoft stuff in the guise of coverage. This is how far he has gone.” (notice the usual and typical propaganda we have been seeing for weeks now).

Some falsely claim that Android is losing share and others try to paint Windows as running Android apps even though it cannot. That is the type of FUD we have been debunking here for years. This FUD is not dead yet. Just notice the patterns, part of the PR campaign perhaps. If many people repeat the same lie in unison, then the lie gains legitimacy. Just watch Microsoft’s propaganda network 1105 Media trolling FOSS yet again over ‘security’ (only yesterday). A lot of this PR/FUD started last April when a Microsoft-connected firm gave a name and a logo to a bug in OpenSSL. It did it exactly when Windows XP ran out of support (i.e. left totally vulnerable to crackers).

“A lot of this PR/FUD started last April when a Microsoft-connected firm gave a name and a logo to a bug in OpenSSL.”Either way, Microsoft boosters continue to be dissolved. We used to see many more FUD attacks on GNU/Linux or Free software several years ago and as Soylent News put it: “Longtime Microsoft-centric journalist and blogger Paul Thurrott has left Supersite for Windows, and the website he founded sixteen years ago, and its sister site Windows IT Pro, for reasons explained in his farewell post. The sites (the former of which is still branded ‘Paul Thurrott’s SuperSite for Windows’ for now, but that will surely change) will be maintained by a staff of journalists employed by Penton, an information services conglomerate.”

Microsoft very much relies on propaganda agents who blame Google for Microsoft's failings and incite against Microsoft’s top competitors (Chromebooks seem to be Microsoft’s nightmare at the moment, not just Google Docs and ODF). Consider this rebuttal from Thom Holwerda:

First, this article makes the usual mistake of calling these vulnerabilities “zero day”. They are not zero day. They are 90 day. A huge difference that changes the entire context of the story. Microsoft gets 90 days – three months – to address these issues.

The accusations against Google were repeated later, at around the beginning of last week (second time) and the end of last week (third wave). This is totally insane an accusation to make, but given that those blaming Google are longtime Microsoft boosters, one can expect it.

In other news, a new Bloomberg puff piece glamourises Microsoft privacy violations, milking the Paris shootings for Microsoft PR. What an unbelievably shallow puff piece; then again, it’s Bloomberg. In similar news, Outlook has been cracked [1]. Even Microsoft cannot maintain a state of security. “Clumsily done” labelled it our source. Maybe the back doors have taken their toll in the wrong country. That won’t be good for business.

Related/contextual items from the news:

  1. Microsoft Outlook hacked following Gmail block in China

    Microsoft’s Outlook email service was subject to a cyberattack over the weekend, just weeks after Google’s Gmail service was blocked in China.

    On Monday, online censorship watchdog Greatfire.org said the organization received reports that Outlook was subject to a man-in-the-middle (MITM) attack in China. A MITM attack intrudes on online connections in order to monitor and control a channel, and may also be used to push connections into other areas — for example, turning a user towards a malicious rather than legitimate website.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts