EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.24.15

Microsoft Windows Leads to Espionage and Blackmail: Latest Examples

Posted in Microsoft, Security, Windows at 6:00 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: Another news overview, detailing high-profile examples of high-cost Windows deployments (including the cost of litigation and settlement)

THE “IRS hack [is] far larger than first thought,” according to this new report. It’s no secret that the IRS is a Microsoft Windows shop (which was warned about security breaches as far back as 6 years ago), so it makes one wonder if Windows was to blame here, as in the OPM breach, the Sony breach, and most recently the Ashley Madison breach (not to mention Stuxnet in Iran). Based on our information, all these high-profile breaches one way or another involve Microsoft reliance. The corporate media failed to call out Windows, but a little bit of research often helps boil it down to Microsoft’s NSA-accessible (through back doors) platforms.

“The parent company can now be sued into bankruptcy. It’s the (hidden) high cost of Windows.”Below is a new story which shows how Argentina targets [1] a large number of dissidents for surveillance using a fake “confidential document [that] was intended to infect a Windows computer.” GNU/Linux users needn’t worry about such things. Then of course there is the latest high-profile breach, the one affecting tens of millions of members of Ashley Madison (including almost ten thousand members of the military, including high-ranked ones), some of whom are suing [2] (what’s the price of a failed marriage or blackmail?). The parent company can now be sued into bankruptcy. It’s the (hidden) high cost of Windows. According to [3], “Security Was An Afterthought” at Ashley Madison. Well, that’s quite evident. Ashley Madison is hardly even hiding it (DMCA rampage is not a substitute) and it has been made ever more obvious by the fact that they were using Microsoft Windows.

Microsoft and security are mutually exclusive, unlike Microsoft and insecurity. No secure application can be mounted on top of a base with back doors. It ought to be crystal clear after Snowden’s many revelations.

Related/contextual items from the news:

  1. Inside the Spyware Campaign Against Argentine Troublemakers

    Alberto Nisman, the Argentine prosecutor known for doggedly investigating a 1994 Buenos Aires bombing, was targeted by invasive spy software downloaded onto his cellular phone shortly before his mysterious death. The software masqueraded as a confidential document and was intended to infect a Windows computer.

  2. Canadians are suing Ashley Madison because a lack of prophylactic protection

    A BRACE OF LAW FIRMS ARE BEHIND A class action lawsuit against Ashley Madison because it did not do enough to protect personal and private information.

    The class action case, from two Canadian law firms, argues that the hookup stations failed users by not protecting their information and for not deleting it after a fee had been paid to ensure its deletion. It seeks $578m.

    According to the New York Post the lawyers want some satisfaction for a cluster of punters who are currently wearing outraged expressions and regretting joining a site that does what it does in the way that it does it.

  3. ‘Security Was An Afterthought,’ Hacked Ashley Madison Emails Show

    It’s already clear that, despite handling very sensitive data, Ashley Madison did not have the best security. Hackers managed to obtain everything from source code to customer data to internal documents, and the attackers behind the breach, who call themselves the Impact Team, made a mockery of the company’s defenses in an interview.

08.20.15

Ashley Madison Disaster Apparently the Fault of Microsoft Windows

Posted in Microsoft, Security, Windows at 6:50 am by Dr. Roy Schestowitz

What kind of company uses Windows for security?!

Hilton Manchester

Summary: New reports serve to show that Ashley Madison’s data which got leaked includes complete dump of corporate Windows passwords

TWO months ago we wrote about the Office of Personnel Management (OPM) breach and Microsoft Windows. It’s quite unusual for large, high-profile breaches to involve anything but Microsoft, but the media rarely call out Windows, not even when Stuxnet is clearly all about Windows (not surprisingly because Microsoft aids the NSA and the NSA developed Stuxnet) and the Sony were reportedly the fault of a leaky Window server, irrespective of who infiltrated it (an entirely separate question).

Another day, another crack. Because OPM contains the personal details of many rich and powerful people. OPM still dominates the news to some degree (although Windows is rarely mentioned) and now it’s Ashley Madison [1,2]. A lot of people, including very high-profile people, can now be publicly shamed and/or blackmailed.

“Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people.”According to this report, the leak “included a full domain dump of corporate passwords (NTLM hashes) of the Windows domain of the company” (hello Microsoft!).

“According to security experts, including Krebs,” wrote Gordon in IRC, “it’s definitely a legit dump” and there are articles that explain why. “The database dump,” to quote this one report, “appears to be legitimate and contains usernames, passwords, credit card data (last four), street addresses, full names, and much much more. It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time.”

Ashley Madison’s owners are in panic because a lot of lawsuits may be imminent. They are trying to DMCA sites that share the data, but history teaches that this is a futile effort. They now pay the price of using Windows and many people (perhaps dozens of millions) pay the price of relying on a company that uses Windows.

Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people. Microsoft leads to a form of global anarchy by making its software flawed by design and leaky by intention. It’s that same dumb mentality that leads some politicians to demands of back doors only for the “Good Guys” (them).

Related/contextual items from the news:

  1. Remember How The DMCA ‘Stopped’ The Release Of Ashley Madison Cheaters Data? About That…

    And… it took longer than expected, but less than a month later, the data file has leaked online, and you can bet that lots of people — journalists, security researchers, blackmailers and just generally curious folks — have been downloading it and checking it out.

    Maybe, next time, rather than claiming copyright, the company will do a better job of protecting its systems.

  2. Data from hack of Ashley Madison cheater site dumped online [Updated]

    Gigabytes worth of data taken during last month’s hack of the Ashley Madison dating website for cheaters has been published online—an act that could be highly embarrassing for the men and women who have used the service over the years.

    A 10-gigabyte file containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn’t include full payment card numbers or billing addresses.

    [...]

    “We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data,” they wrote in an e-mail to Ars. “We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

08.12.15

The Huge, Collateral Cost of Microsoft’s Collusion With Five Eyes Espionage Agencies

Posted in Microsoft, Security, Windows at 4:51 pm by Dr. Roy Schestowitz

Michael S. Rogers
“I don’t want a back door. I want a front door.” — Director of the National Security Agency (NSA), April 2015

Summary: Microsoft Windows continues to be inherently insecure, at the very least because Microsoft worked to make intrusion possible by shady agencies that operate outside the law (much like cyber gangs)

IT IS no secret that Microsoft works closely with the NSA and other Five Eyes agencies. It is also no secret that Stuxnet was developed by those agencies and targets Microsoft Windows. After it had targeted Iran it sort of ‘spilled out’ and caused many billions in damages all around the world (we covered examples). Having gotten out of hand, Microsoft’s back doors for espionage agencies were soon exploited also by the “bad guys” (not that espionage agencies can be described as “good guys”). There is no substitute for absolute, scientifically-verifiable security and strong encryption. People who sell “Golden Key” dreams are non-technical war-loving liars. Based on this new article (Dan Goodin finally targets Microsoft for a change, having repeatedly bashed just Free software), a new Windows “exploit is reminiscent of those used to unleash Stuxnet worm.” To quote Goodin: “The vulnerability is reminiscent of a critical flaw exploited around 2008 by an NSA-tied hacking group dubbed Equation Group and later by the creators of the Stuxnet computer worm that disrupted Iran’s nuclear program. The vulnerability—which resided in functions that process so-called .LNK files Windows uses to display icons when a USB stick is plugged in—allowed the attackers to unleash a powerful computer worm that spread from computer to computer each time they interacted with a malicious drive.”

“GNU/Linux is designed for security from the ground up and if one does not believe it, one can freely scrutinise the code.”Any design that lets a USB device trigger commands at such high levels is a design that’s clearly not designed by security professionals. Many other issues tied to this design have been reported for over a decade and Microsoft is not fixing it. According to last year’s explosive report, titled “N.S.A. Devises Radio Pathway Into Computers”, the NSA “relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers.”

The media may go on about how Microsoft no longer delivering security patches is an issue, but as Microsoft tells the NSA about holes before patching them, what difference does it make? All versions of Windows, no matter how up to date they are, are vulnerable. It’s not an accident. “Both Microsoft and HP were insistent companies that hadn’t refreshed [Windows Server 2003] after 14 July,” said the report, “are exposing themselves to all sorts of security attacks, and that up-to-date patches and firmware are needed.”

No, their first mistake is that they use Windows anything (never mind Windows Server, irrespective of the version too). Windows is not designed to be secure. It has back doors and front doors. GNU/Linux is designed for security from the ground up and if one does not believe it, one can freely scrutinise the code.

“The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team.”

CIO David Wennergren, Department of Defense (October 2009)

08.07.15

The Delusion of Privacy and Security in Vista 10 Instantaneously Debunked Even in the Media, Despite Microsoft’s PR Efforts

Posted in Microsoft, Security at 9:17 am by Dr. Roy Schestowitz

“[W]e’re not going to have products that are much more successful than Vista has been.”

Steve Ballmer

Summary: The media continues to mock Vista 10 ‘features’ (and by extension Microsoft) for their gross privacy violations while Microsoft boosters try to create an illusion that Microsoft wants to improve security, despite creating back doors for rogue government agencies

BASED on some of the very latest Web statistics, the adoption rate of Vista 10 is very poor, especially when one considers the cost. Vista 10 surprised many people when it was served to the public (final release) with all the surveillance built in, as if every user (or buyer) is a beta tester of Microsoft, expected to endlessly send input to Microsoft for debugging purposes (even keystrokes!). What started with some blogs and privacy groups ranting about Vista 10 is now a major story in much of the media.

“You know that Vista 10 is broken when people (both developers and non-developers) desperately try to ‘fix’ it, as is widely reported in the media right now.”WND, a GOP-centric site, complains about Vista 10 and goes with the headline “Windows 10 spies on emails, images, credit cards, more”. Linux Veda says that “Microsoft are abusing their users and we could do with a useful tool to restrict this.”

You know that Vista 10 is broken when people (both developers and non-developers) desperately try to ‘fix’ it, as is widely reported in the media right now. Some people reportedly abandon it (to go back to older Windows or upgrade to GNU/Linux). Since Vista 10 is proprietary software, there is no way to fix it or even ensure it does not send personal data to Microsoft (silently, with or without encryption). One can only hope, especially when adjusting settings using Microsoft’s own handles.

Twitter’s Microsoft spam (paid for by Microsoft) now reaches shamelessly high levels, for they append “sponsored” Microsoft propaganda even to hashtag pages, calling it “top news” and linking to Bing shortcuts, posted by Microsoft’s professional buddies. We have already complained about how Twitter was helping Microsoft promote Vista 10 (these two companies have been working together for a long time [1, 2, 3, 4, 5]).

Much of Microsoft’s ‘damage control’ (notably in Twitter) is just linking to articles which suggest ‘fixes’, as if privacy in Vista 10 can be easily sorted out. The ToryGraph says that “Microsoft is collecting user account information, credit card details and passwords,” but then goes gentle/soft on Microsoft. An article by Steven J. Vaughan-Nichols refers to those concerned about privacy violations in Vista 10 as “paranoid”. TechRadar, which so often delivers Microsoft spin, tries to advise readers, not by telling them to steer away from Vista 10 but rather to ‘fix’ it. A better article came from Andrew Orlowski, who called Vista 10 “a clumsy, 3GB keylogger.” In his article titled “Microsoft vacates moral high ground for the data slurpers’ cesspit” (showing if not emphasising Microsoft’s hypocritical attacks on Google) Orlowski wrote: “A funny thing happened while I was reinstalling Windows 8 over Windows 10 yesterday morning. There in front of me, halfway through the installation process, were two full, clear pages of privacy toggles. Every toggle was set to not send private information to Microsoft, or anyone else.

“Microsoft has turned users of Windows into useds, or products.”“In addition, Windows 8 created a local user account by default – and didn’t demand I maintain a constant, umbilical connection to Microsoft’s servers. Windows 8 was configured for maximum privacy. Now compare this to the indiscriminate data slurp that Microsoft calls Windows 10. It’s basically a clumsy, 3GB keylogger.

“It’s often said that with data protection and privacy, we’re like lobsters: we don’t notice the water getting warmer and warmer, until we’re boiled alive. So it’s been with Windows. Windows 8.1 didn’t show you clear choices or screens with privacy toggles anymore, but invited you to agree to either “Express Settings” for privacy (wow: cool, convenient) or “Customise” them (there be monsters). It respected your local user account, but then bullied you into switching to the umbilical when you accessed the Store. Windows 10 makes the Customise option so small it looks like the trademark notice, and even then, the defaults are set to send everything to Microsoft, and only allow you to control the data slurp partially. Local user accounts are so buggy in Windows 10 that you’ll probably switch to always-being-slurped anyway.”

“It’s time we owned our own data,” says this new article, quoting what it called a “Silicon Valley truism.”

“If you’re not paying, you’re the product” is the truism. Microsoft has turned users of Windows into useds, or products. Microsoft is intensifying its relationship with the NSA while many other companies try to distance themselves from the NSA. Microsoft does not strive to offer security at all, despite its empty claims to the contrary (like a show trial involving data in Ireland). IDG's Microsoft boosters and Microsoft staff (Microsoft MVP J. Peter Bruzzese in this particular case) prop up the illusion of Microsoft as advocate of “security”, but it is just Microsoft marketing shrewdly disguised as “articles”, or Microsoft MVPs acting like external staff (watch this Microsoft advocacy site having a go too). Vista 10 ought to end any pretense that Microsoft cares about security.

Remember that Microsoft did not fix a serious Windows flaw for 3 months, despite Google urging Microsoft to fix it. The above ‘articles’ (from Microsoft mouthpieces) are just part of the publicity stunt. Microsoft is not bothering to fix critical flaws that it knows about and tells the NSA about (essentially giving back door access to all versions of Windows, as usual). Vista 10 takes all this to unprecedented new levels and lets spies track Windows users in real time (even their keystrokes!). It also harvests passwords, including encryption keys (supposedly for 'recovery').

08.04.15

Free Software is Commercial

Posted in Free/Libre Software, FUD, Security at 4:04 am by Dr. Roy Schestowitz

“There’s no company called Linux, there’s barely a Linux road map. Yet Linux sort of springs organically from the earth. And it had, you know, the characteristics of communism that people love so very, very much about it. That is, it’s free.”

Steve Ballmer, Microsoft’s CEO at the time

Summary: Corporate media helps stigmatise Free/Open Source software as unsuitable for commercial use and once again it uses the ‘security’ card

SEVERAL days ago in our daily links we includes two articles that used the term “commercial software” (to mean proprietary software). Both cited Synopsys. It is amazing that even in 2015 there are some capable of making this error, maybe intentionally. Commercial software just means software that is used commercially. A lot of it is Free/Open Source software (the corporate media prefers the term “Open Source” to avoid discussion about the F word, “freedom”).

“Commercial software just means software that is used commercially.”Yesterday we found yet another headline which repeats the same formula (as if they all received the same memo), calling proprietary software “commercial software”, thereby reinforcing the false dichotomy and the stigma of Free software. “Looking at our Java defect density data through the lens of OWASP Top 10,” says Synopsys, “we observe that commercial software is significantly more secure than open source software.”

Another article from yesterday reminded us that Free software takes security very seriously and top/leading Free software projects are widely regarded (even by Coverity) as more secure than proprietary counterparts. Oddly enough, Synopsys links to a “Coverity Scan Open Source Report 2014″, not 2015, and the report is behind walled gardens, so it is hard to check if these headlines tell the whole story or just part of it. The analysis itself is done by proprietary software, whose methods are basically a secret. Go figure…

We recently saw some very gross distortions where security issues in proprietary software got framed as a Free software issues. As we have repeatedly demonstrated and stressed over the past years and a half, there seems to be a campaign of FUD, ‘branding’, and logos (the latest being targeted at Android/MMS) whose goal is to create or cement a damaging stereotype while always ignoring back doors and even front doors in proprietary software (now out in the open because of the British Prime Minister and the ringleader of the FBI).

07.25.15

Vista 10 (Windows 10) Has NSA Back Doors and Front Doors

Posted in Microsoft, Security, Vista 10, Windows at 2:19 pm by Dr. Roy Schestowitz

Michael S. Rogers
“I don’t want a back door. I want a front door.” — Director of the National Security Agency (NSA), April 2015

Summary: Vista 10 to bring new ways for spies (and other crackers) to remotely access people’s computers and remotely modify the binary files on them (via Windows Update, which for most people cannot be disabled)

MICROSOFT never cared about security. A former Windows manager, Brian Valentine, said explicitly that Microsoft products “just aren’t engineered for security.” Last year we also showed how back in the 1990s Bill Gates and his staff had already collaborated quite intimately with the NSA, well before Snowden’s NSA and GCHQ leaks helped confirm this (with hard evidence and subsequently media reports).

The Apache Software Foundation (ASF), which is unfortunately headed by a guy from Microsoft, is going into bed with the NSA right now, despite the negative publicity that may accompany/come with such a move. Microsoft, much to our surprise, is still working with the NSA on Windows, and it does this also for Vista 10. One new article about Microsoft’s purchase of an Israeli (i.e. spy-friendly as we explained says ago) company says that “[a] big reason for this is the company’s collaboration with the National Security Agency (NSA).”

“Yes, Microsoft still keeps the NSA in the picture.”Microsoft is still thinking that enough people foolishly believe NSA collaboration is ‘for security’ rather than for ‘national security’, i.e. back doors. A Windows-powered site reminded us some days ago that NSA “worked with Microsoft on security aspects of the Windows 7 operating system and later for Windows 8 and 10.”

Yes, Microsoft still keeps the NSA in the picture. This actually surprised us because it’s a PR disaster. Why does Microsoft still want to be seen working in cahoots/collusion with the NSA? In proprietary software, back doors or “national security”, i.e. not real security, are the cause of many costly issues. Software is designed to be penetrable rather than secure. Is there anyone who still honestly thinks that Vista 10 won’t have back doors? Microsoft never stopped its relationship with the NSA and it is obviously still working with the NSA, despite knowing the negative publicity this can bring. A Darwin Award goes out to anyone who still thinks that Microsoft is not helping the NSA exploit its software (because “national security” and other such excuses), despite the Snowden-provided documents that show exactly that.

Earlier today the developer of GNU Telephony wrote that at Microsoft “they created the perfect environment for such demands to be met, forced updates is a front door for govt malware and spying” [and indeed, as The Register revealed last week, they had even removed the ability to stop/block these updates in most “editions”. Over ten years ago it was reported on the Web that even when you toggle off automatic updates Microsoft still does it.]

Looking back at news only a few days old, HP has reported 4 new vulnerabilities in Internet Explorer, and not for the first time. To quote IDG: “HP’s Zero Day Initiative (ZDI) doesn’t cut much slack with its 120-day disclosure policy. When ZDI knocks on your door and says you have a security hole, you get 120 days to fix it or risk full public disclosure. That’s what happened — again. With ZDI and Microsoft — again. Over Internet Explorer — again.”

“The only way to avoid MSIE is to ditch Windows since it is built-in and impossible to remove” iophk said to us. Will Hill wrote: “There are still vendor supplied IE6 specific software that will not work outside of IE. One of my vendors at work told me one of their pieces of software might work with IE8 but no other browser, including the IE 11 that Microsoft had shoved onto most of the computers. This just highlights the fact that vendors who use Microsoft don’t care about their customers and that Microsoft does not care about anyone.”

“In proprietary software, back doors or “national security”, i.e. not real security, are the cause of many costly issues.”Going only 3 days back, there is this news that Hacking Team helps governments take over Microsoft Windows through back/bug doors, exploiting fonts. “Unpatched systems,” wrote Paul Hill, “can be affected if the user opens a document of webpage that contains an embedded OpenType font file. As the font drivers in Microsoft systems runs in kernel mode it means that an attacker could gain access to the entire system with the ability to add and remove programs and create new user accounts with admin privileges.”

Windows recently suffered from other font-related holes, and not for the first time, either. It’s an easy access point for the NSA into Windows (Microsoft tells the NSA before patching such holes). All versions of Windows are vulnerable and they have all been found vulnerable (without fixes) for decades.

What will the world look like after this back doors ‘leader’ and ‘champion’, Microsoft, is gone for good? Well, we need to ensure that NSA partners like Red Hat [1, 2, 3, 4, 5] don’t compromise GNU/Linux, too. Social engineering, bribes, blackmail, anonymous patches, etc. are the classic tricks of this trade.

07.23.15

Spinning Proprietary Software Dangers as Dangers of Free/Libre Software

Posted in Deception, FUD, GPL, Microsoft, Security at 10:19 am by Dr. Roy Schestowitz

The “legally-binding” and “transparency” conundrums grossly distorted

Vintage marriage license

Summary: News sites mislead their readers, teaching them that the biggest dangers associated with proprietary software are in fact problems exclusive to Free/libre Open Source software

FOR Microsoft to ever pretend to care about security would basically mean to lie, blatantly. Microsoft works hand in glove with the NSA and it has, on numerous occasions, admitted that true security isn’t the goal. Its actions too show this repeatedly. Known flaws -- or holes, or bug doors, or whatever one frames them as -- are not being patched unless the public finds out about them.

In order to bolster security perceptions and to give an illusion that Microsoft actually cares about security and invests in security, the company has just hired some staff in Israel (acquisition is one other way to frame this). The media calls it “security provider”, but given Israel’s record on back doors, cracking (e.g. Stuxnet development), wiretapping etc. this is rather laughable. A lot of Microsoft’s so-called ‘security’ products are made in Israel, and some companies in this military-driven industry facilitate and cater for spies using back doors, usually under the guise of ‘security’ (they mean “national security”). We wrote about this in past years.

“This proves that security through obscurity is a myth that merely encourages people to rely on poorly implemented programs with shoddy security, whereupon developers choose to hide the ugliness of the code.”We were rather disturbed to see this bizarre article yesterday. Titled “Hackers targeting .NET shows the growing pains of open source security”, the article is a big lie. The headline is definitely a lie. .NET is PROPRIETARY (still), it has holes in it, and some fool tries to use it to call Free/libre software “not secure”. Let’s assume for a second that .NET code becoming visible to the world exposes many holes, indeed. It proves exactly the opposite of what the headline says then. If anything, it shows that Microsoft keeping the code secret assured low quality code and bred vulnerable code. Once shown to the world, these holes are being exploited. This proves that security through obscurity is a myth that merely encourages people to rely on poorly implemented programs with shoddy security, whereupon developers choose to hide the ugliness of the code. A lot of the claims from the article come from a FOSS foe, Trend Micro, but they can be framed correctly to state that, if anything, a public audit of .NET now shows just how terrible proprietary software can be, having never been subjected to outside scrutiny.

In other disturbing headlines we find another inversion of the truth. The Business Software Alliance (BSA), or the EULA police, has done a lot to show how dangerous proprietary software licences can be. Nevertheless, Slashdot with its pro-Microsoft slant as of late [1, 2] gives a platform to Christopher Allan Webber.

“Is this another false “I really like the GPL except” post,” asked us a reader. To quote the author: “The fastest way to develop software which locks down users for maximum monetary extraction is to use free software as a base” (oh, yes, those greedy Free software developers!)

The article has a misleading/provocative headline (hence we provide no direct link) and Bruce Perens, who had already accused Black Duck of FUD against the GPL (“I think it’s 100% B.S.,” he said three years ago), responded to the piece by stating:

I help GPL violators clean up their act, it’s my main business.

Every one has had a total lack of due diligence. I will come in and find that they have violated the licenses of 21 proprietary software companies (this is a real customer example) by integrating their code into their main product, just like the GPL code. Some of them only had an “evaluation” license, some not even that, some wildly violated the terms of any license they got.

Most of them are in silicon valley. They seem to have the attitude that they will clean up their legal problems when they’re rich, and nothing but getting their product out of the door matters until then.

They don’t ask me to feel sorry for them. I bill them a lot, and in the end, they’re clean and legal.

When it comes to legal risk and licensing, nothing beats proprietary software. It’s risky, it’s expensive (lock-in makes the exit barriers considerably higher), and it is very hard to obey or comply with, especially when you are low on staff and funds (must renew licences all the time). Contrariwise, it is very easy to comply with copyleft; there is no renewal work required and no renewal fees. All one is required to do is to maintain the copyleft of the code used. The rules are very simple.

07.17.15

Rackspace Joins Hands With NSA’s PRISM Pioneer, Cannot be Trusted for Security Anymore

Posted in GNU/Linux, Microsoft, Security, Servers at 5:46 am by Dr. Roy Schestowitz

Not the Rackspace we once knew…

Rackspace

Summary: Rackspace adds proprietary spyware to its premises, hence reducing confidence in its ability to secure whatever is on the racks (security or perceived security severely compromised)

OVER the past few months I have confronted Rackspace on numerous occasions because they were promoting (even by mass-mailing without consent) proprietary software. This was done repeatedly, even after I had asked them to stop and they said they took action. That’s really quite a shame because Rackspace’s patent policy is commendable and their support team is quite technically-competent. The PATRIOT Act was always quite a problem (they’re subjected to secret warrants and cannot notify customers), but nevertheless, they had a good track record. They throw it all away now.

According to this article, Rackspace, which was traditionally about GNU/Linux, has climbed up Microsoft’s bed. Rackspace says: “We’re pleased to expand our relationship with Microsoft and the options we provide for our customers by offering Fanatical Support for Azure”. The company is based in 1 Fanatical Place, which probably explains the name. Reading further down the article we learn about “Rackspace’s Private Cloud that will be powered by Microsoft’s cloud platform Azure.” They must be out of their minds!

Rackspace makes a laughing stock of itself. What a dumb move.

Rackspace ought to know better, for no deployment on Windows in its datacentre can ever do any good. It is a threat to other guests and hyper-visors, even down to hardware. UEFI, promoted by the NSA’s leading partner, is targeted by Hacking Team and Microsoft Windows too is a target. To make matters worse, Microsoft is now leaving almost 200 million useds [sic] exposed. As The Register has just put it, “Windows XP holdouts are even more danger than ever after Microsoft abandoned anti-malware support for the ancient platform.

“Redmond overnight stopped providing XP support for new and existing installs of its Security Essentials package.”

“Rackspace’s business has back doors in it.”NSA surveillance of Windows is ever more trivial, not just because Microsoft constantly tells the NSA how to crack Windows (before patching flaws). The threat of Windows is contagious because it can spread to other platforms that share the same datacentre, network, and hardware. The weakest links are being targeted ti gain entry. Recall Pedro Hernandez with his Azure marketing (trying to convince GNU/Linux users to host with Microsoft) — shameless marketing which was soon followed by other sites (promoted by Microsoft-centric sites, some of which receive money from Microsoft, but alas, this was also noted by pro-Linux writers at Softpedia News). Any datacentre which gets ‘contaminated’ with Windows is no longer trustworthy; it should be deemed insecure because Microsoft deliberately adds flaws (back doors) to Windows. There are numerous technical reasons for this and we have covered them before. UKFast, for example, a large UK-based host, once told me (I spoke to the CTO) that they use Hyper-V (proprietary and Windows) to host GNU/Linux. This right there is a back door and I have confronted them over this. They never came up with a response that inspired any confidence.

Microsoft is now trying to make Apache software Windows- and Azure-tied, as British media now serves to remind us, and there is new additional bait to attract gullible people.

Don’t ever think that Windows can be contained or compartmentalised ‘away’ from Free software. Once a company starts to mix proprietary software with GNU/Linux (e.g. Hyper-V or VMware, which is connected to RSA) security is evidently lost. Security audits are impossible. Novell made some initial steps in this direction back in 2006 and now we have Rackspace. The company cannot be trusted anymore. Rackspace’s business has back doors in it.

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts