EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.13.15

More Microsoft Moles/Double Agents in IDG (Working for Microsoft and News Sites at the Same Time)

Posted in Deception, Microsoft, Security at 6:12 am by Dr. Roy Schestowitz

Hats

Summary: The plague which is Microsoft staff swapping hats (to masquerade as journalists) is still impacting news giants

OVER the past half a decade (or more) we have given many examples where CBS hired from Microsoft and appointed ‘journalists’ who not only had worked for Microsoft (to cover Microsoft issues and/or bash Microsoft’s competition) but even people who still worked for Microsoft. It’s like they are wearing two hats. The latest such example goes only a month or two back. There are dozens of such people (in total) and it is a very big deal because CBS owns and controls ZDNet and CNET, among many more sites. Last night we were told by a writer from Ars Technica (owned by Condé Nast, just like Wired and Reddit) that Microsoft sponsored the launch of Ars Technica UK, where every single page right now bears a huge Microsoft advertisement (which ad blockers are unable to hide). Ars Technica already employs several pro-Microsoft propagandists.

IDG, which owns and runs a huge number of sites that cover technology and proclaim to be news sites, can serve to show the security bias which we last mentioned the other day. As spotted by this comment, “Roger Roger A. Grimes] currently works for Microsoft as a principal security architect.”

“The author clearly has never met a good troll,” said another comment. The title of the piece is “We need the Internet police now more than ever”. This is total nonsense. What we need are operating systems without back doors, i.e. we need to abandon the likes of Microsoft (no more Windows). It facilitates cyber-crime, leads to botnets, DDOS attacks, extortion, etc.

This article is not atypical; this is just Microsoft propaganda (whether planned/coordinated or not). It’s Microsoft philosophy publicly projected. There is mostly blaming of the victims from Microsoft’s Grimes (Microsoft salaried ‘journalist’). Watch one of his latest: “Get real about user security training” (because it’s easy to blame the victims).

One day it may become possible to effectively screen journalists. We hope that journalism wouldn’t be so easy for Microsoft to penetrate and use to its advantage, leaving Microsoft only with aggressive PR agencies that try to push 'prepared' articles to journalists.

“Mind Control: To control mental output you have to control mental input. Take control of the channels by which developers receive information, then they can only think about the things you tell them. Thus, you control mindshare!”

Microsoft, internal document [PDF]

05.11.15

Biased Media (and Microsoft-Connected Media) Makes GNU/Linux Security Advantages Unknown

Posted in FUD, GNU/Linux, Microsoft, Security at 3:51 pm by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: How the corporate media, especially that which is connected to Microsoft, fallaciously frames Windows issues as universal issues and lays blame on GNU/Linux where Windows is affected

Our previous post, which talks about OOXML being insecure [via], was a reminder that Microsoft is inherently insecure, usually by design (for surveillance/espionage purposes, among other reasons). Today we would like to show some gross media bias which deliberately fails to highlight Microsoft’s uniqueness when it comes to poor security.

First of all, the Microsoft-occupied BBC is a disgrace. The BBC got very badly stuffed/filled (at management level) with Microsoft UK staff. It happened several years ago. Examples were covered here before. In an article titled “Self-destructing virus kills off PCs” they completely fail to mention that it’s just Windows. Microsoft and Windows are mentioned only in context that promotes them, but not otherwise. “Restoring a PC with its MBR deleted involves reinstalling Windows,” says one paragraph in the middle, “which could mean important data is lost.” Would the article bear the same headline if the virus targeted Android? It’s just so vague. “PC” just means “Windows” now. The BBC seems to serve as a Microsoft advertising platform, there is no pretence of objectivity at all. If the BBC’s language was reversed, it would announce “new version of PC” and “Windows malware destruction of Microsoft Windows” (to amend the aforementioned headline). The BBC has a newspeak name for Microsoft Windows when there’s bad news: “PC”. But it’s called “Windows” (or Vista 10/Windows 10) when there’s good news. How convenient.

Zack Whittaker from Microsoft (formerly working for Microsoft UK) writes about the latest Lenovo back door, neglecting to say that it affects only those who use Microsoft Windows (like previous Lenovo back doors). How convenient an omission.

Last but not least, take a look at this rebuttal to articles from IDG and the highly biased Dan Goodin (among few others whom we cited here the other day). Anti-Linux circles framed general-purpose threat to computers as a “Linux” thing. What a bogus claim that was! “Stealthy Linux GPU malware can also hide in Windows PCs, maybe Macs,” says the latest headline. The author says quite correctly: “Most news stories last week about Jellyfish focused on the Linux aspect, leading some to believe that Windows or Mac PCs can’t be affected by such threats. It now seems that Team Jellyfish is bent on disproving that.”

So once again GNU/Linux is receiving bad press (perception of insecurity) despite it being just a scapegoat in an attack that is hardware-based. We covered very similar examples in recent months.

The media is just so biased against Free software. Bias by omission and scapegoating is a longstanding issue that led to the “call out Windows” campaign. It’s not acceptable that Microsoft receives special treatment.

04.17.15

Microsoft Windows Remotely Crashed, Remotely Hijacked, But Still No Logo and No Branding for the Bugs

Posted in Microsoft, Security, Windows at 6:02 am by Dr. Roy Schestowitz

Summary: Windows maintains its reputation as a back doors haven, but the media is still not highlighting the severity of this issue, instead focusing on accidental bugs in Free software, even very old (and already fixed) bugs

AS our previous post stated, there is an effort to keep insecurity debates around Free software, even if by going a whole year back to the "Heartbleed" brand. “More branded bug FUD” can be found here, according to a reader of ours. So why are journalists still so stubborn and so eager to keep us talking about Free software as the risk when Microsoft deliberately makes its software insecure as if the priority is to keep remote access (by anyone) in tact (some countries now recognise this)? Why are there no brands for Microsoft's critical bugs these days? Free software is a big threat to the Security State, not to security, so a large number of moles can be suspected or even assumed. How many SSL flaws have already affected Microsoft and how many of them got “branded” in the same way as the OpenSSL bug? Some journalists don’t even name Windows, to spare Microsoft the embarrassment.

“Some journalists don’t even name Windows, to spare Microsoft the embarrassment.”Another back door/bug door in Windows has just been found. As iophk told us yesterday: “No logo or name?” No, it’s Windows. Remote access by anyone is a given any day.

As this article noted the other day, “Microsoft abruptly ended advance notification of security patches in January.”

In other words, Microsoft does not even inform those affected by serious bugs anymore. And in other news (yesterday), “HTTP ‘pings of death’ are spewing across web to kill Windows servers” (not the first of this kind).

To quote the article: “The SANS Institute has warned Windows IIS web server admins to get patching as miscreants are now exploiting a flaw in the software to crash websites.”

“For Microsoft,” says an IDG report, “the vulnerabilities just keep popping up, and appear to be surfacing more quickly than ever before.

“Like last month, Microsoft issued a fairly large number of security bulletins for April Patch Tuesday—11 bulletins addressing 26 vulnerabilities. Last month brought 14 bulletins from Microsoft, covering 43 vulnerabilities.”

Remember that Microsoft does not even report all the vulnerabilities. It games the system by making up bogus numbers (silent patches).

04.14.15

Back Doors/Bug Doors in All Versions of Microsoft Windows Need a Name, a Logo, and Branding Too

Posted in FUD, Microsoft, Security, Windows at 10:50 am by Dr. Roy Schestowitz

Microsoft gets a free pass for insecurity

Michael S. Rogers
“I don’t want a back door. I want a front door.” — Director of the National Security Agency (NSA), only days ago

Summary: All versions of Microsoft Windows are found to have been insecure since 1997, but the bug responsible for this is not named as candidate for back door access, let alone named (with logo and marketing) like far less severe bugs in Free/libre software such as OpenSSL

WHILE many journalists still refuse to call out Windows (see this new piece from Dan Goodin, who writes about crackers hoarding Windows hosts by the millions — in botnets — while mentioning the word “Windows” only once, very deep inside the article), some have no choice by to acknowledge that not every single computer runs Windows and therefore we should call out Windows when it’s clearly to blame.

“This wouldn’t be the first time it happens; recall how Google had to alert Microsoft for 3 months about a serious flaw while Microsoft did absolutely nothing (as if the intention was to keep Windows insecure, albeit secretly, very much like Apple).”Although there is no “branding” yet (as Microsoft buddies from a a Microsoft-linked firm like to do to Free/libre software bugs), there is a very serious bug in all versions of Windows (even the one still in development) that Microsoft’s allies at the NSA must be very happy about, especially as the bug is 18 years old (meaning that Windows has allowed remote access since 1997, or around the time Microsoft was seeking to appease the US government after it had shamelessly broken many laws).

The bug was found not by Microsoft but by this team (press release), which probably has no access to Windows source code. This wouldn’t be the first time it happens; recall how Google had to alert Microsoft for 3 months about a serious flaw while Microsoft did absolutely nothing (as if the intention was to keep Windows insecure, albeit secretly, very much like Apple).

ISPs should now restrict or ban Windows use, as it poses a huge risk (botnets and DDOS, never mind risk to all data stored on machines running Windows). Here is some early coverage of this [1, 2], some correctly emphasising that it’s a 18-year-old vulnerability [1, 2].

Let’s see if this starts a big debate about the insecurity of proprietary software (as other bugs with “branding” did to Free software, by means of gross generalisation). This “New Security Flaw Spans All Versions Of Windows” (similar wording in this headline). 18 years, eh? It even predates 9/11. It’s older than some readers of this Web site.

Watch this disgraceful piece titled “Will Microsoft’s Security Measures in Windows 10 Tarnish Open-Source Development?”

Yes, it’s more propaganda; The disingenuous openwashing of Windows continues, as we’ll show in our next post.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

04.08.15

Security FUD Against Free Software Resurfaces, Using Promotional Branding From a Microsoft-Linked Firm, So Red Hat Finally Responds

Posted in Free/Libre Software, FUD, Microsoft, Red Hat, Security at 5:52 pm by Dr. Roy Schestowitz

Bugs
Image courtesy of Red Hat

Summary: Old news is ‘new’ again, as Microsoft-friendly media decides to keep knocking hard on the reputation of Free software, using words rather than substance

A YEAR ago there was a curious (first of its kind for Free/Open Source software) “branding” of a 2-year-old FOSS bug by a Microsoft-linked firm that did not even find the bug. An engineer from Google had found it and sought to responsibly disclose it so as to patch it properly before the Microsoft-linked opportunists blew off the lid and called it “Heartbleed”, set up a Web site to ‘celebrate’ the bug, and even made a professionally-prepared logo for it. This whole “Heartbleed” nonsense — however serious it may have been for a day — was blown out of all proportions in the media and tarnished the name of Free software because it was so ‘successfully’ marketed, even to non-technical people. It was a branding ‘success’ which many firms would later attempt to emulate, though never with the same degree of ‘success’ (where success means bamboozling the public, especially non-technical decision-making people).

“Microsoft must be laughing quite hard seeing all that media manipulation.”“Dear journalists,” I said earlier today in social media (Diapora), “bugs don’t have birthdays. Stop finding excuses to bring “Heartbleed” BS (MS name for old bug) to headlines.” I spoke to one author about it and challenged him for floating these “Heartbleed” logos and brands yet again. To us it seems quite evident that Microsoft keeps attacking Free software and GNU/Linux like no time before; it’s just more subtle and hidden in more sophisticated ways. The person who heads the incognito firm that’s known only for the “Heartbleed” brand (they control the brand) came from Microsoft (he was head of security there) and also from the FBI, whose stance on encryption is widely known by now; they actively seek to break security of software, so knowing about the 2-year-old OpenSSL bug would make sense. Some reputable media reports said that the NSA had known about this bug for about a year before it was known to the public and the NSA cooperates with the FBI on breaking software security, sharing personal (illegally intercepted) data, etc.

Anyway, the same publication (as above) also floated the “Heartbleed” nonsense in another article today. Would they do just about anything to keep it in headlines? Even a year later? They are now citing some firm called Venafi (never heard of it before), which basically relies on misleading misuse of statistics. It’s FUD from a company that tries to make money from perceived dangers and accentuates these dangers in an effort to acquire clients. What kind of ‘journalism’ is this? incidentally, Black Duck is now joining the list of such parasitic companies, with new hires and multiple press releases, so clearly it’s a growth area and the Microsoft link is easy to see. It is FUD season again this spring as more publications now float this whole nonsense. This is hardly journalism, it’s just throwback.

Thankfully enough, Red Hat demonstrates what “branding” of FOSS bugs practically means, even using the image above. There is no correlation between the naming of bugs and their severity, but press coverage sure loves a good brand. This is an important (albeit belated) response from Red Hat to “branding” of a FOSS bug by Microsoft-linked firms like the one behind “Heartbleed”.

“It’s been almost a year since the OpenSSL Heartbleed vulnerability,” says Red Hat, “a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the time, and just because a vulnerability gets a name and a fancy logo doesn’t mean it is of real risk to users.”

Well, Microsoft folks sure squeezed everything they could from this bug, seeking to discredit not just OpenSSL but the whole development process of Free software (due to just one small bug, or a few lines of code). And Microsoft still pretends that it is warming up to Open Source? Who are these frauds kidding?

There’s a lot of companies which continue to use platforms with back doors, such as Windows, but the Wintel-oriented media would rather we just obsess over this one bug from one year ago (which was patched as soon as it became publicly-known).

We are rather disappointed to see a decent journalist like Sean Michael Kerner, along with colleagues at eWEEK, swallowing the bait and serving to promote the misleading claims to advertise this company that controls the “Heartbleed” brand, among other opportunists (like fish swimming around a shark for some leftovers). Microsoft must be laughing quite hard seeing all that media manipulation.

The Anti-Free Software Movement Grows (Security a Common Attack Vector), Connections to Microsoft Noteworthy

Posted in Free/Libre Software, FUD, Microsoft, Security at 5:13 pm by Dr. Roy Schestowitz

Doug Levin

Summary: Black Duck ups the ante on Free software-hostile messages, embeds FUD in the media almost instantaneously

THERE IS an attack on Free software going on, but it’s shrewdly disguised as ‘concern’ for Free software. We are led to believe that not proprietary software with back doors is the problem but Free software that may have bugs, especially bugs that users don’t bother to patch despite having the ability (or freedom) to do so. It’s free.

The other day we wrote about Black Duck entering the security FUD market, targeting Free software, as one ought to expect (it had already done the compliance FUD, neglecting to mention EULA-related issues in proprietary software). To repeat some facts for the uninitiated, Black Duck was started as an anti-GPL company, by its very own admission. Very shortly after hiring a parasite, whose company exploits security fears, Black Duck’s scope of FUD expands further and there’s an effort in the media to advertise this.

“Taft, who often promotes Microsoft PR, doesn’t mind covering something that seemingly relates to Free software if it makes Free software look bad.”Darryl K. Taft, a booster of Microsoft, already helps this anti-GPL company (Black Duck) by doing this Microsoft-esque advertising at this very moment. Taft, who often promotes Microsoft PR, doesn’t mind covering something that seemingly relates to Free software if it makes Free software look bad. No wonder Black Duck came from Microsoft. Other Microsoft boosting sites like TechFlash promoted this nonsense and spread it to media with broader reach. Watch how they wrongly describe Black Duck: “Burlington-based open-source software firm Black Duck software is making big bets on helping to make open-source software more secure for companies”

Black Duck is most definitely not “open-source software firm”, it is an anti-Open Source software firm whose products are proprietary, with software patents that relate to them. This is the kind of openwashing that has become so common when it comes to proxies of Microsoft (Microsoft works together with Black Duck, it’s not just that Black Duck came from Microsoft).

Black Duck, as we noted the other day, had hired a key person from Veracode, whose output is mostly FUD even today. Right now it promotes itself in CBS and other networks by saying some nonsense about a nonsense buzzword (“Internet of Things”) that means nothing in particular. To quote the CBS tabloid: “In a new report released by enterprise security firm Veracode, researchers discovered during testing of common, household IoT devices that security is not up to scratch — paving the way for exploits, data theft, robbery and potentially even stalking.”

That is just some embedded marketing for a FUD firm, one whose co-founder is now inside Black Duck.

Truth be told, Black Duck is trying to diversify or re-brand itself ‘pro-security’ as it did ‘pro-compliance’, but actually, what it really is about should be FUD. It uses fear, spreads existing fear to sell, creates more fear to sell, and overall it makes Free software look bad.

IDG is another large network that helped Black Duck advertise itself the other day. The headline is misleading because it says “Black Duck’s mission: To seek out insecure open source code in the enterprise”.

No, Black Duck’s mission is to sell its proprietary software by telling the press, enterprises etc. that Free software is not secure and needs some ‘medicine’ (Black Duck’s proprietary snake oil).

Here are the press releases from Black Duck [1, 2]. Clearly enough there is a media manipulation campaign going on and some journalists — other than Microsoft boosters disguised as ‘journalists’ — have already fallen for it.

04.03.15

FUD Alliance: VeraCode Co-founder Joins Black Duck

Posted in Free/Libre Software, FUD, Microsoft, Security at 5:56 am by Dr. Roy Schestowitz

Rusted

Summary: Two sources of fear uncertainty and doubt (FUD) against Free/Open Source software (FOSS) find themselves fused together

THE firm known as Black Duck recently admitted its roots in GPL FUD, not just in Microsoft (the founder's employer for many years). Black Duck recently took advantage of perceptions of FOSS security issues (using bugs with “branding”) to market its proprietary software products. A press release now informs us that VeraCode’s co-founder is joining Black Duck. We wrote about Veracode at Techrights several times before. Black Duck and Veracode have much in common, with examples such as security FUD that has “branding” to act as a stigma against Free software, as we recently (earlier this year) saw (both Black Duck and Veracode have been doing this in recent months). We are sure they’ll have a lot of experiences to share and many strategies to sell based on fear, or even create this fear by appearing in the media with famous brands such as “GHOST”, “Shellshock”, and “Heartbleed”.

03.27.15

Microsoft Keeps Pretending to be ‘Open Source’, Despite Relentless Assaults on Open Source

Posted in Deception, Free/Libre Software, Microsoft, Security at 8:53 am by Dr. Roy Schestowitz

Microsoft is ‘open’ like BP is ‘green’ (openwashing follows greenwashing tactics)

BP old logo

Summary: Microsoft’s charm offensives against Free/libre software are proving to be rather effective, despite them involving a gross distortion of facts and exploitation of corruptible elements in the corporate media

SIX days ago we published a series of six articles which are listed in order below:

The issue discussed in part 1 receives a lot of media attention, even from corporate media (in this case, GOP-leaning media). To quote one such report: “The feature we’re concerned with is called Secure Boot, and it’s designed to protect you: The installed OS becomes locked to the hardware itself, and if any other OS attempts to interfere (like a low-level malware app for example) then the system simply won’t start up. OEMs were ordered to make Secure Boot optional with Windows 8 but it looks like they are going to be given the opportunity to make it mandatory in Windows 10.”

“Microsoft is pretending to be Open Source because of new policies that require procuring Open Source software, e.g. in India.”What the corporate media gets wrong is the part about security. It’s not “designed to protect you”. In fact, much of the recent press coverage serves to show that UEFI reduces security in many cases. Some media sites/conglomerates such as IDG already explained (last year) how it can be used for remotely bricking PCs (pretty much at hardware level). We have covered several examples over the past 3 years, so evidence continues to mount. IDG’s Microsoft booster Andy Patrizio wrote: “I suspect if you are smart enough to use Linux, you are smart enough to shut off Secure Boot in the UEFI.”

That’s not an excuse. It also perpetuate myths about GNU/Linux being “hard to use”. “Still,” he continues, “it’s a PR hit for Microsoft, a company that has been earning a lot of goodwill lately.”

That’s utter nonsense as well. As pointed out in part 6 above, Microsoft just manipulates the media (or relies on boosters like Patrizio) to make it seem as though it changed its attitude. As we’ve pointed out in 3 recent articles, there are changes in tendering processes worldwide. Microsoft is pretending to be Open Source because of new policies that require procuring Open Source software, e.g. in India. Yesterday KV Kurmanath planted a Microsoft puff piece in The Hindu Business Line, relaying the bogus narrative of Microsoft as “Open Source”. People must react and counter these lies or else Microsoft will become indistinguishable from Free/libre software, based on a reality-distorting campaign. Microsoft already pretends that Windows, its common carrier, is 'Open Source' or something along these lines.

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts