07.12.12
Posted in GNU/Linux, Google, Microsoft, Security, Vista 7, Vista 8 at 6:37 pm by Dr. Roy Schestowitz
Form factors revolution
Summary: Bad news for Microsoft and its monopoly, which lies atop Windows with all its problems
Microsoft’s financial state was discussed recently in light of the losses. One former Microsoft executive calls for the company to be broken up, probably splitting it into the part which should be decommissioned and the one that can somehow live on, notably the Windows and Office franchises (illegally-obtained monopolies). To quote CNET: “Microsoft has lost its way, says Kirk Eichenwald, who talked about his Vanity Fair piece on “CBS This Morning.”"
CNET also says that “PC shipments continue downward trend” based on Microsoft’s friends at IDC and Gartner. Christine Hall goes further by invoking the “end of the Windows era” (without Windows, Office too can fade away). “I thought about this the other day while reading an article somewhere online about Windows 8,” Hall writes. “The author wrote something about how at this stage of the game, Windows 8 with its Metro interface was facing the same uncertainty that Vista faced right before it was released. I almost found myself in agreement, until I remembered my friend Phillip in those last days before the release of Vista.
“There was a big difference between the pre-release days then and the current situation as we wait for Windows 8′s big official debut. Back then, all the Windows fans were actually looking forward to Vista. XP had been a big hit, and the Redmond fan boys thought Vista would be even a couple of notches better. After all, they’d been working on it for ages; all that work was bound to turn into the most super duper operating system ever.
“Windows 8 with its Metro interface was facing the same uncertainty that Vista faced right before it was released.”
–Christine Hall“The rest, of course, is history. Vista turned out to be an even bigger embarrassment to Microsoft than ME had been six years earlier. It wouldn’t run properly on anything but the latest NASCAR rated processors. It needed gazillabytes of RAM. Worse, a massive number of peripherals, from printers to scanners, were turned into toast because they couldn’t be installed due to a lack of drivers. Very quickly the Windows fanboys came to see that the new best-of-breed was basically a lame horse.
“Now, Microsoft is only a few months away from the official release of Windows 8. This time, all we hear from the Windows fans is that they don’t like it. They’re unsure of the Metro interface on the desktop and worry about the wisdom of offering the exact same OS to do duty on the desktop and on tablets. They’re wary, with many convinced they won’t like the new, improved and better than ever operating system. I don’t hear anybody at all anticipating this will be the Windows to beat all Windows, a trophy that still goes to XP. At this point, all I hear is some hopes from Ballmer and his friends that the new OS will keep them from entirely loosing in portable devices and whatever comes next in the new computing zeitgeist.”
There are some further comments in her site and outside the site. She has clearly struck a nerve. It’s usually proportional to the amount of pro-Microsoft trolling.
In other news, Microsoft is besieged by malware. It takes radical measures now: “Microsoft has revoked more than two dozen digital certificates used to prove its wares are genuine after discovering some of them could be subject to the same types of attacks orchestrated by the designers of the Flame espionage malware.
“Tuesday’s revocation of 28 certificates is part of a much larger overhaul of Microsoft’s cryptographic key management regimen that’s designed to make it more resistant to abuse. The housecleaning follows last month’s discovery that some of the company’s trusted digital signatures were being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries. By forging the cryptographic imprimatur used to certify the legitimacy of Windows updates, Flame was able to spread from one computer to another inside an infected network.”
This is related to Stuxnet, based on some researchers. It’s a Windows-specific problem, and that’s all that matters. Incidentally, there is some story going around about alleged “malware” for Windows, Mac OS X or Linux. The Microsoft booster at IDG spins it as merely a Linux story, spinning it as dishonestly as he typically does (link omitted). All this security FUD serves a broader agenda, such as the political agenda of the US versus Iran. Moreover, based on a new conference, Microsoft runs another campaign to promote online censorship, using the “child porn” excuse. This is how Microsoft’s poor security record ultimately leads to the erosion of human rights and civil liberties. For Microsoft, it is not even possible to implement GUI features without leaving massive holes. The outcome is severe: “Microsoft has advised Vista and Windows 7 users to put Gadgets and the Windows Sidebar to the sword, following the revelation of yet-to-be-detailed remote code execution vulnerabilities in the features.”
Ryan Naraine calls it “early death” and this is far from the first security menace in Vista 7. “Microsoft is pulling the plug on the Windows Sidebar and Gadgets platform ahead of news that security vulnerabilities will be disclosed at this year’s Black Hat conference,” notes the journalist. It sure looks like Microsoft is gradually being pushed to the sidebar in this age when Android/Linux grows rapidly. How come Android, despite its popularity, does not have so many security flaws?
Here is more from the news: “On its July Patch Tuesday, Microsoft released nine security updates to fix a total of 16 vulnerabilities in Windows (XP SP3 and later), Office, Internet Explorer, Visual Basic for Applications and Sharepoint Server. Three of the updates close critical holes, among them an XML Core Services vulnerability that has been actively exploited for over a month.” As The Register put it “Microsoft has patched an under-attack zero-day vulnerability in XML Core Services as part of the July edition of Patch Tuesday.” [via] █
Permalink
Send this to a friend
07.07.12
Posted in FUD, Google, Microsoft, Security, Windows at 10:03 am by Dr. Roy Schestowitz
Talking to the mirror
Summary: Microsoft is trying to divert attention to Google while Windows machines continue to generate the lion’s share of SPAM
TECHRIGHTS wrote a great deal about Microsoft’s contribution to SPAM [1, 2, 3, 4, 5] (it kills E-mail as a reliable medium) several years ago. We try not to repeat old news, so let us leave that aside. In the corporate press, spam-spewing Windows boxes are often just called “botnets” rather than “Microsoft Windows botnets”. Well, based on this report, Microsoft staff is busy coining terms like “Android botnet” and to quote one resultant article: “An international botnet could be using infected Android handsets to send out massive amounts of spam, Microsoft antispam engineer Terry Zink said in a Thursday blog posts on MSDN.”
“It should not be too shocking that spammers intrude Windows too; it’s just not coded for security.”It takes some nerve for Microsoft of all companies to point the finger at others in such a fashion. Does it not want a monopoly (on SPAM)? People who accused Windows of having government backdoors used to be called paranoid; after Stuxnet revelations they deserve apologies because now we know that Microsoft is even letting governments intrude Windows. It should not be too shocking that spammers intrude Windows too; it’s just not coded for security.
Here is more Android security FUD from Windows insecurity firm, Trend Micro. It is part of a trend of FUD that we wrote about before. Here is a rebuttal to the FUD that came directly from Microsoft. It says: “Terry Zink, a Microsoft ‘researcher’ who earlier claimed that Android devices were used to send spam, has now admitted that he ‘guessed’ the source of the spam. Guessed!
“This change in stand came after Google did its own investigation and found that was not the case. In a statement Google said, “Our analysis suggests that spammers are using infected computers and a fake mobile signature to bypass anti-spam mechanisms in the email platform they’re using.”
“Google’s response turned Terry’s ‘claims’ into a wild guess. But Terry did not miss the opportunity to take a dig at Google’s Android when reporting the botnet, “I’ve written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace.”"
Watch out for claims that Android is not secure. If people knowingly install untrusted applications, then it’s social engineering, not an innate security problem like in Windows. The reality distortion field is showing. Microsoft tries to accuse others of its own offences (the “equally evil” pattern of defence). █
Permalink
Send this to a friend
06.05.12
Posted in Microsoft, Security, Windows at 3:58 am by Dr. Roy Schestowitz
Coup OS
Summary: Confirmation that Stuxnet was created by bureaucrats for their political purposes comes from sources with special government relationships
TECHRIGHTS wrote about Stuxnet many times before, e.g.:
- Iran Shows the Downside of Using Proprietary Software
- Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
- Windows Viruses Can be Politically Motivated Sometimes
- Who Needs Windows Back Doors When It’s So Insecure?
- Windows Insecurity Becomes a Political Issue
- Windows, Stuxnet, and Public Stoning
- Stuxnet Grows Beyond Siemens-Windows Infections
- Has BP Already Abandoned Windows?
- Reports: Apple to Charge for (Security) Updates
- Windows Viruses Can be Politically Motivated Sometimes
- New Flaw in Windows Facilitates More DDOS Attacks
- Siemens is Bad for Industry, Partly Due to Microsoft
- Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
- Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
- Microsoft Software: a Darwin Test for Incompetence
- Bad September for Microsoft Security, Symantec Buyout Rumours
- Microsoft Claims Credit for Failing in Security
- Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
- Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
- Security Propaganda From Microsoft: Villains Become Heroes
- Security Problems in iOS and Windows
- Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
- Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild
- Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again
- Cablegate Reveals Government Requesting Access to Microsoft Data, Kill Switches
- Use Microsoft Windows, Get Assassinated
This whole fiasco has been a good advocacy tool for GNU/Linux and software freedom. Security is a matter of national security. It is now confirmed that governments themselves used proprietary software from Microsoft to impose subversive will upon others. To quote:
In 2011, the US government rolled out its “International Strategy for Cyberspace,” which reminded us that “interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders.” An in-depth report today from the New York Times confirms the truth of that statement as it finally lays bare the history and development of the Stuxnet virus—and how it accidentally escaped from the Iranian nuclear facility that was its target.
Here is another take on the subject:
Now, a stunning article in this morning’s New York Times recounts in surprising detail the origins of the cyber weaponry development and deployment program – code named Olympic Games – launched under President George W. Bush, and continued under the administration of Barack Obama. The article is based on a book to be published by Crowne on Tuesday, titled Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power,” to be published by Crown on Tuesday.
For those that have followed the Stuxnet saga over the years, the article will answer some of the most intriguing questions that have arisen, including the following:
* Who was in charge? According to the article, the Stuxnet project was a U.S. initiative, rather than an Israeli-led mission. The reason the Israeli’s were invited to the table was to encourage them to rely on cyber attacks rather than physical attacks in order to slow down Iranian nuclear advances.
* How did Stuxnet work? The worm was based on information obtained from an initial “beacon” penetration, which then mapped and broadcast complete Natanz facility computer/centrifuge control designs to the software’s handlers. Stuxnet was then installed on to the air gapped system via the usual network vulnerability – a USB port, via an infected thumb drive.
* How did Stuxnet escape into the wild? A programming error to a module of uncertain authorship (e.g., U.S. or Israeli) allowed Stuxnet to migrate onto an engineer’s laptop. When that laptop was later connected to the Internet, it moved out and found other Siemens systems to infect.
The Goodbye Microsoft Web site had another take on it. The whole accusation that such allegations were a mere “conspiracy theory” is no more. Now it’s a fact. While the FBI conveniently names Russian people “cyber criminals” it is actually the US government that arguably engages in cyber crime, with external costs to the private sector, too. It’s all just a matter of perspective. Those who control the source code control the users.
“I don’t have / won’t have use of WMA or Flash,” writes one reader, “but this segment of this NPR show supposedly has some critique of Microsoft as being completely insecure… I got that 2nd/3rd hand… I have contacted them to complain about Flash / WMA and asked that they use a universal format instead… It’s buried in the site, but there is a link for the MP3… It was a disappointing set of interviews. None even touched on the unique vulnerability of Microsoft products.”
Notice how all the latest Stuxnet coverage hardly ever mentions Microsoft or Windows. It’s criminally poor journalism. █
Permalink
Send this to a friend
04.14.12
Posted in Microsoft, Security, Windows at 3:56 am by Dr. Roy Schestowitz
Summary: The lesser-known story about Microsoft’s actions against Windows botnets
ACCORDING TO Pogson, Microsoft betrays yet more companies. To quote these quick remarks, “It turns out they were a bull in a china shop breaking all kinds of legitimate sites and blocking the work of real security businesses.”
Here is the original complaint about Microsoft. It says:
A little over 2 weeks ago Microsoft announced operation B71. It was being brought as the biggest blow to ZeuS botnets in history, and was picked up in the media globally
This is just a Microsoft PR campaign, a bit of reputation laundering. The reality is this:
Apart from trust there is one more thing, and that is due diligence, there is no other explanation than Microsoft not having done any due diligence in their actions and verification of data and sources in this case. They wanted to have a quick win, they might have gotten their quick win, but in the process sacrificed a lot. The advice is, check where the data is coming from, check it with your sources, get the confirmation that you can use it. Do not proceed until you are sure everyone has agreed and everything has been verified as much as can be possibly expected from you. Listing and seizing sinkholes and legitimate domains should be limited to a few and not dozens as was the case here.
This whole thing started when Microsoft’s incompetence led to trouble and Microsoft wanted to claim credit for ending a mess that it itself should have been made liable to. Sites like Slashdot were always happy to help this kind of reputation laundering and a case of distraction from the real problem: Microsoft. █
Permalink
Send this to a friend
04.12.12
Posted in Deception, Microsoft, Samba, Security, SLES/SLED at 3:42 pm by Dr. Roy Schestowitz
Summary: Remarks on particular reports that deceive the public this week
POOR journalism helps show why alternative news sites are truly needed. Right now, for example, a Microsoft MVP is spreading pro-Microsoft messages in IDG, without any disclosures of course. We saw this sort of stuff before, in other news networks.
Over at ZDNet, rather scary headlines are appearing which are hinged upon a Samba flaw alone (like the many flaws that appear in Windows all the time). When one configures Microsoft Linux to serve Microsoft protocols, then it’s debatable if that too should count as Microsoft’s fault. The bottom line is, reporting on those subjects is flawed, sometimes by design (as in the case where Microsoft folks are assigned to report on Microsoft).
Since we’ve mentioned SUSE, watch how the post-acquisition VAR Guy is advertising SUSE:
Red Hat (NYSE: RHT) recently became the world’s first $1 billion open source company. Now, the folks at SUSE, promoter of the rival Linux distribution, are seeking bragging rights of their own. Indeed, SUSE says it now has more than 9,200 certified third-party applications and supports over 13,500 hardware, storage and networking devices. Impressive. But is SUSE in growth mode?
The VAR Guy’s educated hunch: Absolutely yes. Attachmate acquired Novell and its SUSE business roughly a year ago. Over the past year, SUSE has been freed from Novell branding, and SUSE is once again run from its own European headquarters.
Customer Base
And then he proceeds to parroting Novell PR talking points which we debunked years ago. They make up some numbers by aggregating useless metrics and then make themselves look big. If one wants just a rewritten press release, then the above meets the standards. But will someone please verify those bogus numbers before reporting? PR is the art of making things look different from what they actually are. █
Permalink
Send this to a friend
03.19.12
Posted in Microsoft, Security at 10:10 am by Dr. Roy Schestowitz
Summary: The “virus” frenzy reaches new heights with “anti-virus protection to reduce virus noises”
WE HARDLY WRITE about XBox 360 anymore, primarily because it seems to be irrelevant these days. But this new report we just could not ignore because it gives a whole new meaning to “virus”:
Are noisy computer viruses interfering with your enjoyment of playing games on your Xbox 360?
If so then the Xbox 360 Elite HDMI 180o Swivel Cable from 3rd Earth it just what you need. The product’s marketing pitch claims that it’s a “100% Mylar double shield 1.3c grade cable with anti-virus protection to reduce virus noises and to obtain perfect image transmission”.
Hmm.
Computer viruses making a racket have appeared in the past, so perhaps 3rd Earth has uncovered an untapped market here. For example, an old AntiCad DOS virus played the Blue Danube through your PC speaker, not exactly the sort of soundtrack that should accompany zombie killing in Resident Evil.
As to more serious security news, Microsoft is dealing with a massive hole in RDP — a hole which is probably going to cost the economy dearly. It’s not to relevant to Linux though, except the role in plays in showing the importance of switching to Free (as in better) software. █
Permalink
Send this to a friend
03.01.12
Posted in Microsoft, Security, Vista 8, Windows at 6:40 pm by Dr. Roy Schestowitz
Summary: Microsoft cannot implement security correctly, which causes more harm than nothing at all
WHEN the government falls offline because of Microsoft it soon turns out to be the result of sloppy coding. Just days after a report comes out about proprietary software being inferior in quality to Free software we are reminded of Microsoft’s inability to grasp leap years — something that we saw in OOXML.
Should people who don’t understand Leap Year be in charge of your IT? I don’t think so. I recommend Debian GNU/Linux who seem to have it done right.
M$ lost its cloud today with the February 29 thing. It seems a certificate expired, or something…
The certificate expired and Microsoft code cannot cope. It’s not about security, it is about bad coding. And watch what’s coming in Vista 8:
The Windows 8 Kill Switch: A Hacker’s Dream Come True
[...]
There are a lot of possibilities here and a heck of a lot of them are more worrisome than thinking that Microsoft may pull the kill switch to shut up someone who hates Steve Ballmer.
In fact, nobody has even mentioned the national security threat that this suggests. First of all, Microsoft is not known for designing anything secure. The company cannot do it. So, how does adding a kill switch keep users and the nation as a whole safe when we know in advance that it will be hacked like everything else the company has done?
And wait, it gets worse: “So let me get this straight? On the proposed Windows 8 if you choose the MS login stuff (and have it on a network) that provisionally creates a Windows Live account using the email address you supplied when installing Windows 8 and, wait for it. The password you use to log into your PC!
“So if your PC is nicked and some clever clogs can extract your password (Don’t ask me how that’s way above my pay grade) they now not only have access to your PC but also your Windows Live account and anything else you used that ID for?” █
Permalink
Send this to a friend
02.14.12
Posted in Microsoft, Security at 4:47 am by Dr. Roy Schestowitz
Summary: Microsoft negligence causes great damages and even Microsoft itself is unable to keep its sites from being cracked
THE consequences of relying on Microsoft are quite severe. There is no assurance of security and no liability either. It is occasionally being claimed that when choosing propriety software one can hold the vendor accountable, but here we have a situation where Free/open source software, which is essentially decentralised, offering just as much peace of mind if not more (because more people inspect the code).
A reader drew our attention last week to this article which shows Windows Trojans in action. To quote:
The malware, known as the “DNSChanger Trojan,” quietly alters the host computer’s Internet settings to hijack search results and to block victims from visiting security sites that might help scrub the infections. DNSChanger frequently was bundled with other types of malware, meaning that systems infected with the Trojan often also host other, more nefarious digital parasites.
In early November, authorities in Estonia arrested six men suspected of using the Trojan to control more than four million computers in over 100 countries — including an estimated 500,000 in the United States. Investigators timed the arrests with a coordinated attack on the malware’s infrastructure. The two-pronged attack was intended to prevent miscreants from continuing to control the network of hacked PCs, and to give Internet service providers an opportunity to alert customers with infected machines.
The cost of this must be high and damages from Windows insecurities might be totalling over a trillion dollars by some estimates. Until or unless systems rid themselves of Microsoft it is likely that things will stay as gloomy. Lo and behold — a link sent to us last night by a reader shows that even Microsoft is unable to guard its territory. “Microsoft’s India store hacked,” says the headline (they mean “cracked”) and “usernames & passwords [are] stolen” (this is self-explanatory really).
“The cost of this must be high and damages from Windows insecurities might be totalling over a trillion dollars by some estimates.”“Hackers,” it says in reference to crackers, “allegedly belonging to a Chinese group called Evil Shadow Team, struck at www.microsoftstore.co.in on Sunday night, stealing login ids and passwords of people who had used the website for shopping Microsoft products.
“While it is troublesome that hackers were able to breach security at a website owned by one of the biggest IT companies in the world, it is more alarming that user details – login ids and passwords – were reportedly stored in plain text file, without any encryption.” This is yet another example of Microsoft negligence [1, 2, 3, 4, 5]. █
Permalink
Send this to a friend
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »
Content is available under CC-BY-SA