EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

07.30.19

Microsoft Kills: An Introduction

Posted in Microsoft, Security, Windows at 2:42 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Microsoft gives NSA backdoor, complains about exploits

Summary: Unfit-for-use Windows, as well as other software from Microsoft, has a high mortal cost (not just monetary cost) that the media fails to properly report on

IT IS no secret that the use of Microsoft Windows causes many fatalities. In our daily links we’ve included hundreds of links to press articles about hospitals getting stung/hit by ransomware, among other modern menaces that follow a digital compromise (seizure of hospital facilities and equipment). This is killing a lot of Americans every day, but corporate media is not talking about it (not in the correct terms) and it is habitually misplacing blame. The media and NSA-like agencies, for example, couldn’t care less about the role of back doors (making systems deliberately less secure); it’s more important for them to maintain back doors on almost every computer on the planet (at the expense of people/patients who die from these back doors).

“It serves to show that these incidents aren’t even rare anymore. They’ve become a sort of new ‘norm’ — however menacing and disturbing a norm.”Sometimes the media mentions what the compromised systems were built on, but usually it’s intentionally obscured. In this series we shall explain that it’s typically Windows. We shall soon be covering Microsoft’s role in killing patients. By all means Microsoft is culpable and it isn’t just incompetent and corrupt; people actually die — sometimes in big numbers — because of these criminals who work with the state and bribe states; they put their insecure-by-design systems inside hospitals. Gates and his flunkies would of course blame the victims, notably these hospitals.

Before we commence this series, which will be based on inside sources, here are some news clippings of interest (recent news). It serves to show that these incidents aren’t even rare anymore. They’ve become a sort of new ‘norm’ — however menacing and disturbing a norm.

windows-ransomware-1

windows-ransomware-2

windows-ransomware-3

windows-ransomware-4

windows-ransomware-5

windows-ransomware-6

windows-ransomware-7

windows-ransomware-8

windows-ransomware-9

windows-ransomware-10

windows-ransomware-11

windows-ransomware-12

windows-ransomware-13

windows-ransomware-14

windows-ransomware-15

windows-ransomware-16

windows-ransomware-17

windows-ransomware-18

windows-ransomware-19

windows-ransomware-20

windows-ransomware-21

windows-ransomware-22

windows-ransomware-23

windows-ransomware-24

windows-ransomware-25

windows-ransomware-26

windows-ransomware-27

windows-ransomware-28

windows-ransomware-29

windows-ransomware-30

windows-ransomware-31

07.20.19

Slack Committed a Very Major Crime That Can Cost Many Billions If Not Trillions in Damages for Years to Come

Posted in Security at 5:32 am by Dr. Roy Schestowitz

Bankruptcy must follow, maybe arrests as well (the company’s logo gives away the company’s real worth and values)

Slack's new logo is a penis swastika

Summary: The inevitable has happened to Slack, which no longer deserves to exist as a company; moreover, the people who ran the company must be held criminally accountable

TO say that Slack got merely “compromised” would be the understatement of the decade. Yes, it did in fact get compromised, but it’s a lot worse. It’s far worse than a compromise per se. We’re going to explain, starting with the basics.

Slack is malware. Not just the ‘app’. Their Web site hardly works with any Web browser – they want the very worst and privacy-hostile browsers to be used for extraction of data. It’s a resource hog because it’s malware disguised as an IRC ‘clone’.

“It’s a resource hog because it’s malware disguised as an IRC ‘clone’.”Slack the ‘app’ is literal malware. It follows you around if you install it on a phone. The browser side is also malicious, but it’s less capable of geographical/location tracking. They use it for data-mining. See the source code (page source at least). It’s malware. GDPR should be applicable here and we suspect that EU authorities have not assessed that aspect just yet.

Slack is not a communications platform but a data harvester with an interface that looks like a communications platform. What it is to users isn’t what it is to Slack, the company. The Electronic Frontier Foundation (EFF) issued strongly-worded warnings about Slack and even Microsoft, the NSA back doors giant that kick-started PRISM, outright banned Slack for security reasons! Yes, Slack is really that bad. We won’t even call this ‘anticompetitive’ on Microsoft’s behalf; Microsoft does have a few engineers and they very well understand what Slack is and why it must be avoided. Even unqualified Microsoft hacks can understand that. Slack was always a ticking time bomb, which I warned about before, e.g. here in Tux Machines. I very much foresaw the latest disaster. I did all that I could to spread information about it, at the very least to ensure people are forewarned. Now I feel vindicated, but how much damage will be done for years if not decades to come? It’s difficult to assess or measure because it’s almost impossible to track the sources of rogue actors’ data.

“It’s the complete doomsday scenario, an equivalent of having one’s own Jabber server completely and totally hijacked, and all communications in it (names, passwords) stolen.”Slack did not have a mere ‘incident’. It was a CATASTROPHE! They knew about it for quite some time (at higher levels, too). It’s the complete doomsday scenario, an equivalent of having one’s own Jabber server completely and totally hijacked, and all communications in it (names, passwords) stolen. But in the case of Slack millions of businesses are affected. In one fell swoop. Just like that. Even the public sector. Military, hospitals, you name it…

Slack got totally ‘PWNED’, but they won’t admit that. They will lie about the extent of the damage, just like Yahoo and Equifax did (each time waiting months before revealing it was orders of magnitude worse). They game the news cycle that way. People must assume that all data is compromised. Everything! Slack sold everyone out and gave everything away. Even those who paid Slack (a small minority) were betrayed.

This is a major, major, MAJOR catastrophe. Businesses and their clients’ data is on Slack. Even HR stuff, which gets passed around in internal communications. Super-sensitive things like passwords, passports and so on.

Who was Slack data copied by? Mirrored or ‘stolen’, to put it another way? Possibly by rogue military actors that can leverage it for espionage and blackmail, as many do. Covertly. You rarely hear about blackmail because that’s just the nature of the blackmail. It happens silently. It’s like ‘hush money’.

Some would say Slack got “hacked” (they typically mean cracked). But it’s actually a lot worse than getting cracked! We’ll explain further…

About a month ago Slack got to its IPO milestone, the legendary capitalist pigs’ initial public offering (which one can reach even while making massive losses like Uber does). Big day for Slack! These people can pretend to be billionaires ‘on top of the world’. But they’re not. Especially as they’re not profitable at all and there’s no business model other than spying…

So for years these people consciously covered up this massive incident. Slack is therefore a criminal organisation. It must be shut down as a matter of law. These operations are illegal.

“Slack didn’t just “mess up”. It broke the law; yes, it committed an actual crime by not informing the customers.”To prevent the company from totally collapsing Slack lied to millions of people and businesses. That’s a fact. To save face…

So the only justice now would be federal and private lawsuits, forcing this company to shut down. Will anyone be arrested? Unlikely. White-collar crimes are ‘special’. No jail time (or rarely any, except as a symbolic token to the public, e.g. Madoff after the financial collapse more than a decade ago).

Slack didn’t just “mess up”. It broke the law; yes, it committed an actual crime by not informing the customers. They would change passwords etc. had they known. But Slack did not obey the law. It did not inform customers. It announced all this after the IPO, in order to make shareholders liable, and it did so late on a Friday (to minimise press coverage about this likely crime). The shareholders too should sue for concealment of critical information.

This is a very, very major scandal for Slack and if the company survives at the end, then it only means one thing: crime pays! Crime pays off. Just that. Because they committed a very major crime. Consciously. Now they need to hire PR people and lawyers. Maybe they can also bribe some journalists for puff pieces that belittle the severity of this mere ‘incident’.

As we said at the start, Slack is technically malware. Slack is surveillance. This is their business model, which isn’t even successful (so they will likely get more aggressive at spying or holding corporate data hostage in exchange for payments). For example, scrolling limits. This is like ransomware. It preys on businesses desperate to access their own data. They try to ‘monetise’ separating businesses from their data/infrastructure. It’s inherently unethical. It’s like a drug dealer’s business model/mindset.

“Companies may never know if past system breaches, identity thefts etc. were the fault of Slack.”Slack basically bet on being a ‘spy agency’ (without all the associated paperwork). And later they got cracked, passing all their surveillance ‘mine’ (trove) to even more rogue actors than the company itself. The Slack ‘incident’ doesn’t affect just Slack. Companies everywhere can now be held legally liable for having put their information on Slack servers. It’s an espionage chain. Centralisation’s doomsday in action…

Companies may never know if past system breaches, identity thefts etc. were the fault of Slack. It’s hard to prove that. But it’s guaranteed to have happened. Moreover, there are future legal ramifications.

Slack knew what had happened and why it waited all this time. This waiting makes the crime worse. This scandal can unfold for quite some time to come. The ramifications are immense! And we might not even know the full extent of these (ever). Privacy-centric competitors of Slack already capitalise on this very major scandal and use that to promote themselves; Keybase for instance…

It would be wise to move to locally-hosted FOSS. However, that would not in any way undo the damage of having uploaded piles of corporate data to Slack and their compromised servers.

Are managers at Slack criminally-liable? Probably. Just announcing this scandal after an IPO and late on a Friday when many people are on holiday won’t save Slack. They need to go bankrupt faster than the time period since their IPO. Anyone who still uses Slack must be masochistic.

“Just announcing this scandal after an IPO and late on a Friday when many people are on holiday won’t save Slack.”In the coming days many companies will come to realise that for years they tactlessly and irresponsibly gave piles of personal/corporate data to Slack and now a bunch of crackers around the world have this data.

“Trusting our data with one company isn’t feasible,” one person told me this morning. “The data lasts forever & we must expect that our worst enemies will have it or get it with small time delay. Otherwise encrypt everything which slows everything down & complicates everything making those “safe” uncompetitive.” That’s now how Slack works.

“These troves of Slack data are invaluable to those looking to use them to blackmail people, take over servers, discredit people, and generally cause complete chaos, even deaths.”We expect Slack to stonewall for a while, saying that it’s the weekend anyway. Slack lied to everyone for years. They’re a bunch of frauds. Anyone who now believes a single word that comes out of their mouths is a fool. They also committed a crime (punishable by law) with these lies. When it comes to Slack, expect what happened with Yahoo; First they say it’s a small incident; Months pass; Then they toss out a note to say it was actually big; A year later (when it’s “old news”): 3 BILLION accounts affected. Anyone who now believes the lies told by Slack’s PR people deserves a Darwin Award. These scammers lost millions/billions for years just pursuing an IPO (others bearing the losses); They lied, like frauds (like Donald Trump), just to get there (the IPO). Now, like Yahoo, they will downplay scope of impact. A lot of companies can suffer for years to come (e.g. data breaches, identity theft). These troves of Slack data are invaluable to those looking to use them to blackmail people, take over servers, discredit people, and generally cause complete chaos, even deaths. We’ll soon do a series of articles showing how Microsoft caused deaths at hospitals.

07.14.19

GitHub is Microsoft’s Proprietary Software and Centralised (Monopoly) Platform, But When Canonical’s Account There Gets Compromised Suddenly It’s Ubuntu’s Fault?

Posted in Deception, Free/Libre Software, FUD, Microsoft, Security, Ubuntu at 12:22 am by Dr. Roy Schestowitz

One year ago: GitHub as the Latest Example of Microsoft Entryism in Free/Libre Software

Internet

Summary: Typical media distortions and signs that Microsoft already uses GitHub for censorship of Free/Open Source software that does not fit Microsoft’s interests

CORPORATE media is toxic rubbish and its business model typically involves serving the companies covered. This is why the media keeps framing the latest GitHub censorship as a GitHub issue (it’s actually Microsoft using its control over GitHub to delete particular ‘naughty’ FOSS [1,2]) and earlier this month Ubuntu received a lot of negative press after its steward’s GitHub account had been compromised. Microsoft was not even mentioned. This is all very typical and we responded to that briefly in our daily links. This is the kind of thing one can expect when Microsoft pays so much money to the media, e.g. in the form of advertising.

Related/contextual items from the news:

  1. GitHub Removed Open Source Versions of DeepNude [Ed: The new company is a Microsoft censorship tool. Every image editor can be used to make fake nudes of people. Even image sequences. Will Microsoft ban image editors too? Don't even think about criticising Microsoft for its crimes in some comments, commits or code at GitHub as they might suspend the account.]
  2. Deepfake DeepNude app’s open source versions removed from GitHub [Ed: Microsoft is doing censorship of FOSS and playing/acting as morality police. Maybe banning encryption software (with no back doors) is next on the agenda because of the terror scare.]

08.31.17

Patent Trolls Are Under Attack and on the Run

Posted in America, Antitrust, Courtroom, Patents, Security at 5:51 pm by Dr. Roy Schestowitz

“I would much rather spend my time and money and energy finding ways to make the Internet safer and better than bickering over patents.”

Dean Drako, Barracuda’s CEO

Summary: Wetro Lan LLC panics and pays ‘protection’ money after a failed trolling attempt; MPEG-LA too is under fire, as an antitrust lawsuit has finally been filed against it

EARLIER today we found two interesting reports, one from Dale Walker and another from Joe Mullin, who has been tracking and writing about patent trolls for about a decade. Following TC Heartland we certainly hope that things will change; patent trolls will hopefully altogether go out of business [sic] some time soon. Extortion and racketeering have no value/benefit to the economy.

Walker explained how the latest twist of events got started: “The Moscow-based security company [Kaspersky] was first approached by a patent holder in October last year, who issued a patent lawsuit and demanded a $60,000 cash settlement to make the case disappear.”

Guess what happened instead (and not for the first time).

The tables are turning. Wetro Lan and other patent trolls find themselves on the run when they may be forced to pay the defendant’s legal fees and sometimes lose their patents too. This is what happened in this latest case. To quote Mullin:

The patent-licensing company, Wetro Lan LLC, owned US Patent No. 6,795,918, which essentially claimed an Internet firewall. The patent was filed in 2000 despite the fact that computer network firewalls date to the 1980s. The ’918 patent was used in what the Electronic Frontier Foundation called an “outrageous trolling campaign,” in which dozens of companies were sued out of Wetro Lan’s “headquarters,” a Plano office suite that it shared with several other firms that engage in what is pejoratively called “patent-trolling.” Wetro Lan’s complaints argued that a vast array of Internet routers and switches infringed its patent.

This is the key part:

As claim construction approached, Kaspersky’s lead lawyer Casey Kniser served discovery requests for Wetro Lan’s other license agreements. He suspected the amounts were low.

Finally there’s this:

On a post to his personal blog detailing the victory against Wetro Lan, founder and CEO Eugene Kaspersky says his company has now defeated five claims from patent assertion entities, including the infamous claims from Lodsys, a much-maligned patent holder that sent demand letters to small app developers. Lodsys dropped its case against Kaspersky right before a trial.

While the company has spent plenty in legal fees, its total payout to so-called “trolls” has been $0. Firms that engage in “trolling” know that companies often simply settle instead of dealing with the costs and pain of a court litigation.

Kaspersky and others in his field do not like software patents. They speak out about it (occasionally).

The above reveals an interesting strategy where neither invalidation or (legal) fees award acts as a deterrent; it’s discovery requests. Apropos, Patently-O published this short post earlier today about the meaning of “all expenses,” noting a new CAFC decision where the judgment “was split – with Judges Prost and Dyk in majority and Judge Stoll in dissent and arguing that the term “expenses” is not sufficient to overcome the traditional american rule regarding attorney fees.”

The second story we found today came from IAM, which revealed MPEG-LA as the target of litigation, for a change (background about this troll can be found in our Wiki). Patent trolls can, as it turns out, be sued, this time using antitrust law. This gigantic troll is in hot water not only in the far east, with the lawsuit actually being filed in the US:

Chinese appliance maker Haier has filed an antitrust lawsuit in the Northern District of New York against MPEG LA and six licensors that are part of its ATSC patent pool. The complaint accuses the companies and pool administrator of a range of anti-competitive practices affecting the market for televisions, the effect of which it says is to disadvantage implementers like Haier which compete on price at the lower end. For that reason, Chinese companies – many of which have argued that their low margins entitle them to different patent licence terms – will be interested to see how far this case goes.

It’s nice to see the patent trolls getting a taste of their own ‘medicine’ (or poison). It’s now them who find themselves needing to shell out ‘protection’ money.

02.09.17

OpenSUSE’s (or SUSE’s) Refusal to Publicly Acknowledge It Got Cracked Shows Face-Saving Arrogance Just Like Novell’s

Posted in Deception, Novell, OpenSUSE, Security, Servers, SLES/SLED at 6:16 am by Dr. Roy Schestowitz

SUSE (or MicroFocus) won’t even tell customers when its systems are in fact compromised

Novell cuffs

Summary: The same old and very notorious behaviour we found in Novell persists at SUSE under MicroFocus leadership; security neglected and keeping up appearances more important than honesty

TECHRIGHTS wrote many thousands of articles about Novell. We know Novell extremely well and we have documented its terrible behaviour for over half a decade, well before we began focusing on the EPO for example. As we shall show later, in a separate post, Microsoft’s and Novell’s “IP Peace of Mind” is making a comeback (as of last night), but right now we wish to focus on the crack I first wrote about on Monday (it has since then generated some press coverage, e.g. [1-3] below).

“Remember that no evidence has been presented by SUSE and moreover the gross negligence here is a bad sign in general.”A lot of people still miss the key point. IDG even went ahead with a rather misleading headline, as did Softpedia; rather than state the actual news (that OpenSUSE got cracked) the title says or overstates the ‘damage control’ from SUSE, diverting attention to what was not affected rather than what was affected (a politician’s trick). We used to see lots of that kind of spin back in the Novell days and the 2 articles below, having sought comment from SUSE, give SUSE the benefit of the doubt here. Remember that no evidence has been presented by SUSE and moreover the gross negligence here is a bad sign in general. That’s just “faith-based” security. My article about it was so short that it was mostly a screenshot, yet we understand that further coverage is on its way. So let’s elaborate a little. “They were using an outdated version of WordPress and got zapped,” one person wrote to me after I had published my findings. “It was just the front-end, no code was touched.” But says who? SUSE? Can we believe them?

“Nobody has yet covered that issue as properly as we hoped (poor security practices at SUSE) and the fact that they COMPLETELY FAILED or refused to publicly acknowledge what had happened is a serious aspect of it.”Whatever caused the defacement, it shows that they lost control of their platform. They did get cracked. Softpedia reported that “openSUSE devs immediately restored the news.opensuse.org website from a recent backup” (so the back end too appears to have been compromised).

Nobody has yet covered that issue as properly as we hoped (poor security practices at SUSE) and the fact that they COMPLETELY FAILED or refused to publicly acknowledge what had happened is a serious aspect of it. We waited patiently to see if an announcement would be made by then, even a reassurance that users should not worry. But nothing came out! To this date (half a week later). They attempted to cover it up, which is BAD BAD BAD. For a so-called “Enterprise-Grade” thing which SUSE tries to market itself as (selling SLE*) this is a serious breach of trust. Who would trust SUSE now?

“If someone injected a back door inside SLED and SLES, SUSE would probably say not a thing, only belatedly removing it and then lying about the whole thing, just like Microsoft does.”3 news sites and my own site wrote about it, but not a single word has been uttered by SUSE. They know they got cracked and they are not telling anyone, except when journalists ask them for comment (and press them with evidence).

OpenSUSE has a history of security issues in its sites (see “openSUSE Forum Hacked; 79500 Users Data Compromised” from 2014). Where are the reporters who are willing to ask SUSE some tough questions? Don’t let this slide. If someone injected a back door inside SLED and SLES, SUSE would probably say not a thing, only belatedly removing it and then lying about the whole thing, just like Microsoft does.

In the news:

  1. Kurdish Hacker Posts Anti-ISIS Message on openSUSE’s Website, Data Remains Safe

    Softpedia was informed by Dr. Roy Schestowitz that the openSUSE News (news.opensuse.org) website got defaced by Kurdish hacker MuhmadEmad on the day of February 6, 2017.

    It would appear that the server where the news.opensuse.org website is hosted is isolated from the rest of openSUSE’s infrastructure, which means that the hacker did not have access to any contributor data, such as email and passwords, nor to the ISO images of the openSUSE Linux operating system.

    We already talked with openSUSE Chairman Richard Brown, who confirms for Softpedia that the offered openSUSE downloads remain safe and consistent, and users should not worry about anything. The vigilant openSUSE devs immediately restored the news.opensuse.org website from a recent backup, so everything is operating normally at this time.

  2. OpenSUSE site hacked; quickly restored

    The openSUSE team acted quickly to restore the site. When I talked to Richard Brown, openSUSE chairman, he said that “the server that hosts ‘news.opensuse.org’ is isolated from the majority of openSUSE infrastructure by design, so there was no breach of any other part of openSUSEs infrastructure, especially our build, test and download systems. Our offered downloads remain safe and consistent and there was no breach of any openSUSE contributor data.”

    The team is still investigating the reason for the breach so I don’t have much information. The site ran a WordPress install and it seems that WordPress was compromised.

    This site is not managed by the SUSE or openSUSE team. It is handled by the IT team of MicroFocus. However, Brown said that SUSE management certainly doesn’t want any such incident to happen again and they are considering moving the site to the infrastructure managed by SUSE and openSUSE team.

  3. Best Distros, openSUSE Whoops, Debian 9 One Step Closer

    In the latest Linux news, the news.opensuse.org got hacked and displayed “KurDish HaCk3rS WaS Here” for a while Monday and while the site has been restored, no comment on the hack has been issued. Elsewhere, Debian 9.0 has entered its final freeze in the last steps in preparations for release. FOSS Force has named their winner for top distro of 2016 and Swapnil Bhartiya shared his picks for the best for 2017. Blogger DarkDuck said MX-16 Xfce is “very close to the ideal” and Alwan Rosyidi found Solus OS is giving Elementary OS a run for its money. Phoronix.com’s Michael Larabel explained why he uses Fedora and Jeremy Garcia announced the winners of the 2016 LinuxQuestions.org Members Choice Awards.

    [...]

    openSUSE’s news portal was compromised Monday by a hacker or group of hackers called MuhmadEmad, via the message left in its place. A Kurdish flag with the message “HaCkeD by MuhmadEmad – KurDish HaCk3rS WaS Here” was displayed for hours before it was taken down and the site’s content restored. Roy Schestowitz has a screen capture and said that openSUSE has not yet publicly acknowledged the hack. Swapnil Bhartiya spoke to Richard Brown, openSUSE chairman, who said that site was isolated from most SUSE infrastructure, especially the distribution code. There was no breach of any contributor data either. The site in question is run by MicroFocus, but all are investigating to make sure it’s an isolated incident.

04.28.16

Latest Black Duck Puff Pieces a Good Example of Bad Journalism and How Not to Report

Posted in Deception, Free/Libre Software, FUD, Marketing, Security at 8:38 am by Dr. Roy Schestowitz

No investigation, just churnalism

Churnalism

Summary: Why the latest “Future of Open Source Survey” — much like its predecessors — isn’t really a survey but just another churnalism opportunity for the Microsoft-connected Black Duck, which is a proprietary parasite inside the FOSS community

THE “Future of Open Source Survey” is not a survey. It’s just Black Duck’s self-promotional (marketing) tripe packaged as a “survey”. This is a common PR tactic, it’s not unique. We wrote about this so-called ‘survey’ in several articles in the past, e.g.:

We now have more of the same churnalism and it comes from the usual ‘news’ networks, in addition to paid press releases. When we first mentioned Shipley 8 years ago he was busy doing one nefarious thing and two years ago we saw him joining the Microsoft-connected Black Duck. He is quoted as saying (CBS) that “the rapid adoption of open source has outpaced the implementation of effective open-source management and security practices. We see opportunities to make significant improvements in those areas. With nearly half of respondents saying they have no formal processes to track their open source, and half reporting that no one has responsibility for identifying known vulnerabilities and tracking remediation, we expect to see more focus on those areas.” Thanks for the FUD, Mr. Shipley. So where do I buy your proprietary software (and software patents-protected) ‘solution’? That is, after all, what it’s all about, isn’t it? The ‘survey’ is an excuse or a carrier (if not Trojan horse) for proprietary software marketing.

Here is similar coverage from IDG and the Linux Foundation, whose writers did little more than repeat the talking points of Black Duck after the press release got spread around.

04.14.16

With a Cybersecurity Panel Like This, Who Needs Any More Demands for Back Doors?

Posted in Microsoft, Security at 10:03 am by Dr. Roy Schestowitz

“Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it’s at there’s always going to be a sequel needed to fix the major bugs and security flaws in the last version?”

Unknown

Michael S. Rogers
“I don’t want a back door. I want a front door.” — Director of the National Security Agency (NSA), exactly one year ago

Summary: The sad irony of the US government taking advice on cybersecurity from a company which it is paying to deliberately weaken security and enable mass eavesdropping on billions of people

Microsoft undoubtedly builds back doors for the NSA (in many of its so-called ‘products’ or services) and yes, based on headlines such as “Obama Names Former NSA Chief, Microsoft and Uber Execs to Cybersecurity Panel” or “Obama appoints tech veterans from Microsoft and Uber to cybersecurity commission”, Obama adds Microsoft to a “Cybersecurity Panel”, where “cybersecurity” basically means “national security”, i.e. back doors in virtually everything digital. Looking at various other reports about this (there were plenty more, some of which focused on Keith Alexander’s role), we cannot help but laugh at the notion of “cybersecurity” coming from those who deliberately weakened security for the sake of domination/imperialism (euphemism “national security”, as if the oppressor risks being occupied or besieged). To quote one article on the subject, “General Keith Alexander (Retired), who headed the NSA during the enormous expansion of its surveillance apparatus — pointed, of course, at you — is the first listed member of the commission. On the one hand, better the devil you know, and what a resumé. On the other, wow.”

“…Obama adds Microsoft to a “Cybersecurity Panel”, where “cybersecurity” basically means “national security”, i.e. back doors in virtually everything digital.”We habitually post in our daily links, under “Security”, various reports about Microsoft’s security failings. We no longer wish to focus on Microsoft (standalone articles), which more and more people realise isn’t really interested in security, privacy etc. especially in light of back-doored and front-doored Vista 10, which — if developed by a small company — would be ruled illegal, malicious software and its developers risk a long jail sentences (being close to government helps here, especially enabling snitches to spy agencies, which in turn empowers the government).

01.06.16

Microsoft Confirms Real-Time Spying on Vista 10 Users (Operating System as a Bug), Increases Pressure to ‘Upgrade’

Posted in Microsoft, Security, Vista 10, Windows at 7:46 pm by Dr. Roy Schestowitz

Don’t install, just antagonise the bugging

A microphone

Summary: Microsoft inadvertently reminds people who had Vista 10 installed on their PC (sometimes downloaded passively against their will) that it is spying on them all the time and a new kind of pressure is being used to create a panic for acceptance of any forced (remotely-imposed) ‘upgrade’ to Vista 10

TECHRIGHTS does not wish to be dragged back into Microsoft bashing (unlike direct attacks on GNU/Linux, usually with the aid of software patents and patent trolls), but readers probably know by now that Microsoft has been turning people who used to be called users or customers into subjects or products, to be spied on and be treated like a commodity whose amount need to be maximised for exploitation in bulk.

With the introduction of Vista 10, the latest and nastiest (more malicious based on rather objective criteria) version of Windows, Microsoft now spies on every person all the time. There is some good analysis [1] and criticism [2] of this self-incriminating propaganda-driven move from Microsoft, which is desperate to convince people whom it forces to move to Vista 10 that this forcing will be for their own good, not just the good of the NSA.

“Vista 10 is not an operating system but spyware pretending to be one.”Using ‘security’ as a reason, Microsoft is now bashing older versions of Windows. Low on resources, Microsoft leaves in tact even known (to the public) back doors in its Web browsers, as covered by Microsoft-friendly sites (as here) and FOSS-centric sites (well, FOSS-centric most of the time). Here is how to put a positive spin on Microsoft’s latest kind of pressure/demand for people to move to the latest trap: “This news has come as a breath of fresh air as it was considered a bane for many web developers, thanks to the endless security holes in the software.”

Well, Web developers whom I know and work with often complain about the latest Internet Explorer and “Edge” (new branding for the same rubbish). They’re more incompatible with even more Web sites, for various different reasons. So this excuse or optimism is misplaced. As soon as next week, based on Microsoft fan sites, Microsoft will have yet another propaganda by which to pressure people to install spyware on their computers. Now is a good time to move to GNU/Linux. Some high-profile journalists are doing so right now because they better understand the underlying reasons (they’re reasonably technical).

Vista 10 is not an operating system but spyware pretending to be one.

Related/contextual items from the news:

  1. Massive Windows 10 Success Has Six Nasty Surprises

    Understandably perturbed by this BetaNews took Microsoft to task on these revelations and asked if it would like to “explain how it came about the information, and why it is being collected in the first place”. Microsoft’s official response: “Thank you for your patience as I looked into this for you. Unfortunately my colleagues cannot provide a comment regarding your request. All we have to share is this Windows blog post.”

    To which BetaNews makes a very fair conclusion: “Microsoft’s spying is intrusive enough to reveal how long you have been using Windows 10, but the company is not willing to be open about the collection of this data.”

    Consequently the next obvious point to ponder is: If Microsoft is happy to disclose this data without saying how it was attained, what else does it access and track without user knowledge? Given Microsoft already admits much of its automatic spying cannot to turned off, just how many more metrics and how much user data is it gathering from every Windows 10 device?

  2. Why is Microsoft monitoring how long you use Windows 10?

    The various privacy concerns surrounding Windows 10 have received a lot of coverage in the media, but it seems that there are ever more secrets coming to light. The Threshold 2 Update did nothing to curtail privacy invasion, and the latest Windows 10 installation figures show that Microsoft is also monitoring how long people are using the operating system.

    This might seem like a slightly strange statistic for Microsoft to keep track of, but the company knows how long, collectively, Windows 10 has been running on computers around the world. To have reached this figure (11 billion hours in December, apparently) Microsoft must have been logging individuals’ usage times. Intrigued, we contacted Microsoft to find out what on earth is going on.

    If the company has indeed been checking up on when you are clocking in and out of Windows 10, it’s not going to admit it. I asked how Microsoft has been able to determine the 11 billion hours figure. Is this another invasion of privacy, another instance of spying that users should be worried about? “I just wanted to check where this figure came from. Is it a case of asking people and calculating an average, working with data from a representative sample of people, or it is a case of monitoring every Windows 10 installation?”

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts