EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.05.14

Windows is Dying Quickly, Even on the Desktop

Posted in Free/Libre Software, Microsoft, Security, Windows at 4:45 pm by Dr. Roy Schestowitz

China flag

Summary: The inertia of Windows is impeded by bans and disruptive trends (or form factors) where Linux is a key platform

Microsoft is wishing for public ignorance. It trying to pretend that it cares about privacy and Open Source [1, 2, 3, 4, 5, 6, 7]. This is despicably in the eyes of informed people and it is tied to a paid marketing/deception campaign. As we showed some days ago, China’s ban on Microsoft (and promotion of Linux-based alternatives) led to some shameless openwashing, seeking to paint Windows as “open”. Microsoft’s spokesperson pretends that Microsoft code can be audited, but there is already evidence that Microsoft tells NSA about flaws before these are patched. China’s government does not get that kind of treatment, so it is abundantly clear who Microsoft is loyal to (not the users’, that’s for sure). The latest call for abolishment of Windows [1-4] makes press again (notice the dishonest response from the spokesperson of Microsoft). The corporate media or the Western press tries to ridicule the Chinese or echo Microsoft’s lines. There are gross media campaigns about it, playing along with these Microsoft lies (or lines) which are hogwash, diversion, and innuendo. We covered only some of those lies before. It is truly a disgrace. The NSA works closely with Microsoft and Microsoft under Nadella (not really in charge) continues to engage in racketeering against FOSS. China would be right to eradicate all Microsoft software. It is the reasonable thing to do not just for business reasons. Bill Gates is pro-NSA and against Snowden; China should take that as a clue. Remember that the NSA engages in espionage against prominent Chinese companies like Huawei.

Based on this Microsoft puff piece, Microsoft spyware is now trying to enter Android, doing what we said Nokia would do (Microsoft spy phone on top of Android base). The puff piece says “That’s great news for Android tablet owners” as if spyware like this is necessary. Here is the interesting part though: “it’s also likely to disappoint and even anger some Windows users, who feel Microsoft is ignoring its own backyard while bringing this polished and finger-friendly Office experience to Windows rivals. But this is the trajectory that Microsoft must follow to succeed in what Nadella recently labeled a “post-post-PC era.” “There are going to be Windows devices and there are going to be other devices and we have to make sure our services run on all of them,” he said during last week’s Code Conference. Nadella suggested that Office for iPad won’t the last time Microsoft launches a major app on a platform other than Windows; today’s Android rumors seem to back that claim. Nadella said that while a touch-first Office for Windows is coming along, he’s unwilling to let it hold the company back.”

In short, the world is already abandoning Windows, so Microsoft tries to rescue its bigger cash cow.

Software developers and users no longer need Windows. China does not need Windows. Business can gradually adapt to homegrown Linux- and GNU-based systems. This, in turn, makes OOXML (and Office) obsolete. It makes Microsoft a thing of the past.

Interestingly enough we missed this article from March where Microsoft is shown to be sabotaging software projects of potential partners. Fernando Cassia sent us this link, highlighting bits like:

Defense Grid was dead. That was the message, delivered by Microsoft in the summer of 2008, just a few months before the game’s planned release.

Hidden Path had poured all the money it could spare into a small project to make an original game: Defense Grid, a downloadable sci-fi tower defense title that it could call its own and that would prove Hidden Path was a company that knew how to make games.

It’s what every developer wants to do. It’s why people make anybody’s games at all: to eventually make their own. And Hidden Path had struck out to do it right out of the gate. And it had almost worked.

The story begins in 2007, shortly after Jeff Pobst, Mark Terrano, Michael Austin, Jim Garbarini and Dave McCoy founded Hidden Path. It begins after they’d begun making Defense Grid and pitched the game to their contacts at Microsoft.

The founders had deep connections to Microsoft, so they pitched them a distribution deal: Hidden Path would make the game, Microsoft would distribute it on Xbox Live. For Microsoft, it was an easy sell. Microsoft, initially, loved the idea. The concept for the game was bold and brash. It was a downloadable title being developed for twice what downloadable titles normally cost to make at the time. The extra money was to be put into producing and polishing the game, potentially making it a premium offering for its Xbox Live lineup. Defense Grid, built by the men who worked at Microsoft’s Advanced Technology Group and who made sure Xbox games played and looked better on Xbox than anywhere else, would be one of the most highly produced downloadables on Xbox.

Microsoft was hot for the game. It wanted quality games to announce at the 2007 Game Developers Conference as part of its then-new Xbox Live Arcade program. The problem: Hidden Path hadn’t named the game yet. The working title “The Last Stand” had been taken by someone else. Hidden Path hadn’t expected to need a name for months, but suddenly it had only weeks. Hidden Path scrambled, spent money and came up with Defense Grid. Maybe it wasn’t perfect, but it worked. And it was theirs. And best of all, Hidden Path suddenly had a game in development for a flagship service on the best-selling console. With the increased attention and aggressive demand from Microsoft, the little studio, still in its first year of existence, felt like it had won the lottery.

For Microsoft, Hidden Path was just the sort of company to help promote Arcade — it was indie but comprised of veterans. Pobst had run a support department at the Advanced Technology Group at Xbox. Terrano had created Age of Empires 2. Austin also came from Xbox, and McCoy and Garbarini from the MechWarrior developer FASA. These five men threw their combined development expertise into one game: Defense Grid. It couldn’t lose. It was planned for release in 2008. Everyone was excited. And then things changed.

[...]

Shortly after a Microsoft reorg in early 2008, the “new team” called for a meeting with its partner, Hidden Path, to see the results of development on Defense Grid, which already had the green light from the “old team.” Everything went right in this meeting with Microsoft. The game looked great, played great and was running on schedule. But a strange thing happened: According to Hidden Path, the more right things went, the more frustrated the Microsoft people became. The game, they eventually said, was too good. They’d wanted it to be bad. They’d planned for it to be bad. Now they didn’t know what to do.

[...]

The new crew from Microsoft had come with orders to shut down Defense Grid. It was too similar, they said, to another game, one more dear to the new team leader’s heart. Defense Grid was part of the old plan. The new guy had a new plan. Defense Grid had to go. But … It was a great game. It was too good to cancel. Chaos.

This is classic Microsoft. Nobody should be working with and for this company. It should be universally abandoned for its behavior. Thankfully, Xbox continues to fail and production reportedly stalls. Why would anyone at all bother with this platform? It is spying on users (more so than any console) and betraying developers. Not only China will be better off without a company that spies on it, betrays it, and denies the truth.

Related/contextual items from the news:

  1. China puts Windows 8 on TV, screams: ‘SECURITY, GET IT OUT OF HERE!’

    China has stepped up its war on Microsoft’s Windows 8 operating system with a report in state-backed media that questions the security of the software.

    In a one and a half minute segment aired on China’s CCTV television channel, journalists reported that the Chinese government is concerned by the security of the Windows 8 software and is increasing efforts to develop its own rival system.

    “Microsoft would no longer open its Windows 8 source code to the Chinese government, however the security scheme of the Windows 8 operating system is designed to provide better access for Microsoft to users’ database. For China it’s a big challenge for our cybersecurity,” said Yang Min, a professor at China’s Fudan University, through a translator.

    “Your identity, account, contact book, phone numbers, all this data can be put together for big data analysis,” explains another academic, Ni Guangnam. “The US has a law that requires anyone that has this data to report to the government. The data might be a good way for the US to monitor other countries.”

    This report follows the Chinese government banning Windows 8 from a chunk of its public sector PCs in late-May.

    In March 2013, El Reg reported that Canonical had partnered with various Chinese government agencies to develop and support a Linux distribution named Ubuntu Kylin for the country. Given this television segment, we imagine installations of that OS are about to increase.

  2. China escalates rhetoric in campaign to ban Windows 8

    CCT pivoted on the official reasoning today. According to the Wall Street Journal (subscription required) the segment quoted experts who argued that operating systems’ makers can steal data from computers, including phone numbers and financial information.

  3. Microsoft faces new difficulties in China over Windows 8
  4. Chinese Media Says Apple Google Microsoft Etc Spying for NSA

    The official Chinese state run media outlet, People’s Daily, is accusing U.S. corporations of representing a spying front for the NSA, and the PRISM program. The outlet stated “Apple, Microsoft, Google, Facebook, etc. are all coordinating with the PRISM program to monitor China.” The outlet wants fierce punishments against the corporations, and promised they would pursue all those involved in spying activities. David Drummond, Google’s Chief Legal Officer released a statement Wednesday, advising the U.S. government has no access to Google servers, including no access to any “back door, or a so called drop box.” The leading search engine giant advised they only “provide user data to governments” in accordance with the law.

06.04.14

Focusing on the Lesser Dangerous Security Problems

Posted in Free/Libre Software, Security at 11:26 am by Dr. Roy Schestowitz

Summary: The obsession with security flaws that are immediately addressed by FOSS developers helps distract from deliberate flaws in proprietary software (back doors)

FOSS-hostile sites/tabloids like ZDNet happily cover security issues when they are already fixed and briefly affected Free software. The latest GnuTLS flaw (flaws in it are nothing new and they get addressed quickly [1, 2]) is starting to receive coverage in expected places (other than Microsoft-connected [1, 2, 3]). It is not just CBS sites but also Condé Nasty, another neighbour of Wall Street (where all those large media companies are based). There are provocative photos as usual from Dan Goodin, not to mention the Linuxwashing of this cross-platform issue. IDG does this, but IDG [1] also alludes to back doors in Windows without naming them as such.

Why don’t they spend more time covering deliberate back doors from Microsoft/NSA or even Apple? It does not seem to serve their sponsors as much as FOSS FUD. Ever since the NSA leaks came out (it started a year ago) it seems like much of the technology/corporate media looks the other way and tries to turn every little bug in FOSS into headlines, claiming that FOSS is less secure. Perhaps there is fear that many people will walk away from software with back doors, necessitating alternatives (spooks cracking in more clever ways, trying hard to put back doors without being noticed in freely-available source code).

Related/contextual items from the news:

  1. Beware the next circle of hell: Unpatchable systems

    Microsoft’s decision to end support for Windows XP in April was met with a collective gulp by the IT community. For good reason: Approximately 30 percent of all desktop systems continue to run XP despite Microsoft’s decision to stop offering security updates. Furthermore, a critical security flaw in Internet Explorer 8 disclosed recently by HP’s TippingPoint Division opens the door to remote attacks on XP systems that use IE8.

06.03.14

GnuTLS Picked on by Firm of Microsoft’s ‘Former’ Security Chief, FUD Ensues Everywhere

Posted in Deception, Free/Libre Software, GNU/Linux, Microsoft, Security at 11:15 am by Dr. Roy Schestowitz

Telecommunication

Summary: Codenomicon (where the ‘former’ Chief Security Officer for Microsoft is now the Chairman of the Board) is back to smearing FOSS projects whilst ignoring back doors in proprietary software such as Apple and Microsoft operating systems

SO-CALLED ‘SECURITY’ firms should spend more time finding flaws in secret (and most likely broken-by-design) encryption, such as the nefarious NSA stuff in Microsoft software. If they cannot gain access to the code (never mind the build process), then they should assume it to be insecure, by default. NSA is all over proprietary software, but it hides behind secret deals and arrangements with a blanket of NDAs (PRISM for instance). There is a lot of stuff in secret code which is designed to subvert encryption; we already have evidence of it, thanks to Edward Snowden.

Earlier this year we saw some FUD thrown at GnuTLS [1, 2], despite the fact that — or because — flaws had already been patched. That’s what makes Free software so powerful; fixes are almost immediate.

Then there was the whole “Heartbleed” hype [1, 2, 3], which came from Codenomicon, a firm headed by Microsoft’s ‘former’ chief (who also has FBI history and probably knows how the FBI and Microsoft created their now-infamous back doors). The whole thing stinks very badly and we have already explained why.

Now there is this new attack on the reputation of GnuTLS. Guess who’s behind it? Here’s a quote: “Codenomicon, which found the Heartbleed flaw, discovered another SSL flaw, this time in the open-source GnuTLS library. GnuTLS is part of many Linux distros.

“Security firm Codenomicon has found a new Secure Sockets Layer (SSL) flaw in the GnuTLS open-source cryptographic library. Codenomicon rose to notoriety in April as the security firm that found and branded the Heartbleed flaw in the open-source OpenSSL cryptographic library.”

Codenomicon did not discover it. It was the opportunist. The flaw was discovered by another company (a person in Google), but Codenomicon marketed the flaw, hyped it all up (later bragging about the business it brought), and then disclosed it prematurely and irresponsibly, before all sorts of crucial sites had been patched. Codenomicon is a nasty Trojan horse in the security world and it has an agenda. As we showed before, Codenomicon is also a Microsoft partner, never mind the staff’s high-level connections to Microsoft.

The GnuTLS flaw which Codenomicon speaks about is already patched [1] and a Red Hat employee explains why — if anything (contrary to media reports [2]) — this demonstrates the advantage of Free software [3].

In other security news, the proprietary TrueCrypt is seemingly under some kind of fight from the outside (or infighting). Nobody seems to know for sure what’s going on there yet [4] (maybe a split among the developers or some coverup), but theories with supportive evidence get posted [5]. GNU/Linux distros drop TrueCrypt [6] as soon as possible. The Linux Foundation is still focused on OpenSSL [7,8] these days.

It should be noted that the likely cause for issues in TrueCrypt is US government overreach (back doors or request for back doors). These days, making encryption that works is seen like some kind of crime as if it directly facilitates crime [9]. It’s possible that a move to some place like Switzerland will help dodge these issues. Red Hat too should move to some place like Switzerland, for several reasons we wrote about before (security, not just software patents and trolls).

Finally, in some other security news, notice how Apple is deviating further away from standards [10,11] whilst attacking a Free/Open Source operating system (Android) over “security”, as if Apple with PRISM and back doors is somehow more secure than Android. How does Apple do all this? Well, citing some gossip bloggers from the CBS-owned tabloid ZDNet (CBS is paid by Apple), the CEO of Apple had this to say:

To illustrate his point, he quoted the title of a recent article by ZDNet’s Adrian Kingsley-Hughes, a self-described “big fan of Android.”

The article’s title? “Android fragmentation turning devices into a toxic hellstew of vulnerabilities” – and Cook’s slide of that quote added animated flames to the word “hellstew.”

Wait a second, Mr. Cook. Your operating system (core) has back doors which Apple designed and bragged about, never mind the NSA and PRISM. These back doors are now misused by non-government crackers. How can Cook claim security advantage with a straight face? The British press (above) ought to have pointed out these issues.

Speaking of British press, watch the Microsoft-controlled BBC spreading some FUD without naming Microsoft, even though only Microsoft is the culprit. One has to read many paragraphs before reaching the part where it says: “If your computer does not run Windows, stop right here. This does not affect you – but other problems might, so always keep your antivirus up to date.”

GNU/Linux does not require antivirus, unless it’s a server that serves files to Windows clients. But never mind all that, the BBC supports the antivirus myth (some antivirus companies do the same to Android), pretending that all platforms are not secure. The fact that this is a Microsoft-only problem should have been stated in the headline, but it’s not. Therein lies the typical bias of the BBC and some other Bill Gates- and/or Microsoft-funded press (BBC is funded by both). Microsoft is simply not being mentioned when there are Microsoft-only security problems, only when there is good news (promotion).

Watch out for FUD; lots of it exists, but it’s well concealed. A lot of it is bias by omission or bias by emphasis/selectivity.

Related/contextual items from the news:

  1. GnuTLS Vulnerability Closed in Ubuntu 14.04 LTS
  2. GnuTLS bug exposes Linux clients to server attacks

    The maintainers of GnuTLS, a secure communications library used in Red Hat, Ubuntu other Linux distributions, have released fixes for a critical bug affecting the client-side of the software.

  3. Just a thought

    I don’t fear the bugs that get fixed (in OpenSSL and now GnuTLS) in an open, transparent way we open source people do. I fear the bugs in proprietary stuff where I can never be sure if they get fixed and how. 

  4. TrueCrypt’s Mysterious Vanishing Act
  5. TrueCrypt warrant canary confirmed?

    Looking at the sudden new content on the TrueCrypt site, the most plausible explanation for me was that it was an attempt to tip people off that they had been tracked down and sent a National Security Letter, without actually breaking the law. Why else would they advocate using Apple’s disk encryption with no encryption selected? Why else would they advocate use of software from Microsoft, who we know cannot be trusted? It smelled like a warrant canary.

  6. Replace TrueCrypt

    Due to various concerns, TrueCrypt is about to be replaced in Tails, either by tcplay or cryptsetup.

  7. Announcing Rapid Progress on Core Infrastructure Initiative

    A month ago we announced the Core Infrastructure Initiative, a project to help fund critical open source projects that we all rely upon but that are in need of support. We moved quickly to organize the initiative and the industry reaction was swift and enthusiastic. I am proud to report on significant progress that I believe matches the quality of the reaction to the formation of the project.

  8. Linux Foundation will save OpenSSL with a little help from its friends
  9. US cybercrime laws being used to target security researchers

    Some of the world’s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure, amid fears American computer hacking laws are perversely making the web less safe to surf.

    Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have wielded it aggressively at anyone looking for vulnerabilities in the internet, criminalising work that’s largely benign.

  10. Apple Announces A New 3D API, OpenGL Competitor: Metal

    At Apple’s WWDC conference today they have just unveiled Metal, a new 3D graphics API to compete with OpenGL.

  11. Apple’s new Swift coding language hopes to lock down errors

05.31.14

TrueCrypt Too Proprietary to be Secure and Corporate Media Should Stop Blaming Free/Open Source Software (FOSS)

Posted in Free/Libre Software, Security at 4:36 am by Dr. Roy Schestowitz

TrueCrypt was never worth trusting in the first place

Telecommunication

Summary: Analysis of the whole TrueCrypt fiasco and response to the blaming of FOSS (where the licences are clearly not FOSS)

PROPRIETARY software should be assumed insecure by design, as it often contains back doors and one simply cannot prove otherwise. Based on experience alone, a lot of proprietary software comes with back doors, sometimes accidentally but not always. A lot has been written about this before, both here and elsewhere, so we are not going to write so much on this subject. Instead we wish to focus on the news that TrueCrypt development is moving to Switzerland (the first article we found about this is [1] and there is also some analysis [2]). The PATRIOT Act comes to mind and also the experiences of secure mail services in the United States, including Edward Snowden’s E-mail provider. When Groklaw shut down, citing concerns over NSA spying, it recommended that people adopt Kolab, which is based in Switzerland. It should be emphasised that Switzerland harbours privacy not because of humanitarian interests but because of national interests. For domestic prosperity it facilitates international crime (tax evasion from all nations) and wishes to guard the criminals.

The problems with TrueCrypt are not new to us; I very much predicted what the news insinuates and I had received flack for saying so. TrueCrypt has been thoroughly and even successfully openwashed based on some odd kind of marketing angle; those close to the project know better how it works and if an audit which is not transparent is needed for TrueCrypt, then we should quickly realise that the build process and some components are wrapped in a riddle/mystery. The very core of the problem, including its build process, are very crucial. The announcement from TrueCrypt was as vague — not transparent — as the project itself.

Now it is widely known that TrueCrypt gave an illusion of privacy, which is in many ways worse than having no privacy at all because there is impact on users’ behaviour. We may never know how many people have gone to jail or were killed because of TrueCrypt’s false promise.

FOSS-hostile sites try to spin that as an issue with FOSS even though it’s not FOSS. One source states: “The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world–after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai’i.”

Snowden uses Debian GNU/Linux (Tails) and the main reporter he worked with, Glenn Greenwald, only recently dumped Microsoft Windows and moved to GNU/Linux.

There has been a lot more coverage about it [1, 2], including the usual scaremongering by Mr. Goodin, who wrote about it not once but twice, saying: “One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn’t safe to use.”

Goodin’s colleague wrote about it as well. They are really milking this cow and the best known CIA-linked news site asked: “Is this the end of popular encryption tool TrueCrypt?”

The plutocrats’ press, Forbes, called it “Open Source” (in the headline), so it can’t even get its basic facts right:

Over the past 24 hours the website for TrueCrypt (a very widely used encryption solution) was updated with a rather unusually styled message stating that TrueCrypt is “considered harmful” and should not be used. If you have not come across TrueCrypt and why it has become so popular see the below section ‘why do people use TrueCrypt’.

Better coverage came from the expected sources, not playing to the tune of FOSS smears (TrueCrypt is proprietary).

Knowing that Microsoft is an NSA partner, Gordon in our IRC channels felt baffled because TrueCrypt is “now recommending bitlocker for windows”, to which Ryan replied: “Proprietary encryption from Microsoft that was designed in partnership with the NSA…”

Microsoft is talking to British police about encryption. When I wrote about this nearly a decade ago Microsoft staff were using personal insults against me, only later (much later) to realise that I was right. Sean Michael Kerner calls TrueCrypt “Open-Source” (with a dash) when he writes: “The other challenge facing TrueCrypt is the simple fact that there are many other disk-encryption technologies now available. On Microsoft’s Windows operating system in particular, which was a key target platform for TrueCrypt, versions of Windows after Windows XP include support for Bitlocker, which performs a similar function. In addition, there are multiple file-encryption technologies available, including, FileVault for Mac, DiskCryptor for Windows and Luks for Linux.”

Proprietary operating systems are not compatible with encryption for the same reason that proprietary hypervisors are not. If the NSA can infiltrate the lower layer (e.g. VM host, OS, BIOS) through back doors, then the rest (what’s above) is almost automatically compromised. No sane developer would recommend anything that’s proprietary for security and privacy. Don’t forget Microsoft's COFEE and CIPAV. Microsoft is very much in bed with spooks and police. Microsoft is an informant without conciousness. Privacy in Windows is not a goal; the contrary is true. One Linux/BSD site thinks that TrueCrypt is now “dead” and there is the following statement about the software licence:

Based on the wording of its license, there was always a question mark surrounding the open source-ness of Truecrypt. But that’s not the topic of this brief article. What prompted me to write this is an article that appeared in the Washington Post suggesting that TrueCrypt may have seen its last days as an (“open source”) software project.

Just remember that TrueCrypt is not FOSS.

There is another project whose software licence was blamed for lack of participation and oversight. The OSI’s President blamed the licence. That project was OpenSSL, which is now scrambling to get some more money. The Economist makes FUD out of it while other sites take a more objective approach [4-15]. Remember this: if the project is not quite as open or free as it wants people to believe, then it might not be worth trusting. We never trusted TrueCrypt.

Related/contextual items from the news:

  1. TrueCrypt Not Dead, Forked and Relocated to Switzerland

    The development of TrueCrypt, an open source piece of software used for on-the-fly encryption, has been terminated and users have been advised not to use it because it is not secure enough. Now, it seems that another team of developers have forked the software and rebased it in Switzerland.

  2. Death (?) And Rebirth!
  3. TrueCrypt, An Open-Source Whole-Disk Encryption System, Leaves Users High And Dry
  4. Tough Love for the Encryption Software That Was Compromised by Heartbleed
  5. CII announces 2 full-time devs and a security audit for OpenSSL
  6. Heartbleed: Linux Foundation hires dynamic duo to fix OpenSSL
  7. Linux Foundation throws money at OpenSSL staffing post-Heartbleed
  8. The Linux Foundation’s Core Infrastructure Initiative Announces New Backers, First Projects to Receive Support and Advisory Board Members

    The Core Infrastructure Initiative (CII), a project hosted by The Linux Foundation that enables technology companies, industry stakeholders and esteemed developers to collaboratively identify and fund open source projects that are in need of assistance, today announced five new backers, the first projects to receive funding from the Initiative and the Advisory Board members who will help identify critical infrastructure projects most in need of support.

  9. The Linux Foundation Assigns Two Full-Time Developers to Work on OpenSSL
  10. LF Announces New Backers, Projects For Core Infrastructure
  11. Linux Foundation adds more Internet protocols to its protection list
  12. Everyone uses OpenSSL, but nobody’s willing to fix it — except the Linux Foundation
  13. Linux Foundation flings two full-time developers at OpenSSL

    The Linux Foundation’s new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software.

    The Linux Foundation announced on Thursday that members of the “Core Infrastructure Initiative” (CII) will dedicate resources to working on the Network Time Protocol, OpenSSH, and OpenSSL to hunt down and fix flaws in the tech that helps tie the internet together.

    “All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today’s global information infrastructure,” said Jim Zemlin, the executive director of the Linux Foundation.

  14. Corporations put their cash where their open source security is

    OpenSSL and Open Crypto Audit Project are the first open source projects to receive funding from the Core Infrastructure Initiative.

  15. The Linux Foundation Draws Backers and Funds to Tackle Tech Problems

05.28.14

Apple Debacle a Timely Reminder That Any So-called ‘Kill Switch’ is a Dangerous Back Door

Posted in Apple, Security at 9:24 am by Dr. Roy Schestowitz

Summary: Smartphone kill switches, which by definition require remote control of systems, turn out to be Trojan horses that reduce security by facilitating crackers (not just government-sanctioned crackers)

AMID lots of advocacy and inane promotion of kill switches (claiming that they were “against theft”) we repeatedly called them back doors, which is technically what they are.

Now that “Apple”-branded phones get hijacked by crackers we are reminded that these back doors (incorporated by design) are nothing but trouble and for Apple iPhone ‘users’ who don’t know it yet, Snowden released evidence to show that iPhone (more than other phones) has NSA back doors. It’s no coincidence that Obama was barred from using iPhone. Back doors (and so-called “kill switches”) are now being exploited by crackers who try to use ransom for profit. Microsoft’s NSA back doors are equally problematic, but in this post we will focus just on Apple. As iPhones are being “frozen” by crackers demanding ransom we should again ask ourselves, is it really safe to let so-called ‘security’ agencies acquire back doors? Should anyone other than the physical user have access granted to the system and subsystems? These are the questions which motivated the Free Software Foundation to battle against DRM, proprietary software, and for privacy, freedom, etc.

According to the corporate press: “It appears that the hacker [sic] … has managed to exploit the Find My iPhone feature which can track and remotely lock stolen devices. Users have been told to send ransoms of between $50 and $100 Australian dollars (up to £55) to a PayPal account in order to have their devices unlocked.”

Watch CBS (which Apple pays) trying to relay the Apple ‘damage control’. Apple tells users to change passwords as if back doors can be circumvented by choice of passwords. Apple should apologise to (and compensate) users for helping to build back doors that are now falling into the hands of non-government crackers. The kill switch is the ultimate weapon against people whose phones have back doors. It’s not about thieves and security; it’s the ability to destroy/switch off phones at protests and other venues, of course in the interests of “national security”. So much for security, eh?

05.22.14

World’s Largest Population Heading Towards GNU/Linux Because Windows is Not Secure (NSA Trojan Horse)

Posted in Asia, GNU/Linux, Microsoft, Security at 11:18 am by Dr. Roy Schestowitz

Stallman in China
Stallman’s trip to China; image from stallman.org

Summary: Following espionage and other incidents of cracking against China the government decides to ban the latest Windows while encouraging the population to abandon Windows

An interesting but unsurprising report from Reuters revealed some fairly important news from China, whose government is saying no to Windows (latest version). This is even characterised as a ban. To quote one report: “The Chinese government has announced that its agencies will be forbidden from upgrading their ageing and end-of-life Windows XP systems to Windows 8.1, banning Microsoft’s latest operating system in the name of security.”

Vista 8 is banned not just because it is terrible but because it is a threat to national security [1, 2, 3, 4, 5, 6, 7, 8, 9]. This is a significant turning point which may lead other governments to pretty much the same policy.

This exodus oughtn’t be too shocking given some recent news from China about GNU/Linux. Richard Stallman visits the country these days (delivering talks and other such activities) while Chinese people are urged by their government to embrace GNU/Linux (there are calls for migration on national television). There is state support for these efforts. NSA-Microsoft ties, in addition to cracking against Huawei, may further contribute to this. Don’t be shocked if Bill Gates already books some plane tickets or prepares his private jet for a trip to China.

Vista 7 is a horrible mess too, no matter the hype Microsoft spent billions to produce. Watch what happened at Emory this past week. This was summarised by a pro-Windows sites that said “Whoops! Emory University server sent reformat request to all of its Windows 7 PCs” (link).

There was a fair deal of coverage about it. Neowin wrote:

Sometimes, there are incidents that take place that remind people who use PCs to back up their files on a regular basis. Such an event happened earlier this week at Emory University in Atlanta, where an “accident” resulted in a server sending out a reformat request to all of the Windows 7 PCs at the school, including the server that sent out the request itself.

How highly insecure. Remember that the NSA built back doors into Windows, so imagine what it can do with ‘features’ like the above, e.g. at times of war.

What such idiocy may cause for national security should teach everyone to abandon Windows immediately, especially in the public sector.

Germany is now introducing new procurement rules that take into account NSA espionage. It also forbade UEFI (on government computers), perhaps foreseeing the bricking of hardware remotely (yes, it enables rendering PCs “bricks” [1, 2]). Disregard the new spin and the hogwash from Linux Journal; it is written by Doran from Intel; it’s basically advertising of restricted boot, portraying it as benign while masquerading as an informative article. Intel and Microsoft must be desperate for some kind of new lock-in.

It is worth adding that Microsoft is far worse than Google when it comes to NSA connections, no matter what it’s extremely misleading attack ads say/insinuate. Here is a decent new blog post that says:

In the battle between office productivity vendors, Microsoft has long distanced itself from Google GOOGL +1.72% claiming that the fact that Google scans emails in order to deliver contextual advertising to customers is a data security breach. Never mind that the scanning was completely anonymized and digital – Microsoft leveraged the conspiracy theory that it was somehow a case of Google employees reading all of our email.

China already develops mobile operating systems that are based on Android/Linux (COS for example). These can help assure China’s national sovereignty. They deserve it.

05.17.14

Linux Flaw is Not a Back Door, Unlike Many Microsoft Flaws

Posted in GNU/Linux, Microsoft, Security at 11:51 am by Dr. Roy Schestowitz

Selective reporting to breed bias against the lesser issues

3-D text

Summary: New elements of FUD against GNU/Linux, ignoring much bigger issues that barely get covered at all

Since Microsoft is in bed with the NSA, many Microsoft flaws (with new ones added almost every month) are remotely exploitable and Microsoft does not even tell us about them all. It’s like a perpetual back door with the occasional change of keys.

Recently, a flaw that mostly affects shared GNU/Linux hosting was hyped up in Microsoft-connected sites by old FUD 'friends' who habitually do this. This was followed by some other coverage elsewhere, neglecting to say that the flaw is already widely patched. It was not even so severe. This was accompanied by a couple more FOSS-hostile articles in the British press, including one from a Microsoft propaganda site
citing, as usual, talking points from friends of Microsoft. There is a lot of FOSS-hostile propaganda these days, including this piece from InformationWeek that gets it wrong on many levels. This one example is a very crappy article framing it as a “religious” battle between “open source” and “commercial” as though these are opposites. Even Linux proponents like Susan Linton amplify these distracting reports, ignoring the elephant in the room, notably Microsoft. That’s where monstrous holes reside and prosper. Reporters should be pressured to investigate the real threats.

As many OEMs have found out (Sony being one of the latest), selling computers with back doors preinstalled is not a good business model [1, 2, 3]. It turns out that Microsoft not only gives a back door to the NSA but also the FBI (domestic), based on new leaks. To quote one report: “Microsoft worked to provide the FBI with court-ordered user data after the company began using encryption for customers who used Outlook, according to newly-released documents first leaked by Edward Snowden.

Here is more, which shows that not only Skype is affected. To quote: “Last July, Glenn Greenwald published a set of claims regarding a number of Microsoft services that were, especially at the time, unsettling: That Microsoft had helped the NSA “circumvent its encryption” relating to web chat on Outlook.com, that it had worked with the FBI to bring OneDrive (then called SkyDrive) into better fit with PRISM, and that government data collection from Skype had…”

It goes deeper than this, proving that people should wipe and freshly install operating systems they can trust on devices. Maybe the press focus on the elephant in this room. One site says “[s]oftware giant Microsoft has been left with questions to answer over its approach to the US National Security Agency’s (NSA) global internet surveillance programme after a new document was released implying that the NSA routinely collected data from the Microsoft cloud.” Microsoft facilitated this. It’s not an accident. But that’s not even the the bad part; it’s just the tip of the iceberg. The real problem is worse because Windows itself contains back doors and new ones are routinely added. It is not just about the so-called ‘cloud’.

05.13.14

Dan Goodin’s FUD Campaign Against GNU/Linux Security Just Never Ends

Posted in FUD, GNU/Linux, Microsoft, Security at 10:54 am by Dr. Roy Schestowitz

Don’t trust Ars Technica on software issues

Hannity banner

Summary: Dubious reporting and abject bias in a Web site that’s known for good reporting on matters of Internet law

THIS MAY not have been pointed out before, but Ars Technica, and especially its writer Dan Goodin, has spent the past year throwing FUD at GNU/Linux on a very regular basis. It’s all about security. That’s their angle. Ars Technica, which offers very poor journalism in some areas, deserves to know where it is going wrong so that it can improve.

Some of Ars Technica‘s staff has got to be very dishonest and biased to do what it sometimes does (not to generalise to all the staff). It doesn’t seem to be the fault of editors, perhaps the selecting (hiring) of writers. Here they have Microsoft Windows, which one of their writers advertises on an almost daily basis with no shame (Microsoft Peter) after another one did this (Microsoft Emil) and that’s not even taking into account the load of paid Microsoft advertising in the site. Ars Technica should know that Windows is a Swiss cheese of an operating system, with massive issues like Conficker and the NSA-developed Stuxnet (Microsoft helps the NSA get back doors in Windows). According to new reports like this one, “PCs running Windows 7 or Windows Vista have a higher chance of being infected with malware than Windows XP computers, according to Microsoft’s latest Security Intelligence Report.”

Vista 7 was advertised as being secure, but it has been a total sham when it comes to security, as we showed in dozens of posts. Vista 7 has NSA back doors, so it’s not surprising that it is not secure. It’s insecure by design. Don’t expect the Microsoft section of Ars Technica to say this. It’s just propagandistic.

Does Ars Technica criticise Microsoft Windows over security? Hardly. One of their writers, Dan Goodin, has seeded a lot of the past year’s hype about GNU/Linux ‘insecurity’, ranging from alarmist reports about GnuTLS [1, 2] to OpenSSL [1, 2, 3. Watch Mr. Goodin making another menacing headline out of a bugfix for code-execution flaw in Linux.

Only Mr. Goodin knows why he’s always picking on GNU/Linux, hardly ever discussing the elephant/s in the room. Our guess is, based on a long pattern of FUD, is that he’s on some kind of Jihad against GNU/Linux and Ars Technica happily facilitates it, just as Ars Technica facilitates utters lies by Microsoft propagandists whom it employed (never mind the paid advertising from Microsoft). It should be noted that even the person who covers FOSS most often at Ars Technica is a ‘former’ Microsoft booster, replacing one who was actually very good (Ryan Paul). Is Ars Technica hiring writers to match the sponsors (advertisers)?

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts