Found circulating in JoinDiaspora
Summary: Everyone is paying the high price of a honeypot OS (with back doors for the NSA) being widely used
There appears to have been a sharp rise in SPAM recently (on numerous accounts, it’s not a coincidence). The vast amounts of it get spewed from Windows — the world’s leader in NSA back doors.
As long as there are back doors, this whole menace will persist and botnets made of Windows zombies [1, 2, 3, 4, 5, 6, 7, 8] will bombard the Web, causing damage to everyone’s life. Based on this article from the other day, there is a new Windows botnet and it is being used to damage Web sites:
There’s a new Windows-powered botnet, Fort Disco, slowly building up strength and cracking into PHP-based blog and content management system Web sites.
To quote one key part, “Matthew Bing, an Arbor Security Engineering & Response Team (ASERT) research analyst, wrote, “Arbor ASERT has been tracking a campaign we are calling Fort Disco which began in late May 2013 and is continuing. We’ve identified six related command-and-control (C&C) sites that control a botnet of over 25,000 infected Windows machines. To date, over 6,000 Joomla, WordPress, and Datalife Engine installations have been the victims of password guessing.”"
Putting the vast amounts of SPAM I have been getting in my 22 accounts aside (this year it is far worse than ever before), I have been observing attempts to crack my CMS-powered pages and it is costing a lot in bandwidth (an additional twelve pounds or so per month in
schestowitz.com alone, as it gets over a million hit per month, most of which seem to originate in botnets as they target login/posting pages). In order words, those botnets cost a lot of money and make it less financially/technically viable to run some Web sites. Thank you, Microsoft!
People who don’t like Windows may actually be paying the price for its existence even if they never use it. Sadly, it is going to take a while before Windows is completely extinct and, in the age of fibre, crackers needn’t access more than a few millions of boxes to totally pollute the Web. Here is one new bit of commentary which has gloomy predictions:
What do you do when your business relies on your charging a hefty premium for something that no one is willing to pay for? That’s the essential problem facing Microsoft with Windows.
It is actually not the important point. Those who choose Windows deserve the suffering, but those who suffer from other people’s choice of Windows deserve a voice too. █
Send this to a friend
Debating the rails on a house’s windows while a door at the back is unlocked
Summary: IDG focuses on security aspects of an operating system where digital back doors exist (for the NSA) and also a habit of widespread espionage by the NSA
THE rise of GNU/Linux is very evident, so the NSA’s dependence on back doors for the CIA-secured global empire is a growing issue. According to Rupert Murdoch’s Wall Street Journal, there are already some back doors (intentional or not) in Android phones/tablets, which are being used by the FBI to remotely access the built-in microphones, maybe the cameras too. This is why we must ensure Android stays free and regularly audited, with devices rooted to run independently-developed builds of GNU and Linux.
Windows is growing rusty on hardware which is getting older. Even Rupert Murdoch’s Fox ‘News’ acknowledges the end of the PR era.
“Back doors are a very big deal and they show why proprietary software is simply not acceptable.”Windows Vista, the operating system better known to be serving Hollywood with DRM (like it serves the NSA with back doors), is no longer heard about. It got buried quietly, but all its malicious features got carried forward . To ‘upgrade’ to Vista (or later) from XP would make no sense and the same may be true for Vista 8‘s successors. There may as well be a label on products saying “Vista or hire” (not higher) because it’s a choice between spending money on Microsoft mess (with security issues due to holes) or hiring more staff. Many are still using Windows XP simply because in Microsoft’s world using an operating system from 2001 may mean more output/higher productivity than the latest.
China, as expected, does not rush to pay Microsoft, so a lot of people there still use Windows XP. Here is one way to put it:
China has a lot of PCs but not as many as USA so far, so the numbers don’t compare straight up. A lot of Chinese share PCs, for instance in Internet cafes. Still, a lot of working PCs are going to have problems when updates cease. Since many are illegal copies that may already have happened. That’s not the real problem. The real problem is that hundreds of millions of working PCs are not going to be scrapped simply because the OS no longer works on them.
Gregg Keizer (IDG) framed this as a problem of security when he said:
The Chinese are going to have a very, very hard time kicking the Windows XP habit.
The deadline for the retirement of Microsoft’s most successful operating system ever is eight months from tomorrow: April 8, 2014. That’s the day when the Redmond, Wash. company is to deliver the last XP security update.
Given Microsoft’s de facto back doors for the NSA it may not matter much. We already know that the US government is strategically cracking PCs with Windows in China. It is espionage. The numbers in the UK are intriguing and here too the government is letting the US government have back doors, even into a lot of army workstations (showing what the ruling empire, with numerous surveillance outposts inside the UK, actually is).
Back doors are a very big deal and they show why proprietary software is simply not acceptable. It’s a huge risk. █
Send this to a friend
Primitive, bogus security
Summary: Microsoft’s platforms for phones are just about as bad as a phone platform can get
KIN and SideKick were horrible, not to mention Windows Mobile. But Microsoft can make things worse,
The NSA’s big ally (perhaps biggest ally) Microsoft is proving its faithfulness again, not just by providing Windows back doors and real-time audio/video Skype access but also by making self-bricking phones (a back door lets it be converted into a listening device and more).
According to this, Windows phones now brick themselves:
BLOG: What’s With The Bricked Windows Phones?
There’s no sense in beating around the bush: the Windows Phone is having a hard time of it. It’s certainly not a bad OS by any means; it is, after all, still around. But there’s no denying that it’s having a very difficult time gaining any traction in the mobile market, which is dominated by iOS and Android.
Here is where it gets worse, maybe by design:
Microsoft is warning users that their Windows Phone 8 and Windows Phone 7.8 devices could be easily tricked into revealing login credentials for corporate Wi-Fi access points secured with WPA2 protection. The vulnerability appears to build on a known security weakness in a Microsoft authentication protocol as well as the way Windows Phones connect to WPA2 networks.
This type of thing should get Microsoft banned, but the CIA/NSA would treat it like a feature. According to new reports, the CIA is now preparing TV propaganda with which to advertise and defend its abduction of wireless networks around the world (no, not just Google) and it is possible that flaws like the above are not an accident. Back doors in phones, for example, are now part of the specification/requirements.
“Nokia should know how it’s done because many of its phones have back doors.”By the way, the ongoing death of Nokia is not going to be mitigated following the reports above. There are “possibly as many as 8,500 more layoffs, according to reports.”
Maybe they can find a new job. The NSA is recruiting; not systems administrators, just people who code to spy, crack, and infiltrate. Nokia should know how it’s done because many of its phones have back doors. █
Send this to a friend
Summary: Correcting irresponsible press coverage which rather than discourage use of Windows discourages use of Tor and Free software such as Firefox
A lot of Mozilla flaws routinely affect only Windows users, but corporate media is too negligent to point out the real weak links. Windows is just assumed to be a given; it is almost like journalists at corporate media try to reinforce the Microsoft monopoly with all the security holes.
“The Internet as a whole is being compromised by Microsoft yet again (not just botnets and spam).”Firefox is being blamed for what’s essentially a Windows issue that let Tor be compromised. Some try to say that the NSA was not behind it, but an FBI Tor exploit and analysis of IP blocks does suggest that the US government was behind the cracking of Tor, exploiting Windows (which has NSA back doors).
Addressing this Microsoft/NSA issue, one blogger writes: “I like the expression, “Just when you thought it was safe to get back in the water.” I almost used it to open this article, but I didn’t. It would be inaccurate. Nobody in his right mind would consider the Internet waters safe at this junction in time.”
The Internet as a whole is being compromised by Microsoft yet again (not just botnets and spam). Tor with Microsoft sure makes a scary spectacle and a dangerous one for human rights.
Sean Michael Kerner says he foresaw this:
Approximately two and a half years ago, Tor (The Onion Router) Web anonymity project announced that was was going to build its own Web browser, to be known as the Tor Browser.
The Tor network provides a way for users to anonymize their online activities by running data packets through a number of “onion routers” that are servers that relay the user traffic but not the original header information (which indicates the user IP address). Prior to the Tor Browser, what many users did (myself included) was to simply use the Tor Button, which was a Firefox add-on that enabled Tor access on top of Firefox.
The Tor people back in 2011 thought that the Tor Button was a less-than-ideal solution and that building their own browser was a better idea. I wrote a blog post in May of 2011 warning of the risks of that approach and that it could lead to ruin.
I was right.
This is a problem only on Windows though. It is a shame that the press does not properly cover this crucial point. it leaves people more vulnerable to illegal intrusion. █
Send this to a friend
Summary: LeftHand has a back door and it’s a gold mine to HP collaborators (perhaps NSA agents) who want full access to massive storage servers all around the world
A BRITISH branch of the German publisher Heise recently wrote about HP back doors, showing that they exist not only in Microsoft Windows. There is a “New backdoor in HP server products,” says this new headline and here are the details:
Computer manufacturer HP has admitted that its StoreVirtual servers also contain an undocumented backdoor. The security vulnerability risks allowing attackers to gain unauthorised access to the storage systems. The backdoor provides users with direct access to the holy of holies, “LeftHand” (the operating system for the StoreVirtual server). HP has previously marketed its StoreVirtual systems as LeftHand Storage and P4000 SAN. LeftHand OS was originally called SAN/iQ.
Since we know that the NSA was cracking routers in China in order to eavesdrop or take control of network backbones (since 2009), this is noteworthy. The US has recently been paranoid about buying Chinese hardware (or hardware manufactured in China), based on NDAA clauses. In reality, it’s the US perhaps that should be feared (biggest spy bar none, just like its military).
I have worked with LeftHand devices before (it’s a fairly recent HP acquisition, costing $360 million in cash) and they’re like the backbone of storage in many enterprises and probably governments, too. It’s like a master key to many hard drives. If you control both network and storage backbones, you’re the jack of all trades and the master of the world.
There is also a back door “in US emergency alert systems,” according to another report from The H:
Backdoor in US emergency alert systems
The US-CERT, which is part of the US Department of Homeland Security, warns that security-critical vulnerabilities in US emergency alert systems potentially allow attackers to switch off the systems or misuse them to broadcast arbitrary emergency alerts. The Linux systems are used at TV and radio stations in the US and enable the US government to interrupt ongoing broadcasts when there is an emergency. This is designed to allow the US president to address the nation within ten minutes.
The latter is unlikely to be a back door by design. The ramifications, however, are noteworthy. These systems are proprietary. █
Send this to a friend
Summary: Many new holes in Windows are being disclosed and spying on local search, just as Canonical implemented it, comes to Windows
The NSA has special access to Microsoft Windows — access that nobody else and can take advantage of with impunity. According to this link to one report among several from a German publisher, “[o]n its July Patch Tuesday, Microsoft released a total of seven patch packages (bulletins). All except one of them close critical vulnerabilities. The company has closed a total of 34 holes in Windows, Internet Explorer, Office and many other products, among them the Windows kernel vulnerability that has affected the Windows privilege system for over a month.”
“It is time for Europe to ban or limit Windows preloading.”The NSA has known about these for quite some time, so its habit of cracking PCs for surveillance and espionage was very well catered if a given target was Windows user. There are even more holes that Microsoft won’t publicly speak about. It is time for Europe to ban or limit Windows preloading.
Steven J. Vaughan-Nichols alleges based on his experience that the latest rebrand of Vista 8 is no good and other reports reveal that it increase surveillance on the users. A report says that “it looks like Microsoft is planning to do some “Scroogling” of its own. InfoWorld reports that changes Microsoft is implementing with the upcoming Windows 8.1 update are geared toward making it easier to Microsoft to collect users’ local search data and deliver ads through the Windows Search desktop feature.”
Sounds like Ubuntu. Here is the original report. █
Send this to a friend
The British “army/navy/RAF have surrendered sovereignty again” –Glyn Moody
Summary: National security of the UK still in the hands of the NSA and other intelligence branches of the United States, new software procurement deals teach us
Microsoft gives the NSA back doors, as we recently learned. Last week we could called that espionage threat, but this week we know it is not just a threat but a reality, as the European Parliament got cracked by the NSA (see our daily links for many reports on this). The former chief of the NSA and the CIA publicly goes on the record admitting this, based on this weekend’s reporting.
“MoD signs Microsoft mega licensing deal for 180,000 PCs,” says a new headline from Paul Kunert in the Microsoft ads-filled British news site (a police deal too got signed not too long ago). For those who are not familiar with the MoD, we wrote about it some years ago, almost concurring with the time Techrights seemingly got infiltrated by British police. When our government pays almost $10,000 per Windows desktop per year we are left assuming these are inherently corrupt deals. Here is the latest: “The Ministry of Defence renewed a three-year Microsoft Enterprise Agreement late on Friday with Software Box Ltd (SBL) for 180,000 seats in a deal that sources value at roughly £15m per year.
“SBL has held the Microsoft EA with the MoD for the past nine years and channel folk are not surprised the Large Account Reseller won the latest tender, which had been issued to nine suppliers on Lot 3 of the Commodity IT Hardware & Software framework weeks ago.”
It is quite a clever way to subsidise Microsoft at taxpayers’ expense, leaving the international surveillance apparatus in place. And “so the army/navy/RAF have surrendered sovereignty again,” writes Glyn Moody in Twitter.
The incestuous relationship between the US war machine and that of the British, including surveillance at the wire level, e.g. on Germany and other EU members, sure is troubling. Given the ‘special’ Anglo-Saxon relationship, this is not shocking though. A lot of people knew about it for years and now we have many documents to show this.
For those who still think that security spin in The H can somehow suggest that Microsoft cares about security, it is important to explain that to Microsoft security means national (US) security, not security for computer users. With proprietary software this is easy to attain. The H shows how Opera (proprietary) became a security compromise only in Windows (proprietary). To quote: “Windows users seem to have been hit the hardest, since not all Windows versions check the certificate. Wilton-Jones tries to reassure users saying the malware did not affect the Opera installation itself; the autoupdate delivered trojan was
installed directly onto the operating system.” Here is the word from Opera.
For those who insist that the MoD chose Windows because it’s better, well, there is no actual reason for choosing Microsoft, definitely no technical reasons. Vista 8 is an utter disaster and even the same publication as above wrote some days ago that “Microsoft partners seriously underwhelmed by Windows 8.1″, providing the following as backing for what can be seen as generalisation:
Microsoft CEO Steve Ballmer promised a flood of touch-enabled devices to fill the market as he previewed Windows 8.1, but is the technology channel raring to snap them up? Not really, it seems.
Redmond’s very own bald eagle last night said the “rapid release” upgrade – which comes with a revolutionary Start button – will blend “desktop and modern computing experiences”, and the market should expect “literally an outpouring” of touch devices.
Major changes are expected amid Microsoft’s market decline and ZDNet, another Microsoft-friendly site, says that Windows is broken:
When the ecosystem is broken, you gotta blame the platform
This is another aspect of the broken Windows ecosystem. Microsoft makes a big splash with consumers building up the availability of Windows 8.1 and enticing mainstream customers to install it. The warning above was buried in a blog post and nowhere near the promotional material pushing customers to install the pre-release version.
Microsoft apparently knew that hardware partners might not be ready to handle the new Windows, but released it anyway. There’s no telling what will happen to owners of the devices listed above who install the new version, and I’m not going to find out, given the warning.
“Buyer beware” is always appropriate, but if you can’t trust the platform maker, then who can you trust to watch your back?
In this writer’s opinion, this is a clear example of Microsoft not putting the customer first and handling things in a way to guarantee a smooth experience. It’s another instance of Microsoft releasing an update to its own product, yet not allowing partners to get ready for it so customers have no problems. In a way, this instance is even worse than usual, as it’s obvious that given the warning statement above, Microsoft knew that owners of these popular devices should exert caution with the update installation.
To summarise, there is no reason for the British army to commit to Windows for years to come, neither for security-centric reasons nor for technical reasons. This seems like yet another sellout associated with people who reign over society and want to control/dominate. Isn’t that, after all, what militaries are about?
No intelligence apparatus should be complacent about working with NSA-controlled software. As the NSA already cracked ‘allies’ like the European Union, the NSA just cannot be trusted by anyone. Having spoken to some friends about it today, they too agree that the UK should foster its own IT companies and only ever deploy Free software whose integrity is assured domestically. █
Send this to a friend
Bias by overlooking fundamental flaws in binary-only operating systems
Summary: Targeting of the leading Linux-powered operating system attributed to a company controlled by many executives who came from Microsoft
Techrights has been writing about Juniper for almost half a decade, covering for the most part the influx of Microsoft executives joining that company [1, 2, 3, 4, 5] (some count as many 12 Microsoft executives entering Juniper), especially the very highest positions therein. There is yet more badmouthing of Android, which comes after previous Android FUD from the same company not too long ago (the end of last year). This generates press coverage even where Linux-focused writers dominate. To quote: “According to the new 2013 Mobile Threats Report from the Juniper Networks Mobile Threat Center, 92 percent of mobile threats are now targeted at Android. That’s up from 47 percent in 2012.”
How are those numbers being put together and measured? Why is there no scaling or normalisation based on share? Where are desktops? How is malware defined? If the user installs malware as a download from the Web and not through a trusted repository like Google Play, what does that count as? Many of these questions can be treated with great bias to say just about anything one wants about Android security. Google and non-Google professionals have repeatedly labeled such claims FUD. Other former Microsoft staff [1, 2] is doing the same type of thing, dedicating entire projects just to showing security threats in Android (whilst ignoring other platforms). They don’t call out Windows and they dare not mention the danger which is NSA access (see the new post titled “NSA Built Back Door In All Windows Software by 1999″ or confirmation that NSA is in bed with Microsoft). It is perfectly possible that NSA back doors are what enabled Stuxnet to be put on computers in Iran — something which is not just a theory anymore. As one man put it for the uninitiated: “You may recall last year that the NY Times revealed details on how US intelligence created the Stuxnet virus and got it into Iranian computers, leading to screwing up Iran’s nuclear enrichment program. There were some questions at the time about who leaked that information and how the Obama administration didn’t seem to mind nearly as much when the leaks made them look good. However, given the siege mentality the administration appears to have about any kind of leaks, to the point at which the Defense Department directly claims that “leaking is tantamount to aiding the enemies of the United States,” it appears that the administration may be looking to go after the leaker of the Stuxnet info.”
The BBC covers this too right now. For an agency so ruthless and lawless, where everything is seen as permitted, even cracking and sabotage of computers in another country, this should not be off limits. There is an admission that they did this when they claim to have found a leaker, a 4-star general. Al Jazeera is having a field day with this unintended confirmation that the US cracked computers running Windows.
Reports say retired general is being probed for leaks linked to 2010 cyber attack on Iran’s nuclear programme.
Maybe Juniper should put more focus on Windows back doors and their huge national security threat, not some petty ‘malware’ that Android users need to insist on installing, which is not easy by the way (actively discouraged by the operating system).
After the NSA leaks we must insist that security professionals take more seriously the immediate need to uncover back doors, such as this HP backup server back door. The debate needs to change. █
Send this to a friend
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »