Summary: News about raids in Microsoft China mostly lacking when it comes to background, context, and information about Microsoft’s crimes in China
THE WORLD is moving away from Microsoft. It starts with countries like China, which makes its own hardware (as well as much of the world’s), and then there’s Russia, which abandoned x86 (Wintel) and will make its own chips on which only GNU/Linux will neatly fit. We covered all that earlier this year and it’s clearly not just rhetoric; these things are already happening as the wheels are in motion. Microsoft is desperate to keep up with the changes, but Wintel is like an order of magnitude more expensive than Linux with ARM. It’s game over. Android is dominating many areas, along with its derivatives or other Linux-based operating systems.
The other day there was plenty of press coverage (e.g. [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) about Microsoft being raided by Chinese authorities. “Chinese regulators swarm Microsoft offices over antitrust concerns,” said some headlines (focusing on competition issues, not back doors), but most reports were a lot more vague with claims [1, 2, 3] ranging from nationalism to concerns about Office tie-up. The plutocrats’ media tried to blame it on China and make the Chinese government look irrational (watch what Microsoft boosters say, another one that’s Gates-washing it, and ludicrous claims that “China steps up the arms race in the digital cold war”). The English-speaking Chinese press says that 4 Microsoft offices were visited in the raid. One summary says that “[r]egulators claim Office, Windows illegally tied” while mostly, instead of speaking about recent success stories with Linux, including Android, the article looks backwards and says: “While there have been several attempts to get Chinese punters to switch to Linux – including Red Flag Linux and the unimaginatively named China Operating System – none have been particularly successful at shaking off Windows’ dominance.”
Now, remember that Microsoft was raided in other countries before (e.g. Hungary) and in 2013 the “US probe[d] Microsoft China bribery claim”, as we covered at the time. There is a criminal element to Microsoft’s conduct in China. One of our readers asked, “pressing for more bribes, discounts and backdoors?” Watch China demonised in Western media for protecting itself from espionage (terms like “Microsoft Chinese burn riddle” don’t help).
As Charlie Demerjian reminded us a short while ago, Microsoft is now extorting Windows users:
Microsoft decided to extort Windows 7 users too
Not content to blow both feet off with a shotgun, Microsoft is going for the kneecaps now by blackmailing it’s customers. If you are still dumb enough to use Windows, you are about have your wallet shaken down by Microsoft in a familiar yet still unwelcome way.
We don’t feel the need to sugarcoat this much because the company’s behavior is so blatant and uncaring it is almost staggering. Worse yet the victims, that would be almost all Windows users, have only themselves to blame because the pattern has been well laid out for years now. Microsoft has been unapologetically blackmailing users for years, anyone who bought one of their products in the last few years should have known better.
China has an issue like this; even in the UK the NHS has faced similar issues and is constantly being pressured by Microsoft, as we showed some weeks ago. Office (online) and Windows (the platform for Office on the desktop) are both banned by the Chinese government now.
Leading Chinese media, the New York Times (trend-setting in the US) and BBC (trend-setting in the UK) covered this and have ended coverage by now, so we saw no urgency to point out the news immediately (unlike some bloggers), only to add some background information which has been omitted by the media. A year after Microsoft came under investigation in the US (over allegations that had bribed Chinese officials) it got a visit from Feds, so what is the likelihood that these raids are at least partly related to criminal activity? Microsoft bribery in China is nothing new; it’s how Microsoft does business and the investigation dealt with numerous countries in which Microsoft was alleged to have bribed officials. The BBC says:
Microsoft has confirmed that officials from China’s State Administration for Industry and Commerce – the body responsible for enforcing business laws – have visited some of its offices.
It sounds like bribes would fall under this category. This comes amid shrinkage of Microsoft’s presence in China:
Microsoft Corp’s biggest reduction in company history could cost China more than 1,000 jobs, analysts warned on Friday.
Apple too is laying off employees, 200 people in fact, so let’s not treat Microsoft alone as the problem. Moreover, based on today’s (and yesterday’s) news [1-7], Russia may be close to banning or kicking out Apple and SAP, due to the fact that their software is secret (proprietary) and thus cannot be trusted. █
Related/contextual items from the news:
Russia has suggested that IT-giants Apple and SAP disclose their source codes to Russian state specialists in order to clear up information security issues after the chain of spy scandals undermined trust in foreign products.
Russia has made a bold request for both Apple and SAP’s source code to make sure that neither company’s software contains any sort of spy tools.
To ensure that SAP and Apple products aren’t vulnerable to spying, Russia suggested last Tuesday that the companies give Russia access to their source code, Reuters reports.
Send this to a friend
Built with elegance, concealed with compilers
Summary: Recalling the times when even Microsoft staff spoke about secret government collaborations and back doors
China and Russia are currently moving away from Windows (GNU/Linux to be imminently installed on all government machines) — a point which we are going to focus on later today because truths about security and privacy rapidly come out, revealing the clear advantage of Free — as in freedom/libre — software. China and Russia must be motivated by advice of security gurus (of which they have plenty) and the secret services; it’s not about anti-American sentiments but about national sovereignty, especially now that we know about espionage and attacks on companies like Huawei (breached by the NSA, with proof provided).
On numerous occasions in the past we highlighted Microsoft’s relationship with the NSA, going about 7 years back. Many of Microsoft’s back doors are there by design; they need not involve slow patches, hidden patches, malware (e.g. CIPAV) or even warrants for physical access (COFFE). Microsoft is like the world’s leading back doors specialist, and it needn’t even require that people upload their data to some so-called ‘cloud’ services which tempt the gullible (low-hanging fruit). Surely Microsoft understands that it is losing business because people understand what it does now; it’s not due to misconceptions; quite the contrary; businesses and governments finally realise what was true all along. Remember Stuxnet?
Microsoft’s Scott Charney, a professional liar with agenda and big salary (people would happy lie for the type of money he receives), is trying hard along with Smith (lawyer who lies or deceives by omission) to deny Microsoft book doors, but as the following new article explains, the admissions from Microsoft itself are already out there and they cannot be retracted:
Scott Charney, of Microsoft’s Trustworthy Computing, said the government has “never” asked for a backdoor in Microsoft products. Yet a former engineer working on BitLocker claimed the government does ask, but those requests are “informal.”
Four of Microsoft offices in Beijing, Shanghai, Guangzhou and Chengdu, China, were raided as part of an official government investigation. Microsoft China spokeswoman Joan Li confirmed that Investigators of the State Administration for Industry and Commerce were investigating the company and Microsoft would “actively cooperate”’ with the Chinese government. The South China Morning Post reported that the investigation may involve antitrust matters.
Yet in September 2013, The New York Times reported the NSA worked with Microsoft “officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service. Microsoft asserted that it had merely complied with ‘lawful demands’ of the government, and in some cases, the collaboration was clearly coerced.”
Mashable followed up these claims by asking the FBI if it had ever asked for backdoors in Microsoft products. Although the feds denied it, Peter Biddle, the head of the engineering team working on BitLocker in 2005, claimed that the government makes “informal requests” for backdoors. Allegedly after making claims about “going dark,” the FBI “informally” asked Microsoft for a backdoor in BitLocker.
A request for a backdoor, whether informal or not, is still a request for a backdoor. That’s quite a bit different than the government having “never done that,” but perhaps the feds didn’t request backdoor access directly from Charney?
Over the years we have covered several more examples. Whenever Microsoft makes claims about collaborations with government surveillance pay careful attention not to what Microsoft is saying but what Microsoft refuses to say. The same goes for Apple. They embrace carefully-worded non-denying ‘denials’. When everyone sees through the lies they will both pay for it dearly, and perhaps go bankrupt owing to the network effect. █
Send this to a friend
Summary: The vulnerabilities which Microsoft tells the NSA about (before these are patched) are significantly growing in terms of their numbers
NOT ONLY Apple should be in the headlines for its back doors, which Apple is hardly denying. Apple admits putting them in there, but is being evasive about the motives. What about Microsoft? Why is the press not covering Microsoft back doors, as confirmed last year?
The other day we found this report [via] about “Internet Explorer vulnerabilities increas[ing] 100%” (year-to-year):
Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.
Here is more on the subject:
The report summarises public vulnerabilities and exploit trends that the firm observed in the first six months of 2014 and found that Microsoft’s web browser set a record high for reported vulnerabilities in the first half of 2014 while also “leading in publicly reported exploits”.
Remember that Microsoft tells the NSA about these vulnerabilities before they are patched. Perhaps the media should stop focusing only on Apple’s back doors. █
Send this to a friend
Summary: The biasing strategy which continues to be used to demonise Free/Open Source software (FOSS) along with some new examples
SEVERAL days ago several people told us about this article from Matt Asay. Ignoring the issues with proprietary software (EULAs, back doors, etc.) the article makes the bizarre claim that “we’re living in a post-open source world”, as if Free/libre software does not matter anymore. One reader told us that Asay had been “trolling for Black Duck“. Well, looking at the licensing strategy of Asay’s current employer, this position is easy to explain.
Unfortunately, however, the problem is this case is what Red Hat staff called “Asayroll” (troll) and we often call Mac Asay (he does not use FOSS himself). He used to be a fan of the GPL but then turned against it. Black Duck is just one among several data points he uses to bash the GPL now. Other data points (at least two) were partly Microsoft-funded as well; they’re good at hiding it. It’s information war, striving to change perception and kill the GPL with words.
It is not a surprise that Asay attacks the GPL and this is actually IDG’s second article in just about a week which attacks the GPL, citing Microsoft-connected entities. They must be terribly afraid of copyleft, or maybe their clients (like Microsoft) are doing lip service.
In other FUD, Dan Goodin with his provocative images continues to attack FOSS security, focusing all his attention on bugs in FOSS rather than back doors in proprietary software. “Researcher uncovers “catastrophic failure” in random number generation,” he says. Well, actually, in LibreSSL there is much better randomness than in Intel’s hardware-’accelerated’ RNGs (which are likely facilitating back doors by keeping entropy low) and proprietary software, which uses weak (by design) encryption. “Dan is the Security Editor at Ars Technica,” says the site, which really says a lot about where Condé Nasty (owner of Ars Technica) stands on security. It only trash-talks FOSS and GNU/Linux. This is systematic bias, usually by omission.
In more relevant news, watch the article “Embedded Windows XP systems targeted by new Chinese malware”. It says:
“It is exceedingly hard to protect against malware when it ships pre-installed from the factory. The average business, even a large enterprise, simply isn’t set up to perform this kind of due diligence on incoming hardware with embedded systems, whether it’s Windows, Linux or another platform. If an organisation wants to ensure privacy for itself and its customers, it must bear the cost of security somewhere in the supply chain, whether that’s in increased cost of a higher assurance supplier, or in post-purchase testing,” he explained.
Why is Linux dismissed as an option? Windows has back doors, so it can never be suited/deemed suitable for financial transactions. Why insinuate that this kind of issue is inherent (to the task)?
They should call out Windows and Microsoft’s connections with the NSA. which in is in turn connected to US banks. No country other than the US can ever trust Windows for use in ATMs. That’s a fact.
We are disappointed to see incomplete, biased, vengeful ‘reporting’ with agenda tied to companies/friends/employers of the writers/publishers. This is not journalism. It’s trash talk disguised as “news”. █
Send this to a friend
No Microsoft Office in China
Summary: Developments in China reveal that security and privacy threats posed by reliance on Microsoft are so great that a ban becomes inevitable and continues to expand (Microsoft put on more and more block lists and blacklists)
Let’s face it. Microsoft is in very serious trouble. Citing security, China already bans Windows (latest version), a top cash cow of Microsoft Corporation, which has only a few profitable products. Microsoft is now trying to warp the debate and deny back doors, even though Snowden provided evidence that speaks for itself. Windows has back doors that the NSA is exploiting. The other cash cow, Office (latest version), is also being banned in China, again for security reasons. Microsoft as a whole is being banned and censored, little by little (even its surveillance proxy, Yahoo, is being censored). This will be a big gain for free/libre office suites, including some Chinese versions (IBM employed people in China to work on OpenOffice with ODF). We will write more about the FOSS angle some time tomorrow as it’s a broad (and rapidly-broadening) subject.
Watch the Microsoft propaganda and vengeance in Microsoft media. For instance, says a Microsoft MVP and longtime booster (without mentioning Microsoft’s strong connection with the NSA), there is “malicious intent” here. It is actually a matter of national security because the NSA breaks into networks of companies like Huawei. Who is really malicious then? Here is a better and newer article about the ban of Microsoft Office 360 (5 days downtime). “Microsoft is working very hard to change the way that people see them,” says one article (part of this latest propaganda campaign [1, 2, 3, 4]) and the key word is “see”. No changed behaviour is part of the plan, especially when it comes to security and privacy. It is about perception. Some influential publishers who were paid by Microsoft are helping this perception management campaign right now, which proves that to Microsoft it’s all about marketing, not policy. The article “Microsoft Office Banned by China” generalises to make it seem like Office on the desktop too is banned and since it is written by a Microsoft MVP in a Microsoft sites we can expect the usual ridicule of China. Here is part of the full article from the Microsoft booster:
In April of this year, Microsoft made Office 365 available in China through a partnership with 21Vianet. Office 365, of course, is Microsoft’s online, Cloud edition of the industry leading office productivity software.
China represents a huge potential market for Microsoft. In addition to the launch of Office 365 in the country, Microsoft cut the ribbon on a new Azure datacenter in March.
But, Microsoft’s march to China dominance has been severely hampered as of late, and it seems with malicious intent by the country’s leadership.
This is great news, but a lot of the Western media has not picked this up. Interesting. Maybe there’s fear that this might inspire other governments. █
Send this to a friend
Summary: Observations and analysis of some recent deception in corporate news sites (like Condé Nasty), trying to pretend that Microsoft is secure, that Microsoft is pursuing security, and that FOSS and Android security or privacy are inherently poor
THE KARMA (or blowback) that Microsoft is meeting right now is a result of it sucking up (for government subsidies) to the NSA et al. for a decade and a half. Putting back doors in one’s software is not a safe bet for a business.
As longtime Internet saboteur (most recently Microsoft broke No-IP and offered no real apology, knowing perhaps it would fuel lawsuits by admission) Microsoft should never be trusted for anything Web-based. This is perhaps why China has put Microsoft’s latest Office push on the blacklist. “Yesterday,” said one article “Microsoft convinced a judge to let it take over No-IP’s DNS service, shutting down name service for many websites, in order to stop a malware attack. Today, the company fake-pologized.”
Never mind the fact that, as we explained before, the malware was partly Microsoft’s fault, for making a piece of software that’s insecure by design (and with back doors). “Microsoft’s PR mailout says that “some customers” experienced “temporary” loss of service but that everything was fine now; shortly after, the company’s PR emailed journalists again to say that things were still massively screwed up. It blamed the whole mess on a “technical error,” but when you look at what the judge believed about No-IP when the order came down, it’s clear that the “technical error” was a gross overstatement of both No-IP’s involvement in Microsoft’s woes, and the best way to sort them out.”
Notice how Microsoft is rallying so-called journalists. It is a company of liars and cover-ups. Why would anyone believe a single word?
The very fact that Microsoft was able to shut down millions of legitimate services shows just how much Microsoft corrupted its government. It used the Court for powers like hijacking a whole network. The No-IP story turned out to be far more outrageous than most people realised, as the press had been deceiving them at Microsoft’s behest. People should be fuming and Microsoft sued out of existence, but we just don’t know if this is actually going to happen. If Tux Machines was still on No-IP (as it had been for year, until recently), then it would have been one among millions of victims, potentially down for days.
Now, watch the audacity of Microsoft. With help from Gates’ fan press it pretends to be “against the NSA” and “transparent”. A lie bigger than that is hard to imagine, but this is marketing. This is part of a propaganda campaign which is going on at the moment (in many countries) and would have the gullible believe that Microsoft ‘fights back’ against the NSA, or something along those lines. One piece of propaganda was titled “Microsoft mocks NSA” and another doubts that it is “NSA-proof” (it is not, as with PRISM Microsoft can provide direct access, never mind NSLs).
Corporate media is meanwhile trying hard to push FOSS as “insecure” back into the debate. Gates’ fan press recently did this (citing familiar FOSS-hostile firms) and ‘Information’ Age conflates “proprietary” with “enterprise”, insinuating that FOSS is inherently not for enterprises (this is another type of FUD). Apparently, in addition to all that, a few lines of code (one bug) are the beginning of a new world. It’s that “Heartbleed” nonsense — a word coined by a Microsoft-linked firm for greater impact in an already-FOSS-hostile media (here is Adrian Bridgwater’s cheeky attacks on FOSS, using/exploiting news from 3 months ago, and here is another example). What corporate press rarely tells reader about “Heartbleed” is the insidious connection to Microsoft. There are those who look for bugs in old versions of Android which can leak location data because of the Wi-Fi stack, but these are not critical. “Android phones running 3.1 and newer versions of Google’s mobile operating system are leaking Wi-Fi connection histories, the Electronic Frontier Foundation has discovered,” says one source. Furthermore, says The Mukt, “Android seems to be the center of attention when it comes to mobile security concerns. In the latest, Electronic Frontier Foundation (EFF) has made claims that if you are an Android smartphones user, there is a high risk that your location history is being broadcasted to those within your Wi-Fi range.”
So basically, when it comes to FOSS there is nothing to really complain about except privacy bugs and some security bug from three months ago. As Ryan pointed out some days ago in IRC (citing IDG): “UPDATE: IBM on Monday corrected its report to say that the problem is not as widespread as originally thought. “The vulnerability affects Android 4.3 only. Thanks for the Android Security Team for correcting our advisory,” IBM said. About 10.3 percent of Android devices run Android 4.3.”
“That’s some sloppy reporting,” Ryan wrote. “First they reported that 86% of Android devices were affected by a critical security hole. Then they issued a correction, that it was only one version of Android that represents 10% of devices, and not even the latest version. We also don’t know that all Android 4.3 devices are affected, because OEMs can backport patches to their current firmware even when they don’t want to do a major Android upgrade at the moment. Archos kept backporting patches to Android 4.0 for a long time.
The original report, as far as we can tell, came from Android and Linux basher Dan Goodin. He led the way for writers, including in his former employer, to hide up an Android vulnerability. “It’s hard to exploit,” said his former employer, but in Condé Nasty it is called “serious”. This, in our view, is part of the hype which seeks to paint FOSS as ” insecure”, never mind the many back doors we now know of in proprietary software like Microsoft’s.
Just remember that Condé Nasty, and especially its writer Dan Goodin, has been on some kind of villainous Jihad against GNU/Linux for months now, distorting facts to make it seem as thought FOSS cannot be trusted.
To us it seems clear why all this FUD is being disseminated. Citing security concerns, large governments are moving away from pricey proprietary software with back doors, notably Microsoft’s. Watch Microsoft lying to governments of the world:
No backdoors in our code: Microsoft bid to convince governments
In yet another sign that the revelations about blanket NSA spying are biting into business revenue, Microsoft is offering to open up its source code to governments so they can satisfy themselves that there are no backdoors implanted.
There appears to be a fear among technology companies that if Microsoft is forced to do the government’s bidding, then American cloud businesses which operate in other countries could stand to lose a lot of business.
Snowden’s revelations have led to a drop in overseas business for at least two technology firms – Cisco and IBM. Additionally, the Boeing company lost an order from Brazil, which opted to go with Sweden’s Saab for $US4.5 billion worth of aircraft.
These are lies and Snowden’s revelations provided enough hard evidence to prove this. Expect many more attacks on FOSS from a security angle. Microsoft will try to save its cash cows, using a new ‘flavour’ of disinformation, as usual. █
Send this to a friend
Condé Nasty’s building, located near Wall Street
Summary: Articles about security issues at Condé Nasty (owner of Ars Technica) fail to focus on inherent flaws in software that is secret (and has back doors baked in), instead amplifying alarms over FOSS bugs
We recently saw some reports about Android vulnerabilities which actually count for something, e.g. privilege escalation put in proper context (user needs to actually install the software). But some people, and especially Goodin , would rather hype up non-issues and post them under “Risk Assessment / Security & Hacktivism” (an anti-Linux and now anti-Android section at Condé Nasty). They ignore the real security issues such as back doors, instead focusing on this kind of nonsense, saying that a designed change could heighten security risks for users. This is a continuation of very incomplete, one-side coverage, where only FOSS is ever characterised as insecure. It is propaganda by omission and Goodin is exaggerating the severity of flaws while adding provocative images to further increase the magnitude of fear. There is an agenda there; Irresponsible to say the least, as we recently showed. Maybe Goodin should highlight automatic updates of whole operating systems such as Windows. Why is he only picking on Android/Linux? Based on some reports, the FBI is listening to Android devices remotely. Maybe this is the kind of thing Goodin should cover, but he never does. Spooks may be hijacking automatic updates (such as Windows automatic updates) using back doors and collusion like PRISM, but Goodin is not interested in these matters. He would rather overlook the big issues like proprietary software which declines to obey settings that block automatic updates (Windows does this). Windows is the Swiss army knife of spooks, some of whom went on from agencies like the FBI to top positions inside Microsoft (and later to the firm which created hype/FUD about ‘Heartbleed’ [1, 2, 3]). People who only cover issues in FOSS instead of back doors in Windows cannot be taken seriously. It’s just so Condé Nasty (owner of Ars Technica since a few years ago). When Microsoft employees who reveal secrets of Windows get jailed and deported we should clearly divert scrutiny in that direction, but it is not happening. This site should be capable of better journalism on software issues, such as this very detailed new article about Android. Only balanced journalism will make this site look like real journalism. █
Send this to a friend
Summary: Microsoft’s software must be so malicious if revealing its “secrets” gets people who work for Microsoft jailed for several months and then deported
A LOT of the press continues to ignore the real threats to our (digitised/digital) liberties online. The corporate press barely writes about back doors in proprietary software like Windows (the back doors are there by design) and instead props up the whole “Heartbleed” hype [1, 2, 3]. Here for example is an article where 2 months (yes, 8+ weeks) after some lines of code were shown to have an error in them (dubbed “Heartbleed” by a Microsoft-linked firm and then marketed like classic FUD) IDG is conveniently deducing that all of FOSS is not secure. This is disgraceful FUD and it’s part of a pattern we have been seeing. Sure, there is lots of business in such generalisations, including for insecurity firms like Symantec, which maliciously gets closer to Linux groups (surely to sell some snake oil and claim that FOSS needs proprietary “anti-viral” software add-ons to be secure).
It should be noted that months ago there were many articles about how insecurity firms like Symantec (with odious Microsoft links in the management) needed to intentionally overlook government-developed malware (like Stuxnet) and back doors. It all adds up to one thing: the least secure practice in IT is one that involves introducing secret code into complex systems. One proprietary program is enough to compromise a larger system.
According to this article, allowing the public to see Microsoft secrets is a serious crime that gets you imprisoned and deported. “The Government timed its Complaint and Arrest Warrant to coincide with Mr. Kibkalo’s pre-arranged attendance at a technology conference in Bellevue,” says one article. Another says:
Kibkalo’s circumstances are somewhat different than most employees that get on the “outs” with their tech companies: in his case, Microsoft sifted through the emails and documents of the French blogger in order to detect the source of the leaked information – and then discovered that it was Kibkalo. Microsoft says that it regrets its actions, despite the fact that it doesn’t need a warrant to search the emails of its own customers. At the same time, there was an issue with Microsoft’s violation of customer privacy – and privacy advocates find the company violation to be more than an issue of subjective preference. They view it more as an “improper search and seizure.” What grounds did Microsoft have to do this?
Here we have two issues: the first if that Microsoft illegally spies on E-mails (we covered this before) and the second is that the very notion of being allowed to see Microsoft source code (e.g. to find the back door) or some “secrets” is now a serious crime with serious punishment. For a ‘transparent’ and ‘open’ “new Microsoft” (marketing nonsene) this sure doesn’t bode too well. █
Send this to a friend
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »