EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.03.14

GnuTLS Picked on by Firm of Microsoft’s ‘Former’ Security Chief, FUD Ensues Everywhere

Posted in Deception, Free/Libre Software, GNU/Linux, Microsoft, Security at 11:15 am by Dr. Roy Schestowitz

Telecommunication

Summary: Codenomicon (where the ‘former’ Chief Security Officer for Microsoft is now the Chairman of the Board) is back to smearing FOSS projects whilst ignoring back doors in proprietary software such as Apple and Microsoft operating systems

SO-CALLED ‘SECURITY’ firms should spend more time finding flaws in secret (and most likely broken-by-design) encryption, such as the nefarious NSA stuff in Microsoft software. If they cannot gain access to the code (never mind the build process), then they should assume it to be insecure, by default. NSA is all over proprietary software, but it hides behind secret deals and arrangements with a blanket of NDAs (PRISM for instance). There is a lot of stuff in secret code which is designed to subvert encryption; we already have evidence of it, thanks to Edward Snowden.

Earlier this year we saw some FUD thrown at GnuTLS [1, 2], despite the fact that — or because — flaws had already been patched. That’s what makes Free software so powerful; fixes are almost immediate.

Then there was the whole “Heartbleed” hype [1, 2, 3], which came from Codenomicon, a firm headed by Microsoft’s ‘former’ chief (who also has FBI history and probably knows how the FBI and Microsoft created their now-infamous back doors). The whole thing stinks very badly and we have already explained why.

Now there is this new attack on the reputation of GnuTLS. Guess who’s behind it? Here’s a quote: “Codenomicon, which found the Heartbleed flaw, discovered another SSL flaw, this time in the open-source GnuTLS library. GnuTLS is part of many Linux distros.

“Security firm Codenomicon has found a new Secure Sockets Layer (SSL) flaw in the GnuTLS open-source cryptographic library. Codenomicon rose to notoriety in April as the security firm that found and branded the Heartbleed flaw in the open-source OpenSSL cryptographic library.”

Codenomicon did not discover it. It was the opportunist. The flaw was discovered by another company (a person in Google), but Codenomicon marketed the flaw, hyped it all up (later bragging about the business it brought), and then disclosed it prematurely and irresponsibly, before all sorts of crucial sites had been patched. Codenomicon is a nasty Trojan horse in the security world and it has an agenda. As we showed before, Codenomicon is also a Microsoft partner, never mind the staff’s high-level connections to Microsoft.

The GnuTLS flaw which Codenomicon speaks about is already patched [1] and a Red Hat employee explains why — if anything (contrary to media reports [2]) — this demonstrates the advantage of Free software [3].

In other security news, the proprietary TrueCrypt is seemingly under some kind of fight from the outside (or infighting). Nobody seems to know for sure what’s going on there yet [4] (maybe a split among the developers or some coverup), but theories with supportive evidence get posted [5]. GNU/Linux distros drop TrueCrypt [6] as soon as possible. The Linux Foundation is still focused on OpenSSL [7,8] these days.

It should be noted that the likely cause for issues in TrueCrypt is US government overreach (back doors or request for back doors). These days, making encryption that works is seen like some kind of crime as if it directly facilitates crime [9]. It’s possible that a move to some place like Switzerland will help dodge these issues. Red Hat too should move to some place like Switzerland, for several reasons we wrote about before (security, not just software patents and trolls).

Finally, in some other security news, notice how Apple is deviating further away from standards [10,11] whilst attacking a Free/Open Source operating system (Android) over “security”, as if Apple with PRISM and back doors is somehow more secure than Android. How does Apple do all this? Well, citing some gossip bloggers from the CBS-owned tabloid ZDNet (CBS is paid by Apple), the CEO of Apple had this to say:

To illustrate his point, he quoted the title of a recent article by ZDNet’s Adrian Kingsley-Hughes, a self-described “big fan of Android.”

The article’s title? “Android fragmentation turning devices into a toxic hellstew of vulnerabilities” – and Cook’s slide of that quote added animated flames to the word “hellstew.”

Wait a second, Mr. Cook. Your operating system (core) has back doors which Apple designed and bragged about, never mind the NSA and PRISM. These back doors are now misused by non-government crackers. How can Cook claim security advantage with a straight face? The British press (above) ought to have pointed out these issues.

Speaking of British press, watch the Microsoft-controlled BBC spreading some FUD without naming Microsoft, even though only Microsoft is the culprit. One has to read many paragraphs before reaching the part where it says: “If your computer does not run Windows, stop right here. This does not affect you – but other problems might, so always keep your antivirus up to date.”

GNU/Linux does not require antivirus, unless it’s a server that serves files to Windows clients. But never mind all that, the BBC supports the antivirus myth (some antivirus companies do the same to Android), pretending that all platforms are not secure. The fact that this is a Microsoft-only problem should have been stated in the headline, but it’s not. Therein lies the typical bias of the BBC and some other Bill Gates- and/or Microsoft-funded press (BBC is funded by both). Microsoft is simply not being mentioned when there are Microsoft-only security problems, only when there is good news (promotion).

Watch out for FUD; lots of it exists, but it’s well concealed. A lot of it is bias by omission or bias by emphasis/selectivity.

Related/contextual items from the news:

  1. GnuTLS Vulnerability Closed in Ubuntu 14.04 LTS
  2. GnuTLS bug exposes Linux clients to server attacks

    The maintainers of GnuTLS, a secure communications library used in Red Hat, Ubuntu other Linux distributions, have released fixes for a critical bug affecting the client-side of the software.

  3. Just a thought

    I don’t fear the bugs that get fixed (in OpenSSL and now GnuTLS) in an open, transparent way we open source people do. I fear the bugs in proprietary stuff where I can never be sure if they get fixed and how. 

  4. TrueCrypt’s Mysterious Vanishing Act
  5. TrueCrypt warrant canary confirmed?

    Looking at the sudden new content on the TrueCrypt site, the most plausible explanation for me was that it was an attempt to tip people off that they had been tracked down and sent a National Security Letter, without actually breaking the law. Why else would they advocate using Apple’s disk encryption with no encryption selected? Why else would they advocate use of software from Microsoft, who we know cannot be trusted? It smelled like a warrant canary.

  6. Replace TrueCrypt

    Due to various concerns, TrueCrypt is about to be replaced in Tails, either by tcplay or cryptsetup.

  7. Announcing Rapid Progress on Core Infrastructure Initiative

    A month ago we announced the Core Infrastructure Initiative, a project to help fund critical open source projects that we all rely upon but that are in need of support. We moved quickly to organize the initiative and the industry reaction was swift and enthusiastic. I am proud to report on significant progress that I believe matches the quality of the reaction to the formation of the project.

  8. Linux Foundation will save OpenSSL with a little help from its friends
  9. US cybercrime laws being used to target security researchers

    Some of the world’s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure, amid fears American computer hacking laws are perversely making the web less safe to surf.

    Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have wielded it aggressively at anyone looking for vulnerabilities in the internet, criminalising work that’s largely benign.

  10. Apple Announces A New 3D API, OpenGL Competitor: Metal

    At Apple’s WWDC conference today they have just unveiled Metal, a new 3D graphics API to compete with OpenGL.

  11. Apple’s new Swift coding language hopes to lock down errors

05.31.14

TrueCrypt Too Proprietary to be Secure and Corporate Media Should Stop Blaming Free/Open Source Software (FOSS)

Posted in Free/Libre Software, Security at 4:36 am by Dr. Roy Schestowitz

TrueCrypt was never worth trusting in the first place

Telecommunication

Summary: Analysis of the whole TrueCrypt fiasco and response to the blaming of FOSS (where the licences are clearly not FOSS)

PROPRIETARY software should be assumed insecure by design, as it often contains back doors and one simply cannot prove otherwise. Based on experience alone, a lot of proprietary software comes with back doors, sometimes accidentally but not always. A lot has been written about this before, both here and elsewhere, so we are not going to write so much on this subject. Instead we wish to focus on the news that TrueCrypt development is moving to Switzerland (the first article we found about this is [1] and there is also some analysis [2]). The PATRIOT Act comes to mind and also the experiences of secure mail services in the United States, including Edward Snowden’s E-mail provider. When Groklaw shut down, citing concerns over NSA spying, it recommended that people adopt Kolab, which is based in Switzerland. It should be emphasised that Switzerland harbours privacy not because of humanitarian interests but because of national interests. For domestic prosperity it facilitates international crime (tax evasion from all nations) and wishes to guard the criminals.

The problems with TrueCrypt are not new to us; I very much predicted what the news insinuates and I had received flack for saying so. TrueCrypt has been thoroughly and even successfully openwashed based on some odd kind of marketing angle; those close to the project know better how it works and if an audit which is not transparent is needed for TrueCrypt, then we should quickly realise that the build process and some components are wrapped in a riddle/mystery. The very core of the problem, including its build process, are very crucial. The announcement from TrueCrypt was as vague — not transparent — as the project itself.

Now it is widely known that TrueCrypt gave an illusion of privacy, which is in many ways worse than having no privacy at all because there is impact on users’ behaviour. We may never know how many people have gone to jail or were killed because of TrueCrypt’s false promise.

FOSS-hostile sites try to spin that as an issue with FOSS even though it’s not FOSS. One source states: “The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world–after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai’i.”

Snowden uses Debian GNU/Linux (Tails) and the main reporter he worked with, Glenn Greenwald, only recently dumped Microsoft Windows and moved to GNU/Linux.

There has been a lot more coverage about it [1, 2], including the usual scaremongering by Mr. Goodin, who wrote about it not once but twice, saying: “One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn’t safe to use.”

Goodin’s colleague wrote about it as well. They are really milking this cow and the best known CIA-linked news site asked: “Is this the end of popular encryption tool TrueCrypt?”

The plutocrats’ press, Forbes, called it “Open Source” (in the headline), so it can’t even get its basic facts right:

Over the past 24 hours the website for TrueCrypt (a very widely used encryption solution) was updated with a rather unusually styled message stating that TrueCrypt is “considered harmful” and should not be used. If you have not come across TrueCrypt and why it has become so popular see the below section ‘why do people use TrueCrypt’.

Better coverage came from the expected sources, not playing to the tune of FOSS smears (TrueCrypt is proprietary).

Knowing that Microsoft is an NSA partner, Gordon in our IRC channels felt baffled because TrueCrypt is “now recommending bitlocker for windows”, to which Ryan replied: “Proprietary encryption from Microsoft that was designed in partnership with the NSA…”

Microsoft is talking to British police about encryption. When I wrote about this nearly a decade ago Microsoft staff were using personal insults against me, only later (much later) to realise that I was right. Sean Michael Kerner calls TrueCrypt “Open-Source” (with a dash) when he writes: “The other challenge facing TrueCrypt is the simple fact that there are many other disk-encryption technologies now available. On Microsoft’s Windows operating system in particular, which was a key target platform for TrueCrypt, versions of Windows after Windows XP include support for Bitlocker, which performs a similar function. In addition, there are multiple file-encryption technologies available, including, FileVault for Mac, DiskCryptor for Windows and Luks for Linux.”

Proprietary operating systems are not compatible with encryption for the same reason that proprietary hypervisors are not. If the NSA can infiltrate the lower layer (e.g. VM host, OS, BIOS) through back doors, then the rest (what’s above) is almost automatically compromised. No sane developer would recommend anything that’s proprietary for security and privacy. Don’t forget Microsoft's COFEE and CIPAV. Microsoft is very much in bed with spooks and police. Microsoft is an informant without conciousness. Privacy in Windows is not a goal; the contrary is true. One Linux/BSD site thinks that TrueCrypt is now “dead” and there is the following statement about the software licence:

Based on the wording of its license, there was always a question mark surrounding the open source-ness of Truecrypt. But that’s not the topic of this brief article. What prompted me to write this is an article that appeared in the Washington Post suggesting that TrueCrypt may have seen its last days as an (“open source”) software project.

Just remember that TrueCrypt is not FOSS.

There is another project whose software licence was blamed for lack of participation and oversight. The OSI’s President blamed the licence. That project was OpenSSL, which is now scrambling to get some more money. The Economist makes FUD out of it while other sites take a more objective approach [4-15]. Remember this: if the project is not quite as open or free as it wants people to believe, then it might not be worth trusting. We never trusted TrueCrypt.

Related/contextual items from the news:

  1. TrueCrypt Not Dead, Forked and Relocated to Switzerland

    The development of TrueCrypt, an open source piece of software used for on-the-fly encryption, has been terminated and users have been advised not to use it because it is not secure enough. Now, it seems that another team of developers have forked the software and rebased it in Switzerland.

  2. Death (?) And Rebirth!
  3. TrueCrypt, An Open-Source Whole-Disk Encryption System, Leaves Users High And Dry
  4. Tough Love for the Encryption Software That Was Compromised by Heartbleed
  5. CII announces 2 full-time devs and a security audit for OpenSSL
  6. Heartbleed: Linux Foundation hires dynamic duo to fix OpenSSL
  7. Linux Foundation throws money at OpenSSL staffing post-Heartbleed
  8. The Linux Foundation’s Core Infrastructure Initiative Announces New Backers, First Projects to Receive Support and Advisory Board Members

    The Core Infrastructure Initiative (CII), a project hosted by The Linux Foundation that enables technology companies, industry stakeholders and esteemed developers to collaboratively identify and fund open source projects that are in need of assistance, today announced five new backers, the first projects to receive funding from the Initiative and the Advisory Board members who will help identify critical infrastructure projects most in need of support.

  9. The Linux Foundation Assigns Two Full-Time Developers to Work on OpenSSL
  10. LF Announces New Backers, Projects For Core Infrastructure
  11. Linux Foundation adds more Internet protocols to its protection list
  12. Everyone uses OpenSSL, but nobody’s willing to fix it — except the Linux Foundation
  13. Linux Foundation flings two full-time developers at OpenSSL

    The Linux Foundation’s new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software.

    The Linux Foundation announced on Thursday that members of the “Core Infrastructure Initiative” (CII) will dedicate resources to working on the Network Time Protocol, OpenSSH, and OpenSSL to hunt down and fix flaws in the tech that helps tie the internet together.

    “All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today’s global information infrastructure,” said Jim Zemlin, the executive director of the Linux Foundation.

  14. Corporations put their cash where their open source security is

    OpenSSL and Open Crypto Audit Project are the first open source projects to receive funding from the Core Infrastructure Initiative.

  15. The Linux Foundation Draws Backers and Funds to Tackle Tech Problems

05.28.14

Apple Debacle a Timely Reminder That Any So-called ‘Kill Switch’ is a Dangerous Back Door

Posted in Apple, Security at 9:24 am by Dr. Roy Schestowitz

Summary: Smartphone kill switches, which by definition require remote control of systems, turn out to be Trojan horses that reduce security by facilitating crackers (not just government-sanctioned crackers)

AMID lots of advocacy and inane promotion of kill switches (claiming that they were “against theft”) we repeatedly called them back doors, which is technically what they are.

Now that “Apple”-branded phones get hijacked by crackers we are reminded that these back doors (incorporated by design) are nothing but trouble and for Apple iPhone ‘users’ who don’t know it yet, Snowden released evidence to show that iPhone (more than other phones) has NSA back doors. It’s no coincidence that Obama was barred from using iPhone. Back doors (and so-called “kill switches”) are now being exploited by crackers who try to use ransom for profit. Microsoft’s NSA back doors are equally problematic, but in this post we will focus just on Apple. As iPhones are being “frozen” by crackers demanding ransom we should again ask ourselves, is it really safe to let so-called ‘security’ agencies acquire back doors? Should anyone other than the physical user have access granted to the system and subsystems? These are the questions which motivated the Free Software Foundation to battle against DRM, proprietary software, and for privacy, freedom, etc.

According to the corporate press: “It appears that the hacker [sic] … has managed to exploit the Find My iPhone feature which can track and remotely lock stolen devices. Users have been told to send ransoms of between $50 and $100 Australian dollars (up to £55) to a PayPal account in order to have their devices unlocked.”

Watch CBS (which Apple pays) trying to relay the Apple ‘damage control’. Apple tells users to change passwords as if back doors can be circumvented by choice of passwords. Apple should apologise to (and compensate) users for helping to build back doors that are now falling into the hands of non-government crackers. The kill switch is the ultimate weapon against people whose phones have back doors. It’s not about thieves and security; it’s the ability to destroy/switch off phones at protests and other venues, of course in the interests of “national security”. So much for security, eh?

05.22.14

World’s Largest Population Heading Towards GNU/Linux Because Windows is Not Secure (NSA Trojan Horse)

Posted in Asia, GNU/Linux, Microsoft, Security at 11:18 am by Dr. Roy Schestowitz

Stallman in China
Stallman’s trip to China; image from stallman.org

Summary: Following espionage and other incidents of cracking against China the government decides to ban the latest Windows while encouraging the population to abandon Windows

An interesting but unsurprising report from Reuters revealed some fairly important news from China, whose government is saying no to Windows (latest version). This is even characterised as a ban. To quote one report: “The Chinese government has announced that its agencies will be forbidden from upgrading their ageing and end-of-life Windows XP systems to Windows 8.1, banning Microsoft’s latest operating system in the name of security.”

Vista 8 is banned not just because it is terrible but because it is a threat to national security [1, 2, 3, 4, 5, 6, 7, 8, 9]. This is a significant turning point which may lead other governments to pretty much the same policy.

This exodus oughtn’t be too shocking given some recent news from China about GNU/Linux. Richard Stallman visits the country these days (delivering talks and other such activities) while Chinese people are urged by their government to embrace GNU/Linux (there are calls for migration on national television). There is state support for these efforts. NSA-Microsoft ties, in addition to cracking against Huawei, may further contribute to this. Don’t be shocked if Bill Gates already books some plane tickets or prepares his private jet for a trip to China.

Vista 7 is a horrible mess too, no matter the hype Microsoft spent billions to produce. Watch what happened at Emory this past week. This was summarised by a pro-Windows sites that said “Whoops! Emory University server sent reformat request to all of its Windows 7 PCs” (link).

There was a fair deal of coverage about it. Neowin wrote:

Sometimes, there are incidents that take place that remind people who use PCs to back up their files on a regular basis. Such an event happened earlier this week at Emory University in Atlanta, where an “accident” resulted in a server sending out a reformat request to all of the Windows 7 PCs at the school, including the server that sent out the request itself.

How highly insecure. Remember that the NSA built back doors into Windows, so imagine what it can do with ‘features’ like the above, e.g. at times of war.

What such idiocy may cause for national security should teach everyone to abandon Windows immediately, especially in the public sector.

Germany is now introducing new procurement rules that take into account NSA espionage. It also forbade UEFI (on government computers), perhaps foreseeing the bricking of hardware remotely (yes, it enables rendering PCs “bricks” [1, 2]). Disregard the new spin and the hogwash from Linux Journal; it is written by Doran from Intel; it’s basically advertising of restricted boot, portraying it as benign while masquerading as an informative article. Intel and Microsoft must be desperate for some kind of new lock-in.

It is worth adding that Microsoft is far worse than Google when it comes to NSA connections, no matter what it’s extremely misleading attack ads say/insinuate. Here is a decent new blog post that says:

In the battle between office productivity vendors, Microsoft has long distanced itself from Google GOOGL +1.72% claiming that the fact that Google scans emails in order to deliver contextual advertising to customers is a data security breach. Never mind that the scanning was completely anonymized and digital – Microsoft leveraged the conspiracy theory that it was somehow a case of Google employees reading all of our email.

China already develops mobile operating systems that are based on Android/Linux (COS for example). These can help assure China’s national sovereignty. They deserve it.

05.17.14

Linux Flaw is Not a Back Door, Unlike Many Microsoft Flaws

Posted in GNU/Linux, Microsoft, Security at 11:51 am by Dr. Roy Schestowitz

Selective reporting to breed bias against the lesser issues

3-D text

Summary: New elements of FUD against GNU/Linux, ignoring much bigger issues that barely get covered at all

Since Microsoft is in bed with the NSA, many Microsoft flaws (with new ones added almost every month) are remotely exploitable and Microsoft does not even tell us about them all. It’s like a perpetual back door with the occasional change of keys.

Recently, a flaw that mostly affects shared GNU/Linux hosting was hyped up in Microsoft-connected sites by old FUD 'friends' who habitually do this. This was followed by some other coverage elsewhere, neglecting to say that the flaw is already widely patched. It was not even so severe. This was accompanied by a couple more FOSS-hostile articles in the British press, including one from a Microsoft propaganda site
citing, as usual, talking points from friends of Microsoft. There is a lot of FOSS-hostile propaganda these days, including this piece from InformationWeek that gets it wrong on many levels. This one example is a very crappy article framing it as a “religious” battle between “open source” and “commercial” as though these are opposites. Even Linux proponents like Susan Linton amplify these distracting reports, ignoring the elephant in the room, notably Microsoft. That’s where monstrous holes reside and prosper. Reporters should be pressured to investigate the real threats.

As many OEMs have found out (Sony being one of the latest), selling computers with back doors preinstalled is not a good business model [1, 2, 3]. It turns out that Microsoft not only gives a back door to the NSA but also the FBI (domestic), based on new leaks. To quote one report: “Microsoft worked to provide the FBI with court-ordered user data after the company began using encryption for customers who used Outlook, according to newly-released documents first leaked by Edward Snowden.

Here is more, which shows that not only Skype is affected. To quote: “Last July, Glenn Greenwald published a set of claims regarding a number of Microsoft services that were, especially at the time, unsettling: That Microsoft had helped the NSA “circumvent its encryption” relating to web chat on Outlook.com, that it had worked with the FBI to bring OneDrive (then called SkyDrive) into better fit with PRISM, and that government data collection from Skype had…”

It goes deeper than this, proving that people should wipe and freshly install operating systems they can trust on devices. Maybe the press focus on the elephant in this room. One site says “[s]oftware giant Microsoft has been left with questions to answer over its approach to the US National Security Agency’s (NSA) global internet surveillance programme after a new document was released implying that the NSA routinely collected data from the Microsoft cloud.” Microsoft facilitated this. It’s not an accident. But that’s not even the the bad part; it’s just the tip of the iceberg. The real problem is worse because Windows itself contains back doors and new ones are routinely added. It is not just about the so-called ‘cloud’.

05.13.14

Dan Goodin’s FUD Campaign Against GNU/Linux Security Just Never Ends

Posted in FUD, GNU/Linux, Microsoft, Security at 10:54 am by Dr. Roy Schestowitz

Don’t trust Ars Technica on software issues

Hannity banner

Summary: Dubious reporting and abject bias in a Web site that’s known for good reporting on matters of Internet law

THIS MAY not have been pointed out before, but Ars Technica, and especially its writer Dan Goodin, has spent the past year throwing FUD at GNU/Linux on a very regular basis. It’s all about security. That’s their angle. Ars Technica, which offers very poor journalism in some areas, deserves to know where it is going wrong so that it can improve.

Some of Ars Technica‘s staff has got to be very dishonest and biased to do what it sometimes does (not to generalise to all the staff). It doesn’t seem to be the fault of editors, perhaps the selecting (hiring) of writers. Here they have Microsoft Windows, which one of their writers advertises on an almost daily basis with no shame (Microsoft Peter) after another one did this (Microsoft Emil) and that’s not even taking into account the load of paid Microsoft advertising in the site. Ars Technica should know that Windows is a Swiss cheese of an operating system, with massive issues like Conficker and the NSA-developed Stuxnet (Microsoft helps the NSA get back doors in Windows). According to new reports like this one, “PCs running Windows 7 or Windows Vista have a higher chance of being infected with malware than Windows XP computers, according to Microsoft’s latest Security Intelligence Report.”

Vista 7 was advertised as being secure, but it has been a total sham when it comes to security, as we showed in dozens of posts. Vista 7 has NSA back doors, so it’s not surprising that it is not secure. It’s insecure by design. Don’t expect the Microsoft section of Ars Technica to say this. It’s just propagandistic.

Does Ars Technica criticise Microsoft Windows over security? Hardly. One of their writers, Dan Goodin, has seeded a lot of the past year’s hype about GNU/Linux ‘insecurity’, ranging from alarmist reports about GnuTLS [1, 2] to OpenSSL [1, 2, 3. Watch Mr. Goodin making another menacing headline out of a bugfix for code-execution flaw in Linux.

Only Mr. Goodin knows why he’s always picking on GNU/Linux, hardly ever discussing the elephant/s in the room. Our guess is, based on a long pattern of FUD, is that he’s on some kind of Jihad against GNU/Linux and Ars Technica happily facilitates it, just as Ars Technica facilitates utters lies by Microsoft propagandists whom it employed (never mind the paid advertising from Microsoft). It should be noted that even the person who covers FOSS most often at Ars Technica is a ‘former’ Microsoft booster, replacing one who was actually very good (Ryan Paul). Is Ars Technica hiring writers to match the sponsors (advertisers)?

05.11.14

Moves to Legalise Cracking (by Government) of Windows-running PCs

Posted in Microsoft, Security at 3:35 am by Dr. Roy Schestowitz

Microsoft Windows facilitates sabotage

Window

Summary: The US seeks to make legal what it already does illegally, which is infiltration of distant computer systems through back doors

AS we ought to have learned from Stuxnet, using Windows, which is maintained in collaboration between Microsoft and the NSA, is exposing oneself to remote intrusion at any time. There are back doors.

Based on this new report from IDG, the US “DOJ seeks new authority to hack and search remote computers” even though it is doing it already, usually through some of the other three-letter rogue agencies (which break the law, supposedly to uphold/enforce the law). To quote:

Digital rights groups say the request from the DOJ for authority to search computers outside the district where an investigation is based raises concerns about Internet security and Fourth Amendment protections against unreasonable searches and seizures.

This should be taken as a warning sign. Not only is the US cracking Windows PCs and sabotaging them through back doors, it is now seeking to further legitimise the practice, making it legal (after the act). Nations should gradually move towards Free software such as GNU/Linux. Back doors cannot be put inside Free software without being discovered.

04.29.14

Federal Government Warns About Microsoft Windows Back Doors

Posted in Security, Vista 8, Windows at 1:48 pm by Dr. Roy Schestowitz

Back door

Summary: Back door in all versions of Windows (for Internet Explorer has been embedded deep inside Windows to suppress browser competition) worries governments around the world, including those behind NSA and GCHQ

IT HAS long been known that Microsoft and the NSA work together and share information about back doors, voluntary or involuntary. Any government that still uses Windows is leaving itself vulnerable to espionage and sabotage like Stuxnet. It’s a strange mystery that many governments still have Windows in their networks. Technically it makes no sense and strategically it’s suicidal.

A few days ago we learned about a permanent back door in Windows XP. To quote one site: “Microsoft reported an alarming security flaw exposed by security farm FireEye, Inc. that affects all versions of Internet Explorer from 6 to 11. Though the newer versions of Windows operating systems will be patched in a couple of weeks, Windows XP users should be worried. Windows XP support was discontinued by Microsoft from April 8, 2014 and it is not going to get any more security patches.”

“Even when a flaw in OpenSSL was found and reported it had already been patched by all the major GNU/Linux distributions. It hadn’t yet been patched by Microsoft and Apple.”Feds are genuinely concerned about this based on the Canadian and the US corporate press, not just because Microsoft will leave Windows XP vulnerable but because at present every version of Windows is vulnerable and there is no fix. Since it’s proprietary software, nobody other than Microsoft can create a fix, either.

This latest back door shows that moving to GNU/Linux makes the most sense. Even when a flaw in OpenSSL was found and reported it had already been patched by all the major GNU/Linux distributions. It hadn’t yet been patched by Microsoft and Apple.

For those who think that Vista 8 (or 8.1) is going to offer some kind protection, mind this unfavourable new analysis. To quote just one bit: “Before shutting down, I manually told it to check for updates. It found one. The description says “Windows 8.1 Update”, and the accompanying text says the stuff about you must install this update to ensure that your computer can continue to receive future updates. So, was my HP updated or not? According to the test described by Microsoft, it was; but according to the Windows Update that is waiting to install, it was not.

“Which is correct? Beats me. How do you tell for sure? Beats me.”

Windows is a mess and this mess is filled with back doors. No government anywhere (not even the US government) should rely on it. The world is moving on and it’s time to move with it. GNU/Linux is the secure option.

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts