EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.27.14

FUD Against Google and FOSS Security Amid Microsoft Windows Security Blunders

Posted in FUD, GNU/Linux, Google, Microsoft, Security at 4:07 am by Dr. Roy Schestowitz

Summary: In the age of widespread fraud due to Microsoft Windows with its back doors there is an attempt to shift focus to already-fixed flaws/deficiencies in competitors of Microsoft

A Microsoft Windows (exclusively) infection is having a colossal impact on businesses right now, but corporate press coverage fails to name Windows [1, 2, 3], not to mention any possibility of blaming it. The name of an operating system is only mentioned for negative news when it’s not Windows. This is typical and it matches a pattern we have covered her under the “call out Windows” banner. IDG, the liars’ den, put it like this:

The Target data breach was one of the largest in recent memory, resulting in tens of millions of credit and debit cards being compromised. In the last couple of weeks, SuperValu said that at least 180 of its stores had been hit by a data breach and earlier this week UPS said 51 of it UPS Store locations had been hit.

We wrote about this last week because Windows was not being named, despite it being a critical part of this scenario. Instead, there was deflection to FOSS. It helped distract from Windows, which is insecure by design. It is an architectural problem because since 15 years ago, by some estimates, Windows has been a back doors carrier (for the NSA). Here is one British writer complaining about the approach Microsoft takes to composition as well:

In August last year, one-time-sysadmin and now SciFi author Charles Stross declared Microsoft Word ”a tyrant of the imagination” and bemoaned its use in the publishing world.

“Major publishers have been browbeaten into believing that Word is the sine qua non of document production systems,” he wrote. “And they expect me to integrate myself into a Word-centric workflow, even though it’s an inappropriate, damaging, and laborious tool for the job. It is, quite simply, unavoidable.”

To make matters worse, it facilitates surveillance and sabotage, as more stories from last years served to show (Snowden Files at the Guardian for instance). For security reasons Germany and Russia have moved back to typewriters; we can assume they were using Office and Windows beforehand.

Trust the spinners of Microsoft to create and disseminate some “Heartbleed” FUD, an OpenSSL bug that Microsoft likes to hype up and use to generalise so as to create an illusion that FOSS is inherently less secure. This has become Microsoft’s main propaganda against FOSS, based on just one single bug. The FUD started on the day that XP support (patches) came to an end; this timing is unlikely to be a coincidence for reasons we outlined before.

Jason Thompson writes an offensive piece titled “After Heartbleed, Is Open Source More Trouble Than It’s Worth?”

It starts with the following important disclosure:

Jason Thompson, formerly of Q1 Labs, is the vice president of worldwide marketing at SSH Communications Security.

Marketing for proprietary software (for Windows)? This is the type of thing we saw last week when issues in proprietary VPN software were unfairly blamed on OpenSSL. As we pointed out last week, there is also an attack on Android security (usually rogue apps at to blame) and then there is the recent security FUD against Android from former employees of Microsoft. Mind this new article which highlights Microsoft’s hypocrisy:

The Biggest Problem with the Windows Store: Scams Everywhere

Windows 8′s “Windows Store” is a great idea, but unfortunately, it’s a disaster. It’s full of scam apps, designed to trick you into buying an app you don’t need.

Our friends over at the How-To Geek recently wrote a great piece about the biggest problem with the Windows Store, and how Microsoft has apparently done nothing to address it (despite claiming they would over a year ago). For example, here’s what happens if you search for VLC, a popular free video player

Microsoft is creating some new FUD against Google at the moment and Google has responded as follows:

In Worldwide Partner Conference 2014, Microsoft Corporation (NASDAQ:MSFT) claimed that more than seven hundred and eighty five customers have switched to Microsoft Corporation (NASDAQ:MSFT)’s Office 365 from Google Inc (NASDAQ:GOOGL)’s Apps. Microsoft didn’t give any proofs for this claim, but shown a slide having the names of the pronounced customers who made the switch. Google Inc (NASDAQ:GOOGL) immediately started investigating this claim and has recently come up with a response. According to Google Inc (NASDAQ:GOOGL), 5,000+ companies sign up for Google Apps on a daily basis and thousands of these companies switch from Microsoft. In a Forbes article, Ben Kepes mentioned Google’s response and said that it was already expected that Google will come up with a befitting response on Microsoft’s claims.

Microsoft is a malicious, criminal company. Its ability to manipulate the press into writing negative stories about the competition is quite flabbergasting. Microsoft’s key strategy right now is badmouthing the competition. AstroTurf and press manipulation is how that's done, as we showed in the previous post.

08.22.14

UPS Burned by Microsoft Windows, Gives Away Massive Number of Credit Card Details

Posted in FUD, Microsoft, Security at 4:21 pm by Dr. Roy Schestowitz

TJ Maxx all over again?

Boycott against UPS

Summary: UPS is the latest victim of Microsoft’s shoddy back door with software on top of it (Windows); attempts to blame FOSS for data compromise actually divert attention from the real culprit, which is proprietary software

A boycott against UPS, based on my bitter experiences, is nothing too prejudiced. Their system does not work well. That’s an understatement actually. It’s dysfunctional. In fact, it’s an utter mess. I wasn’t the only one who was utterly screwed, reputedly, and made deeply upset by them. I tried to accomplish something so simple and spent a huge amount of time achieving nearly nothing. They are badly coordinated and their system is crap. They’re using an utterly flawed system, especially when it comes to exchanges with clients, including financial exchanges. Last year I was upset enough to produce some memes like the following:

UPS

Now it turns out that UPS was foolish enough to be using Microsoft Windows. Consequently, in many countries (not just one) it got “infected with credit card stealing malware” and customers are going to pay dearly (customers, not UPS):

Grocery shoppers nationwide probably had credit card data stolen

Coast-to-coast: Albertsons, Acme Markets, Jewel-Osco and more were hit.
Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.

“Windows, again,” says our reader. “See the annotations in the update…”

Notice how the Microsoft-friendly Condé Nast fails to even name Microsoft. Total cover-up, maybe misreporting. Disgusting. It’s like naming an issue in some car model, stating that it is chronic, dangerous and widespread, but still not naming the car maker or the model. Recall also the biggest credit card-stealing incidents in recent history; it is almost always due to Microsoft and Windows.

There is a bunch of reports circulating right now which blame an OpenSSL bug (that Microsoft likes to hype up) for patients’ data compromise.

A reader of ours who lectures on computer security explains: “The real problem was that, as seen in other articles, they used a VPN in place of real security. Oh, and the VPN was closed source, not OpenVPN.”

“This is no surprise as when given internal access to any computer network, it is virtually a 100% success rate at breaking into systems and furthering access,” says one report.

“They admit to having no security for their services and relying on a VPN to provide the illusion of security,” our reader explains. “They also misuse the marketing term ’0-day’.”

Anything to keep the term “Heartbleed” in headlines, creating a FOSS scare…

You can count on the likes of Condé Nast covering Microsoft-induced disaster without mentioning Mirosoft at all while at the same time shouting “Heartbleed” from the rooftops, as Condé Nast so regularly does.

08.18.14

Gartner Group Advocates Using Defective Software With Back Doors

Posted in Microsoft, Security, Windows at 4:01 am by Dr. Roy Schestowitz

Summary: Despite strong evidence that Microsoft has been complicit in illegal surveillance, Gartner continues to recommend the use of Windows and other espionage-ready Microsoft software

One might think that the Gartner Group paid attention to revelations about Microsoft complicity and active collaboration with the NSA’s crimes. Apparently, however, being a rogue marketing operation (disguised PR), Gartner is seemingly unable to learn what a lot of the public (and CIOs, CTOs etc.) already know. Let’s face it. Bill Gates’ ‘investments’ in Gartner and Microsoft’s payments to this marketing (‘analyst’) firm did not fail to cloud its judgment. In world of Gartner, even though Vista 8 is a total disaster and the future of Windows is quite uncertain, the only choice one has is between versions of Windows, not between operating systems. To Gartner, anything other than Windows is not even an option. Back doors are here to stay and defects too are “necessary evil”, apparently.

Why is it that so many people continue to treat Gartner with respect? Any morsel of credibility should have been long gone, even by checking who subsidises this firm. It’s like a think tank or a collective lobbying group (for its corporate client who seek to sell, not to buy); that’s not what analysts are supposed to do.

John C. Dvorak published this column the other day, highlighting the fact that Windows is defective and remains defective even decades down the line. He wrote: “You would think that after 30 years of Windows, many of the obvious and consistent flaws would be fixed. Are they unfixable? Or are the people at Microsoft who can fix them uninterested?

“There is a belief within the tech community that Microsoft lost control of Windows years ago as the company turned over personnel—including the programmers who actually knew the base code of Windows itself. It has long since become what people call spaghetti code—a tangle impossible to unravel. Every patch has to be run through a regimen of tests to see if anything breaks. One thing is fixed and soon something else does not work right.”

Incidentally, see this new report about Microsoft bricking Windows with the latest patches. To quote:

Since Patch Tuesday this past week, Microsoft has been receiving reports of severe system errors caused by one or more of the updates.

Yes, that’s Microsoft ‘quality’. This spaghetti code is impossible to manage, apparently. Simon Phipps, the OSI’s President, also wrote quite recently for “Linux Voice. He wrote about Microsoft’s inherently defective software, inadvertently echoing some of Dvorak’s observations:

The action law enforcement services have taken against the GameOver-Zeus malware syndicate is great news for a change. In the UK, this was communicated with typical tabloid alarmism, framed as “two weeks to save the world” instead of “unusually effective action by law enforcement”. As a result, UK publications have been posting self-preservation information for their readers.

This is a Windows-only issue and since Microsoft does facilitate back doors (bug doors to be precise), Microsoft deserves at least some of the blame here. As Phipps concludes:

So actually it’s somewhat appropriate to blame Windows versions prior to Windows 8 for being vulnerable to many viruses which exploited bugs in this way. The existence of the vulnerability was a conscious choice and a marketing decision; in OS/2, which had no legacy to accommodate, the ring 0 separation was enforced.

Yes, Windows also offers a larger attack “surface” because of its wide adoption, and yes, there are other exploit mechanisms. But this tolerated technical vulnerability is the root cause of a large number of exploits. So while it’s true that malware authors are directly to blame for malware, there’s also a culpability for Microsoft that can’t be ignored.

For Gartner to be advocating the use of such rubbish spaghetti code (in binary form) is worse than incompetent; it’s utterly irresponsible. Why will any serious CIO or CTO ever listen to Gartner again?

Based on publicly-available evidence, even BIOS cracks require Windows. To give “BULLDOZER” as an example: “The technique supports any desktop PC system that contains at least one PCI connector (slot) and uses Microsoft Windows 9x, 2000, 2003 server, XP, or Vista. The PCI slot is required for the BULLDOZER hardware implant installation.”

To give “DEITYBOUNCE” as an example: “DEITYBOUNCE supports multiprocessor systems with RAID hardware and Microsoft Windows 2000, XP, and 2003 Server.”

No wonder China and Russia are banning x86 and/or Microsoft Windows. It’s not because they’re “anti-American” but because Microsoft Windows and some US-made hardware are anti-users. In Germany, for example, ‘secure’ boot was banned for similar reasons. Perhaps they have not been taking Garner’s advice then. In Munich, Gartner notably tried to derail (with words) the migration to GNU/Linux, as we demonstrated some years ago.

08.06.14

Symantec Deserves a Ban in China for Not Reporting US Government Back Doors

Posted in Microsoft, Security, Windows at 10:29 am by Dr. Roy Schestowitz

Tick the box to ban

Symantec logo

Summary: Symantec, a Windows insecurity firm, is miserably trying to divert attention away from reports about distrust that led to a ban in China

According to many reports this week [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], China does not trust some US- and Russia-based companies to take care of ‘security’ in China. It’s about time.

Reports focus on two firms, but another one is seemingly affected (Symantec). While Kaspersky (which we occasionally mention here) does not deny the claims, Symantec does strike back and “Says its Products are Still Allowed in China”. This is a cleverly-worded denial. Some products are definitely banned, but the “Security software developer Symantec Corporation denied its software has been banned in China.” Symantec merely says or emphasises that not everything is banned.

Just to be more specific: “It is important to note that this list is only for certain types of procurement and Symantec products are not banned by the Chinese government.”

Kaspersky is hyping up security threats at the moment and Symantec is trying hard to dodge the negative publicity because trust is fundamental to their sales. Symantec, which has strong Microsoft connections and disdain for FOSS, should not be trusted if China does not trust Microsoft (we already know how China feels about the ‘new’ Microsoft). To quote an IDG report:

Symantec and Kaspersky Lab have become the latest tech firms to be kicked off the Chinese Government’s approved list, according to an unconfirmed report in the country’s media.

The People’s Daily newspaper broke the news at the weekend in a report that claimed that local supplies including Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising would from now on be the preferred software for antivirus duties.

The news seems to have surprised both firms, which have until now have been approved suppliers for desktop security.

Symantec has been overlooking government back doors such as the ones Microsoft puts in place and lets the US government know about. This is an older debate which made a comeback amid NSA leaks (other antivirus makers seemingly exempt government malware and such, e.g. Stuxnet). Here is Wall Street’s press coverage:

That’s a lesson that Microsoft and Symantec are learning right now. An antivirus company from Silicon Valley, Symantec competes in China against local favorites like Beijing-based Qihoo 360 Technology. According to reports by Bloomberg News and the Chinese media, China has instructed government departments to stop buying antivirus software by Symantec and its Moscow-based rival, Kaspersky Lab. Symantec software has backdoors that could allow outside access, according to an order from the Public Security Ministry. Not coincidentally, Qihoo’s New York-traded shares rose 2.7 percent yesterday, following reports of the move against Symantec and Kapersky.

Well, good for them. After being cracked by the NSA they need to secure their systems by better identifying possible moles (in the software sense).

Dan Goodin, who typically slams FOSS over security issues (less severe than in proprietary software), finally writes about Microsoft’s best known back doors that it tells the NSA about (Goodin does not mention the NSA connection):

There’s a trivial way for drive-by exploit developers to bypass the security sandbox in almost all versions of Internet Explorer, and Microsoft says it has no immediate plans to fix it, according to researchers from Hewlett-Packard.

The exploit technique, laid out in a blog post published Thursday, significantly lowers the bar for attacks that surreptitiously install malware on end-user computers. Sandboxes like those included in IE and Google Chrome effectively require attackers to devise two exploits, one that pierces the sandbox and the other that targets a flaw in some other part of the browser. Having a reliable way to clear the first hurdle drastically lessens the burden of developing sophisticated attacks.

What can Symantec do to stop this other than suggest abandoning Windows (its bread and butter)? Symantec must have known about back doors in the form of IE vulnerabilities, but did it properly protect China from it? No, Symantec makes money from the prevalence of Windows and the company’s management is deeply connected to Microsoft’s.

07.31.14

Is Microsoft Being Raided Not Just for Anti-Competitive Reasons but for Bribes and Back Doors?

Posted in Apple, Fraud, Microsoft, Security at 2:21 pm by Dr. Roy Schestowitz

Great Wall of China

Summary: News about raids in Microsoft China mostly lacking when it comes to background, context, and information about Microsoft’s crimes in China

THE WORLD is moving away from Microsoft. It starts with countries like China, which makes its own hardware (as well as much of the world’s), and then there’s Russia, which abandoned x86 (Wintel) and will make its own chips on which only GNU/Linux will neatly fit. We covered all that earlier this year and it’s clearly not just rhetoric; these things are already happening as the wheels are in motion. Microsoft is desperate to keep up with the changes, but Wintel is like an order of magnitude more expensive than Linux with ARM. It’s game over. Android is dominating many areas, along with its derivatives or other Linux-based operating systems.

The other day there was plenty of press coverage (e.g. [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) about Microsoft being raided by Chinese authorities. “Chinese regulators swarm Microsoft offices over antitrust concerns,” said some headlines (focusing on competition issues, not back doors), but most reports were a lot more vague with claims [1, 2, 3] ranging from nationalism to concerns about Office tie-up. The plutocrats’ media tried to blame it on China and make the Chinese government look irrational (watch what Microsoft boosters say, another one that’s Gates-washing it, and ludicrous claims that “China steps up the arms race in the digital cold war”). The English-speaking Chinese press says that 4 Microsoft offices were visited in the raid. One summary says that “[r]egulators claim Office, Windows illegally tied” while mostly, instead of speaking about recent success stories with Linux, including Android, the article looks backwards and says: “While there have been several attempts to get Chinese punters to switch to Linux – including Red Flag Linux and the unimaginatively named China Operating System – none have been particularly successful at shaking off Windows’ dominance.”

Now, remember that Microsoft was raided in other countries before (e.g. Hungary) and in 2013 the “US probe[d] Microsoft China bribery claim”, as we covered at the time. There is a criminal element to Microsoft’s conduct in China. One of our readers asked, “pressing for more bribes, discounts and backdoors?” Watch China demonised in Western media for protecting itself from espionage (terms like “Microsoft Chinese burn riddle” don’t help).

As Charlie Demerjian reminded us a short while ago, Microsoft is now extorting Windows users:

Microsoft decided to extort Windows 7 users too

Not content to blow both feet off with a shotgun, Microsoft is going for the kneecaps now by blackmailing it’s customers. If you are still dumb enough to use Windows, you are about have your wallet shaken down by Microsoft in a familiar yet still unwelcome way.

We don’t feel the need to sugarcoat this much because the company’s behavior is so blatant and uncaring it is almost staggering. Worse yet the victims, that would be almost all Windows users, have only themselves to blame because the pattern has been well laid out for years now. Microsoft has been unapologetically blackmailing users for years, anyone who bought one of their products in the last few years should have known better.

China has an issue like this; even in the UK the NHS has faced similar issues and is constantly being pressured by Microsoft, as we showed some weeks ago. Office (online) and Windows (the platform for Office on the desktop) are both banned by the Chinese government now.

Leading Chinese media, the New York Times (trend-setting in the US) and BBC (trend-setting in the UK) covered this and have ended coverage by now, so we saw no urgency to point out the news immediately (unlike some bloggers), only to add some background information which has been omitted by the media. A year after Microsoft came under investigation in the US (over allegations that had bribed Chinese officials) it got a visit from Feds, so what is the likelihood that these raids are at least partly related to criminal activity? Microsoft bribery in China is nothing new; it’s how Microsoft does business and the investigation dealt with numerous countries in which Microsoft was alleged to have bribed officials. The BBC says:

Microsoft has confirmed that officials from China’s State Administration for Industry and Commerce – the body responsible for enforcing business laws – have visited some of its offices.

It sounds like bribes would fall under this category. This comes amid shrinkage of Microsoft’s presence in China:

Microsoft Corp’s biggest reduction in company history could cost China more than 1,000 jobs, analysts warned on Friday.

Apple too is laying off employees, 200 people in fact, so let’s not treat Microsoft alone as the problem. Moreover, based on today’s (and yesterday’s) news [1-7], Russia may be close to banning or kicking out Apple and SAP, due to the fact that their software is secret (proprietary) and thus cannot be trusted.

Related/contextual items from the news:

  1. Russia wants Apple and SAP to prove that their software isn’t used for spying
  2. Russia: Apple, SAP to share source codes to combat spying

    Russia has suggested that IT-giants Apple and SAP disclose their source codes to Russian state specialists in order to clear up information security issues after the chain of spy scandals undermined trust in foreign products.

  3. Russia Wants Apple and SAP’s Source Code to Check Spying Activities
  4. Quick Note: Russia Requests Apple, SAP’s Source Code to Prevent Spying

    Russia has made a bold request for both Apple and SAP’s source code to make sure that neither company’s software contains any sort of spy tools.

  5. Russia Asks Source Codes from Apple, SAP
  6. Russia wants Apple and SAP to prove that their software isn’t used for spying
  7. Sorry Russia, Apple and SAP aren’t revealing their source code

    To ensure that SAP and Apple products aren’t vulnerable to spying, Russia suggested last Tuesday that the companies give Russia access to their source code, Reuters reports.

Former Microsoft Engineer Working on Windows BitLocker Confirms Government Asks Microsoft for Back Doors

Posted in Microsoft, Security at 1:43 pm by Dr. Roy Schestowitz

Built with elegance, concealed with compilers

Iron doors

Summary: Recalling the times when even Microsoft staff spoke about secret government collaborations and back doors

China and Russia are currently moving away from Windows (GNU/Linux to be imminently installed on all government machines) — a point which we are going to focus on later today because truths about security and privacy rapidly come out, revealing the clear advantage of Free — as in freedom/libre — software. China and Russia must be motivated by advice of security gurus (of which they have plenty) and the secret services; it’s not about anti-American sentiments but about national sovereignty, especially now that we know about espionage and attacks on companies like Huawei (breached by the NSA, with proof provided).

On numerous occasions in the past we highlighted Microsoft’s relationship with the NSA, going about 7 years back. Many of Microsoft’s back doors are there by design; they need not involve slow patches, hidden patches, malware (e.g. CIPAV) or even warrants for physical access (COFFE). Microsoft is like the world’s leading back doors specialist, and it needn’t even require that people upload their data to some so-called ‘cloud’ services which tempt the gullible (low-hanging fruit). Surely Microsoft understands that it is losing business because people understand what it does now; it’s not due to misconceptions; quite the contrary; businesses and governments finally realise what was true all along. Remember Stuxnet?

Microsoft’s Scott Charney, a professional liar with agenda and big salary (people would happy lie for the type of money he receives), is trying hard along with Smith (lawyer who lies or deceives by omission) to deny Microsoft book doors, but as the following new article explains, the admissions from Microsoft itself are already out there and they cannot be retracted:

Scott Charney, of Microsoft’s Trustworthy Computing, said the government has “never” asked for a backdoor in Microsoft products. Yet a former engineer working on BitLocker claimed the government does ask, but those requests are “informal.”

Four of Microsoft offices in Beijing, Shanghai, Guangzhou and Chengdu, China, were raided as part of an official government investigation. Microsoft China spokeswoman Joan Li confirmed that Investigators of the State Administration for Industry and Commerce were investigating the company and Microsoft would “actively cooperate”’ with the Chinese government. The South China Morning Post reported that the investigation may involve antitrust matters.

[...]

Yet in September 2013, The New York Times reported the NSA worked with Microsoft “officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service. Microsoft asserted that it had merely complied with ‘lawful demands’ of the government, and in some cases, the collaboration was clearly coerced.”

Mashable followed up these claims by asking the FBI if it had ever asked for backdoors in Microsoft products. Although the feds denied it, Peter Biddle, the head of the engineering team working on BitLocker in 2005, claimed that the government makes “informal requests” for backdoors. Allegedly after making claims about “going dark,” the FBI “informally” asked Microsoft for a backdoor in BitLocker.

A request for a backdoor, whether informal or not, is still a request for a backdoor. That’s quite a bit different than the government having “never done that,” but perhaps the feds didn’t request backdoor access directly from Charney?

[...]

Yet you might be wise to recall that Caspar Bowden, the man formerly in charge of Microsoft’s privacy policy for 40 countries, claims he no longer trusts Microsoft or its software; he added that Microsoft’s corporate strategy is to grind down your privacy expectations and that the company’s transparency policies are nothing more than “corporate propaganda.”

Over the years we have covered several more examples. Whenever Microsoft makes claims about collaborations with government surveillance pay careful attention not to what Microsoft is saying but what Microsoft refuses to say. The same goes for Apple. They embrace carefully-worded non-denying ‘denials’. When everyone sees through the lies they will both pay for it dearly, and perhaps go bankrupt owing to the network effect.

07.27.14

Frequency of Browser Back Doors in Microsoft Windows is Doubling

Posted in Microsoft, Security at 5:52 am by Dr. Roy Schestowitz

National Security Agency

Summary: The vulnerabilities which Microsoft tells the NSA about (before these are patched) are significantly growing in terms of their numbers

NOT ONLY Apple should be in the headlines for its back doors, which Apple is hardly denying. Apple admits putting them in there, but is being evasive about the motives. What about Microsoft? Why is the press not covering Microsoft back doors, as confirmed last year?

The other day we found this report [via] about “Internet Explorer vulnerabilities increas[ing] 100%” (year-to-year):

Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.

Here is more on the subject:

The report summarises public vulnerabilities and exploit trends that the firm observed in the first six months of 2014 and found that Microsoft’s web browser set a record high for reported vulnerabilities in the first half of 2014 while also “leading in publicly reported exploits”.

Remember that Microsoft tells the NSA about these vulnerabilities before they are patched. Perhaps the media should stop focusing only on Apple’s back doors.

07.20.14

Attacking FOSS by Ignoring/Overlooking Issues With Proprietary Software

Posted in Deception, Free/Libre Software, Security at 4:06 am by Dr. Roy Schestowitz

Dan Goodin

Summary: The biasing strategy which continues to be used to demonise Free/Open Source software (FOSS) along with some new examples

SEVERAL days ago several people told us about this article from Matt Asay. Ignoring the issues with proprietary software (EULAs, back doors, etc.) the article makes the bizarre claim that “we’re living in a post-open source world”, as if Free/libre software does not matter anymore. One reader told us that Asay had been “trolling for Black Duck“. Well, looking at the licensing strategy of Asay’s current employer, this position is easy to explain.

Unfortunately, however, the problem is this case is what Red Hat staff called “Asayroll” (troll) and we often call Mac Asay (he does not use FOSS himself). He used to be a fan of the GPL but then turned against it. Black Duck is just one among several data points he uses to bash the GPL now. Other data points (at least two) were partly Microsoft-funded as well; they’re good at hiding it. It’s information war, striving to change perception and kill the GPL with words.

It is not a surprise that Asay attacks the GPL and this is actually IDG’s second article in just about a week which attacks the GPL, citing Microsoft-connected entities. They must be terribly afraid of copyleft, or maybe their clients (like Microsoft) are doing lip service.

In other FUD, Dan Goodin with his provocative images continues to attack FOSS security, focusing all his attention on bugs in FOSS rather than back doors in proprietary software. “Researcher uncovers “catastrophic failure” in random number generation,” he says. Well, actually, in LibreSSL there is much better randomness than in Intel’s hardware-’accelerated’ RNGs (which are likely facilitating back doors by keeping entropy low) and proprietary software, which uses weak (by design) encryption. “Dan is the Security Editor at Ars Technica,” says the site, which really says a lot about where Condé Nasty (owner of Ars Technica) stands on security. It only trash-talks FOSS and GNU/Linux. This is systematic bias, usually by omission.

In more relevant news, watch the article “Embedded Windows XP systems targeted by new Chinese malware”. It says:

“It is exceedingly hard to protect against malware when it ships pre-installed from the factory. The average business, even a large enterprise, simply isn’t set up to perform this kind of due diligence on incoming hardware with embedded systems, whether it’s Windows, Linux or another platform. If an organisation wants to ensure privacy for itself and its customers, it must bear the cost of security somewhere in the supply chain, whether that’s in increased cost of a higher assurance supplier, or in post-purchase testing,” he explained.

Why is Linux dismissed as an option? Windows has back doors, so it can never be suited/deemed suitable for financial transactions. Why insinuate that this kind of issue is inherent (to the task)?

They should call out Windows and Microsoft’s connections with the NSA. which in is in turn connected to US banks. No country other than the US can ever trust Windows for use in ATMs. That’s a fact.

We are disappointed to see incomplete, biased, vengeful ‘reporting’ with agenda tied to companies/friends/employers of the writers/publishers. This is not journalism. It’s trash talk disguised as “news”.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts