EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.21.14

The New Age of Games for UNIX/Linux But Not for Windows, Microsoft is Openwashing Windows-Only Games

Posted in GNU/Linux, Microsoft, Windows at 6:35 am by Dr. Roy Schestowitz

Summary: The world is moving to GNU- and Linux-powered platforms, so Microsoft withdraws GNU/Linux support from games it buys and starts openwashing its Windows-only games

GNU/Linux sure is a growing force in the world of gaming. The embrace by Steam helped a lot, but it did not single-handedly change things. Other companies foresaw the demise of Windows. Microsoft knows what’s going on as its domination slipped away and gamers are now able to move to GNU/Linux by the millions while games get ported to GNU/Linux by the hundreds (if not thousands). This includes some very high-profile games.

According to this new article from Sam Machkovech, “Bluetooth on Windows is a mess.”

The article from Machkovech is titled “Microsoft tells J.S. Joust devs their game is “NOT possible” on Windows” and our reader said: “Development on Windows is hard to the point of being impractical if not impossible. The mono-culture for years kept that flaw hidden. People realize that as they are now getting back into cross-platform development.”

So here we have a game for GNU/Linux that won’t be available on Windows. That’s quite a twist of fate. Windows is now the neglected platform. Developers find it hard to work with.

Microsoft recently found itself buying a company that makes cross-platform games, killing the GNU/Linux versions. So Minecraft drops the platform which Microsoft publicly claims to ‘love’ (it’s a lie) after Microsoft takes over, based on this report: “Minecraft: Story Mode is a brand new adventure being created around Minecraft, but sadly Linux has been left out in the cold it seems.

“Minecraft: Story mode will be a narrative-driven video game created by Telltale Games. It will be about Minecraft. Telltale have made some pretty highly rated games, so for general gamers this will probably be exciting news.”

Microsoft, which lies about “loving” Linux, sure is not showing any love.

On the contrary, as the Windows monopoly is eroding, largely thanks to Android, which uses Linux, Microsoft is now openwashing its Windows-only games, misusing the “open source” label. IDG appears to have just hired one of Microsoft’s most fanboyish person as ‘reporter’ to do this openwashing and there were plenty of Microsoft puff pieces after that, e.g. [1, 2, 3, 4]. What Microsoft calls “open source” here is the server side (not desktop side) of a Windows-only proprietary game. Compare that to truly Free software games or games for GNU/Linux (not just through Steam) and Android. Microsoft’s PR fooled a lot of its moles inside the media, including apologists like Adrian Bridgwater, but it should be clear that this is fake “open source” (just like .NET). It is about deceiving the public and changing perceptions.

12.20.14

Microsoft Essentially Sends Malware to Windows and Bricks It

Posted in Microsoft, Windows at 12:24 pm by Dr. Roy Schestowitz

The cost of cheap and/or underqualified staff?

Summary: Microsoft is once again bricking Vista 7, demonstrating lack of reliability or very low quality programming

Jason Evangelho said that “New Windows 7 Patch Is Effectively Malware”. This is how he put it in the headline at Forbes, showing just how “professional” Microsoft has become. It is so “people-ready” that it bricks computers. A Microsoft booster told the story like this: “Microsoft withdraws bad Windows 7 update that broke future Windows 7 updates”. Actually, it’s not just about future updates. It’s a a lot worse than that. Vista 7 becomes like a brick, unable to change. The full details are found further down in smaller fonts:

One of this week’s Patch Tuesday updates for Windows 7 has been withdrawn after some users discovered that it blocked installation of software containing digital signatures, including first- and third-party software, and even other Windows updates.

[...]

With Windows Update so important to keeping Windows users secure, a loss of confidence would be very bad news. But if this kind of problem continues, that seems like an inevitable outcome. While IT departments might be able to test updates in a lab before deploying them, providing some protection against faulty fixes, home users have no such luxury. Users have to have confidence that installing an update won’t break their machine. Broken, withdrawn updates shake that confidence.

Years ago (more than half a decade back) we warned that Vista 7 was basically just a lump of hype, perceptions distortion, and shameless lies. Now we see more evidence of this.

Microsoft Peter’s praises of Vista 7 and other Microsoft spyware continue nonetheless. Even when there is a serious problem he is belittling the problem rather than giving Microsoft a hard time. That is the role of Microsoft boosters. “Botched KB 3004394 triggers error messages, but no response from Microsoft” said the heading from IDG, showing that Microsoft is silent on such a serious matter. They’re speechless! Years ago we warned that a lot of key Windows developers were leaving and then often being replaced by cheap or poorly qualified staff. We said this would harm the quality of patches, not just of future versions of Windows. We were right.

Perhaps it is time to switch off Microsoft boosters like Microsoft Peter. Over the years he has done little more than mock Microsoft’s critics, including regulators (he still publishes revisionism about Microsoft’s browser abuses), so if we ever pursue the truth, we need to steer away from Microsoft’s media moles.

12.13.14

Time to Take Microsoft Out of British Aviation Before Planes Crash Into Buildings

Posted in Microsoft, Windows at 7:29 am by Dr. Roy Schestowitz

Fault-intolerant systems with back doors a recipe for disaster

Takeoff

Summary: London’s mighty Heathrow Airport among those affected by a Microsoft-reliant air traffic control system which is not being able to properly recover from an outage, and not for the first time either

BRITS were aviation pioneers and arguably the fathers of aviation (depending on which version of history and definitions one picks). But British aviation, which is well beyond just British Airways in this globalised world, lost the confidence of much of the world yesterday. That’s for two reasons. First, an incident was reported where a drone came just 6 meters away from physical collision with a civilians-filled commercial plane (high capacity with many passengers) and simultaneously there were reports like [1, 2, 3, 4] about the computer system in of of the busiest airports in the whole world malfunctioning or altogether failing to operate while planes come (or are supposed to leave) at a pace of about one per minute. Everyone keeps asking, who is responsible for this? Curiously enough almost nobody calls out Windows. The press should know that a Windows error is not “computer error” (even The Independent, which is relatively decent British press, failed to note this). London must have been nuts to have chosen NATS, which heavily relies on Microsoft and Windows. National Air Traffic Services (NATS) is, according to a Microsoft booster, a huge Microsoft client:

Gavin Clarke writes: National Air Traffic Services (NATS) at Swanwick in Hampshire, is a major customer of Microsoft with Windows on PCs and servers, and Office 2010 under a volume Enterprise Agreement.

NATS has upgraded to Windows 7 from XP on the desktop. It also has a load of RISC boxes and IBM gear, we’re told. There’s no indication what component of the network was at fault at this time.

Air traffic services are run by a relatively small IT team with knowhow and support from Lockheed Martin. Common-or-garden tech is outsourced to Serco, Capgemini, Amore Group Attenda, BT and Vodafone.

So blame everyone except Microsoft, right? This has become an International embarrassment for London, a tourists magnet that truly helps the British economy, and it’s due to dependence on Microsoft Windows. This is the second time it happens in about a year, so how safe are tourists going to feel? There is no need for terrorists to crash planes into buildings when Microsoft Windows crashes, leaving pilots and ground control unable to properly navigate in very busy skies (many planes fly over London all day long). NATS “is a major customer of Microsoft Windows on PCs and servers,” based on a person close to Microsoft, so what can one deduce from this? NATS has no technical skills for having chosen a platform with back doors and no resilience/error recovery comparable to that of Linux (and GNU). London’s airport authorities should take a lesson from LSE (London Stock Exchange) and move to GNU/Linux. “In December 2013, a computer problem at Swanwick took 12 hours to fix,” says one of the articles above, so it’s a recurring issue, much like LSE’s issues, which used to fall offline repeatedly for long periods of time because of Microsoft (there is no news about LSE crashes since it moved to GNU/Linux). Windows is clearly not fault-resilient, just like in LSE’s case, as the Windows-based systems failed to recover from a short outage. Microsoft’s file systems are ancient and there are other factors that make Windows too immature for real-world applications. Pilots reportedly lost persistent contact with staff on the ground, for the second time in about a year. Planes may not run Windows (there is Linux in parts of them), but they depend on what is used on the ground. Each country each its own system/s, but overlap exists,.

“Do we need to see passenger planes falling down on a city with about 10 million people (daytime population is even greater) before action is demanded and change is implemented?”Do we need to see passenger planes falling down on a city with about 10 million people (daytime population is even greater) before action is demanded and change is implemented? Judging by some of the latest news about the latest build of Windows, quality control is still worse than anything. Useds [sics] of Vista 10 are now forced to go back to last month’s back doors, demonstrating that Microsoft Windows is still one of the worst operating systems one can put on a PC (never mind a server):

USERS OF THE WINDOWS 10 Technical Preview have been advised to uninstall Microsoft Office before applying this month’s Patch Tuesday security updates, then to reinstall it.

Testers have been warned since the announcement and release of the Preview to expect complications and irregularities with the operating system as it is in no way considered finished.

It is rather an opportunity for people to feed back on its development before consumer release in the second half of 2015.

Also worthy of note in the December 2014 Patch Tuesday is that none of the seven updates affects users of the Microsoft Surface tablet range.

The seven updates provide fixes for 24 vulnerabilities, four rated critical and three rated important.

Do not let aviation system become on an operation system with NSA back doors (meaning that mission-critical systems can be hijacked and manipulated for sabotage, as in the case of Stuxnet). It is worse than irresponsible and in some circumstances it can put people with suits in jail, just like that boat incident in South Korea. Ignorance is not an excuse and we needn’t wait for a disaster (actual death, not just blue screen of death) before the Trojan horse is dumped. Remember the cause of the Spanair crash and also what sank BP's platform and contaminated the Gulf of Mexico. Then too the blue screen of death meant deaths; Many deaths, not just of people, and not only short-term.

11.29.14

The Latest Bug Door in Windows ‘Patched’, But the Patch Breaks Systems

Posted in Microsoft, Security, Windows at 9:10 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

AND THEN WE TOLD CHINA THEY CAN SEE WINDOWS CODE WHILE INVITING THE NSA TO THE FINAL BUILD PROCESS

Summary: Errors in Windows that facilitate remote access and privilege escalation (affecting every version of Windows) continue to surface and those who fix these errors risk bricking their systems/services

Having just made (generated rather, using an online tool) the above meme to make an important point (pardon the “Windows” typo), we wish to bring together some recent news about Microsoft Windows, probably the least secure operating system in the world (by design). The NSA is involved in finalising Windows development and knowing what many people finally know about the NSA, it oughtn’t be shocking that Windows uses weakened/flawed encryption, enables remote access, etc.

Earlier this month there was a lot of press coverage about a massive flaw and an “emergency” patch for Windows. The NSA, for a fact (based on Snowden’s leaks), already knew about this. It knew about before it was patched, as Microsoft tells the NSA about every flaw before patches are applied and flaws become common knowledge.

Stephen Withers, a booster of Microsoft from Australia, said that a “very old but only just fixed Windows vulnerability is the key to a new in-the-wild attack.

“Security vendor ESET says it has detected a real-life exploit for a vulnerability that’s been part of Windows for nearly two decades.”

So it’s not just exploitable by the NSA anymore.

Over at IDG, this flaw was said to have a botched ‘solution’. As the author put it: “Last Tuesday’s MS14-066 causes some servers to inexplicably hang, AWS or IIS to break, and Microsoft Access to roll over and play dead”

So patch or don’t patch, you are in a serious problem either way. Welcome to the “professional” and “enterprise-ready” world of Microsoft.

As Microsoft boosters put it, “Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company’s major platforms, is rated ‘critical’ and it is recommended that you install the patch immediately.”

To brick one’s system?

Here is what British press wrote about it:

MICROSOFT HAS ISSUED an emergency patch for the Kerberos Bug that could allow an attacker to perform privilege escalation in several versions of Windows.

In what will be the firm’s third emergency patch in the past three months, the fix arrives just a week after the monthly Patch Tuesday release.

In other curious news from the same source, British taxpayers’ money has just been wasted cleaning up the mess of Microsoft Windows with its baked-in back doors. Windows is being hijacked en masse, but the corporate media refers to it as “PC”, not Windows. This is a crucial omission. The insecurity of Windows is not always accidental. It was designed to be easy to access (only by the “Good Guys”, of course!). “THE UK NATIONAL CRIME AGENCY (NCA) has arrested five people,” said the British press, “as part of a crackdown on hackers who hijack computers using Remote Access Trojans (RATs).” It’s a shame that they don’t point out that it’s a Windows-only problem. It doesn’t even take much in terms of skill to hijack Windows, as many hackers and crackers can attest to. To quote this report: “The NCA said on Friday that it has arrested two 33-year-old men and a 30-year-old woman from Leeds, along with a 20 year-old man from Chatham in Kent and a 40-year-old from Darlington in Yorkshire.”

This 20 year-old cracker is about as old as the latest bug door from Microsoft. With 19-year-old flaws in Windows (“critical” too) it oughtn’t be hard to hijack Windows-running PCs by the millions and even by the billions. As this article put it, the flaw is very severe and “Microsoft’s out-of-band update yesterday fixes a profoundly serious bug: Any user logged into the domain can elevate their own privilege to any other, up to and including Domain Administrator.”

Robert Pogson wrote that Microsoft “told the world they were naked and now system administrators are scurrying around to make sure every system running InActive Directory has a patch.”

As usual, no logos and brand names for this bug, not even the huge media hype that we saw when GNU Bash and OpenSSL had a bug in them. Perhaps the media learned to accept that Windows is Swiss cheese, or more likely it is unconsciously complicit in Microsoft’s PR.

11.16.14

Microsoft is Going Into the Anti-Whistleblowing Business, Dodges Criticism Over 19-Year Bug Door in Windows

Posted in Microsoft, Security, Windows at 6:47 am by Dr. Roy Schestowitz

Edward Snowden

Summary: With Aorato acquisition Microsoft helps protect the criminals (from whistleblowers) and with lies about .NET Microsoft distracts from a bug that has facilitated remote access into Windows (by those in the know) for nearly two decades

MICROSOFT IS A company of liars, centred around media manipulation. This is why not enough people know about the company’s sheer levels of malice, crimes, and disregard for people.

Microsoft keeps throwing money around for favourable publicity, so not enough criticism is published where it’s well overdue. Today we’ll tackle several stories that deserve more attention from an appropriate angle, not a promotional (marketing) angle.

A few days ago Microsoft decided to buy a military-connected (IDF/Israel) anti-whistleblowing ‘software’ company. What a lot of shallow coverage failed to mention was the real purpose of the software (not often marketed as such). To quote one report: ‘“Snowden reportedly used colleagues’ passwords to access sensitive docs,” he told me. “Even if the user activity seems legitimate, the same account would actually present suspicious or abnormal behavior behind the scenes which Aorato would detect.”’

Actually, to keep the facts in tact, the NSA leaks were made possible by GNU WGet on the leakers’ side (same as Bradley/Chelsea Manning) and that horrible Microsoft SharePoint on the leaked side (NSA). It means that Microsoft itself was the problem which it claims to be trying to solve. We mentioned the role of SharePoint several times before. The acquisition by Microsoft seems to be geared towards stopping whistleblowing and hence defending corruption (so that Microsoft, for instance, can defend the NSA). How ethical a move, eh? So much for a ‘champion’ of privacy as it purports to be.

Anyway, there is a 19-year bug door in Microsoft Windows (almost no version is exempted from remotely-invoked full capture), but the press hardly covers it. We must give some credit to the BBC for covering it (for a change) and "calling out Windows". Other British press covered other inherent issues in Windows (compromising Tor) [1] and it looks like Dan Goodin is finally covering some security problems in proprietary software [2] rather than always picking on FOSS, then hyping it up with ugly imagery and exaggeration.

A reader of ours suspects that the .NET announcement was designed to distract from horrible security-related news. The .NET announcement is nonsense because it’s false (we wrote two posts about the .NET PR nonsense) and it also predicts future events like Visual Studio going cross-platform although the latest version of Visual Studio (proprietary) already runs under GNU/Linux using Wine, i.e. the Windows build works under GNU/Linux as it’s fully compatible anyway, for those foolish enough to want it. This is not news and the same goes for Office and other well-known Microsoft software. Xamarin staff keeps trying hard to infect GNU/Linux with .NET (that’s what they do) and as this very stupid article about .NET shows, the .NET nonsense did indeed help bury the news about the bug door. This disgusting article even gives credit to Microsoft for having fixed massive 19-year-old bug (only after IBM had found it). When bash or openssl have a bug, then FOSS is all bad, apparently. When Microsoft has a bug door for 19 years, the media says well done to Microsoft (for fixing it after another company forced it to). One has to wonder if this flaw (voluntary or involuntary) is part of Microsoft’s collaboration with the NSA, which made Stuxnet and has made yet another piece of Windows malware together with Israel. Here is a new article from The Intercept:

The Digital Hunt for Duqu, a Dangerous and Cunning U.S.-Israeli Spy Virus

Boldizsár Bencsáth took a bite from his sandwich and stared at his computer screen. The software he was trying to install on his machine was taking forever to load, and he still had a dozen things to do before the Fall 2011 semester began at the Budapest University of Technology and Economics, where he taught computer science. Despite the long to-do list, however, he was feeling happy and relaxed. It was the first day of September and was one of those perfect, late-summer afternoons when the warm air and clear skies made you forget that cold autumn weather was lurking around the corner.

Bencsáth, known to his friends as Boldi, was sitting at his desk in the university’s Laboratory of Cryptography and System Security, a.k.a. CrySyS Lab, when the telephone interrupted his lunch. It was Jóska Bartos, CEO of a company for which the lab sometimes did consulting work (“Jóska Bartos” is a pseudonym).

“Boldi, do you have time to do something for us?” Bartos asked.

“Is this related to what we talked about before?” Bencsáth said, referring to a previous discussion they’d had about testing new services the company planned to offer customers.

“No, something else,” Bartos said. “Can you come now? It’s important. But don’t tell anyone where you’re going.”

Bencsáth wolfed down the rest of his lunch and told his colleagues in the lab that he had a “red alert” and had to go. “Don’t ask,” he said as he ran out the door.

A while later, he was at Bartos’ office, where a triage team had been assembled to address the problem they wanted to discuss. “We think we’ve been hacked,” Bartos said.

They found a suspicious file on a developer’s machine that had been created late at night when no one was working. The file was encrypted and compressed so they had no idea what was inside, but they suspected it was data the attackers had copied from the machine and planned to retrieve later. A search of the company’s network found a few more machines that had been infected as well. The triage team felt confident they had contained the attack but wanted Bencsáth’s help determining how the intruders had broken in and what they were after. The company had all the right protections in place—firewalls, antivirus, intrusion-detection and -prevention systems—and still the attackers got in.

The ability to keep people’s rights away and keep the population down depends on passivity and conformity, including the use of Windows. Avoiding Microsoft Windows is imperative for those not wishing to be controlled remotely. As Microsoft’s collaborations with the NSA serve to show, mass surveillance on the whole world is practically contingent upon not just innovation but sabotage and social engineering with corporate buddies. Eradication of Microsoft software isn’t about competition only; it’s about justice.

Related/contextual items from the news:

  1. Advanced persistent threats found in the TOR network

    There are suggestions that the malware code has been around for a while, and has predecessors, and F-Secure warned internet users, anonymous or otherwise, to tread carefully when they download.

    “However, it would seem that the OnionDuke family is much older, based on older compilation timestamps and on the fact that some of the embedded configuration data makes reference to an apparent version number of four, suggesting that at least three earlier versions of the family exist,” the firm added.

    “In any case, although much is still shrouded in mystery and speculation, one thing is certain: while using Tor may help you stay anonymous, it does at the same time paint a huge target on your back.

    “It’s never a good idea to download binaries via Tor (or anything else) without encryption.”

  2. For a year, gang operating rogue Tor node infected Windows executables

    Three weeks ago, a security researcher uncovered a Tor exit node that added malware to uncompressed Windows executables passing through it. Officials with the privacy service promptly shut down the Russia-based node, but according to new research, the group behind the node had likely been infecting files for more than a year by that time, causing careless users to install a backdoor that gave attackers full control of their systems.

11.13.14

Microsoft Windows is Still Designed as a Paradise of Back Doors, Intrusion, Wiretaps, and Interception

Posted in Bill Gates, Microsoft, Security, Windows at 1:26 pm by Dr. Roy Schestowitz

Combination lock

Summary: At many levels — from communication to storage and encryption — Windows is designed for the very opposite of security

TO ONE who is aware of what Microsoft has been doing with the NSA since the 1990s it can be rather shocking to see entire nations relying on Microsoft Windows. As a quick recap, aided by one of our readers, back in the 90s there was this article stating: “Rubenstein, Microsoft attorney and a top lieutenant to Bill Gates. By his own account, Rubenstein acts as a “filter” between the NSA and Microsoft’s design teams in Redmond, Wash. “Any time that you’re developing a new product, you will be working closely with the NSA,”he noted.”

There is hardly room any for excuses or misinterpretation here. “How NSA access was built into Windows” is another important article from the German press and it was published back in the 90s. These older articles are merely few among many more (some no longer accessible due to ‘Web rot’) which already made it clear that Bill Gates and Microsoft were fine with back-dooring billions of people. Gates continues to be a vocal proponent of the NSA, even to this date (after Snowden had leaked details that made the NSA exceptionally unpopular like no time before, internationally).

Anyone who still thinks that proprietary software is secure says quite a lot about his/her own intelligence (and disregard for facts). It is also widely known why it is risky to connect Free software to proprietary software, which basically compromises the trust that Free software carries with it. Germany, based on this new article from Dr. Glyn Moody, is beginning to see the light as well. Here is a portion:

You Can’t Trust Closed-Source Code – Germany Agrees

Similarly, moves by both Microsoft and Amazon, among others, to set up local data centres in the EU will not on their own protect European data unless that is encrypted by the companies themselves, and the cloud computing providers do *not* have access to the keys. Indeed, if the data is encrypted in this way, local storage is not so important, since the NSA will have an equally hard time decrypting it wherever it is held – as far as we know, that is.

Because of that recent US court judgment ordering Microsoft to hand over emails held in Ireland, many people are now aware of the dangers of cloud computing in the absence of encryption under the control of the customer. But very few seem to have woken up to the problems of backdoors in proprietary software that I mentioned at the start of this post. One important exception is the German government, which according to Sky News is working on an extremely significant law in this area…

The NSA could get back door access into every data stored in Windows and now it can get access to data stored remotely, too. It’s total surveillance. Not even encryption can help.

I was contacted by a manager from Microsoft last week and after we exchanged some messages about the farce which is encryption in Windows he no longer had a counter argument. He found out, after some research, that I was in fact right. I was previously (almost a decade ago) ridiculed by top-level Microsoft staff for suggesting that encryption in Windows could easily be subverted, by design. Around that time Microsoft’s Allchin was seemingly worried about back doors and he was quoted on it (the Allchin article is hidden to many as the link has changed). Some of it is very old, but we have written about Bill Gates’ support of back doors since the early days of this Web site. Microsoft back doors in Windows go beyond just remote access and descend down to encryption, caused by a deficient-by-design (or generally bad) encryption. When we cited Cryptome's findings we received an overwhelming (and supporting) attention. The management from Microsoft tried to change our article (asking for changes) despite the article being correct. As stated in comments in Soylent News: “when my Windows 8.1 tablet recommended that I turn on encryption, as soon as I clicked “no” to handing my administrator user over to Microsoft, it disabled encryption.”

I showed it to Microsoft management, whereupon they checked and confirmed that this was true. No response since, hence we can assume there’s no counter argument.

In summary, Microsoft betrays the privacy of Windows users at many levels. No nation should deem Windows suitable for use (at any level) and ridicule is probably well deserved where one defends Windows as ‘secure’.

Forget the FUD About Bash and OpenSSL, Microsoft Windows Blamed for Massive Credit Cards Heist

Posted in Microsoft, Security, Windows at 12:56 pm by Dr. Roy Schestowitz

Knob sets

Summary: Home Depot learns its lesson from a Microsoft Windows disaster, but it stays with proprietary software rather than move to software that is actively audited by many people and is inherently better maintained (Free/libre software)

MEDIA that is owned by large corporations likes to talk about FOSS bugs that have logos and brands not because there are many known incidents where harm was done but because FOSS is an easy scapegoat. Microsoft Windows, which has had bug doors for nearly two decades (very serious and remotely exploitable), should not be used on any production environment, but some businesses are evidently foolish enough to put it on critical systems, knowing damn well (they definitely should know it by now) that the NSA collaborates with Microsoft on back doors access and uses back doors for espionage (both industrial and political).

Earlier this year we asked journalists to call out Windows and urged Home Depot to speak about the role of Microsoft Windows in its massive (existence-threatening) incident that left millions of people (with credit card details) in the hands of crackers.

Microsoft Windows — not some FOSS bug with a logo and/or a name — punished not only Home Depot but also millions of innocent customers who did not know that Home Depot relied on Microsoft Windows for storing/processing sensitive details.

“Microsoft Windows — not some FOSS bug with a logo and/or a name — punished not only Home Depot but also millions of innocent customers who did not know that Home Depot relied on Microsoft Windows for storing/processing sensitive details.”Now there is acknowledgement of this, based on the report “Home Depot blames Windows for record hack, rushes out to buy Macs and iPhones afterward”. So basically they are moving to another proprietary platform with back doors. Apple has already admitted the existence of back doors in iOS, for example, and tried to pass them off as “diagnostics”. If Home Depot is serious about security, then GNU/Linux and other Free software (even BSD) should be universally used at Home Depot.

Home Depot should generally cleanse itself of proprietary software, which is totally unsuitable for credit cards handling because it has back doors and other security issues, mostly inherent issues. Other companies should learn from Home Depot’s mistake and never again process important data using proprietary software. The bad reputation that Home Depot gets from this incident is now putting the whole business in jeopardy and based on news reports about surveillance software Skype (after the Microsoft takeover), Microsoft wants to put it at the very heart of businesses, enabling wiretapping of unprecedented proportions, even inside private businesses (not some mundane chats). Only days ago the Electronic Frontier Foundation warned that Skype is inherently insecure and so is WhatsApp, which is owned by a partly Microsoft-owned company (Facebook). Here is what Beta News wrote:

Secure communication is something we all crave online, particularly after Edward Snowden’s NSA revelations increased public interest in privacy and security. With dozens of messaging tools to choose from, many claiming to be ultra-secure, it can be difficult to know which one to choose and which one to trust. Electronic Frontier Foundation (EFF) has published its Secure Messaging Scorecard which rates a number of apps and services according to the level of security they offer.

Businesses should shun not only Microsoft but proprietary software in general (Microsoft tends to be one of the worst among them) if they wish to secure their communications, respect their customers’ safety, and ultimately assure their survival. Use of proprietary software is no joking matter; it can be lethal. The corporate press has hardly done enough — if anything at all — to highlight the real culprit in the Home Depot disaster.

Windows ‘Update’ and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows

Posted in Microsoft, Security, Windows at 12:22 pm by Dr. Roy Schestowitz

Summary: The back doors-enabled Microsoft Windows is being revealed and portrayed as the Swiss cheese that it really is after massive holes are discovered (mostly to be buried by a .NET propaganda blitz)

Windows ‘Update’, which essentially translates into Microsoft manipulating binaries on people’s machines without any changelog (at least not in source code form), is making the news again this month. Windows ‘Update’ is happening quite often (a monthly recurrence), but this time there is a lot to say about it.

The British NHS, which holds full medical records of very many individuals, recently received a lot of flack for sticking with an unsupported operating system that was released when I was a teenager instead of upgrading to recently-built Free software like GNU/Linux. Guess what happened to the NHS? “NHS XP patch scratch leaves patient records wide open to HACKERS” says the British press, meaning that not only the NSA gets access to NHS data:

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal.

Another story of a botched update of Windows says that “Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud”:

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft’s Windows Update mechanism.

That’s what one gets when using weak ciphers that the NSA promotes and Microsoft willingly spreads. Windows Update is a dangerous tool for many reasons not just because it is bricking Linux devices these days but because it’s a tool that gives the NSA a lot of power. Before an update kicks in the NSA is given information that allows it to take full control of PCs with Windows, remotely even (this is done every month). This may sound benign until one learns about Stuxnet (weaponised malware of the NSA) and considers this latest Patch Tuesday:

Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows. And applying the patches will be time consuming, experts say.

“Next week will tell us how many CVEs are involved but suffice to say, this patch load will be a big impact to the enterprise,” says Russ Ernst, the director of product management for Lumension.

CBS, being not just a proponent of espionage, mass surveillance, assassination and violent wars but also a proponent of back doors, had its site ZDNet downplay the above. “So far in calendar year 2014,” it said, “Microsoft has fixed 215 vulnerabilities in Internet Explorer” (lots of potential NSA back doors). Then come some lame excuses and damage control from Microsoft in the update, trying to make its bad record look like a positive, neglecting that fact that Microsoft has been secretly patching holes to yield fake numbers and give a false sense of security. Here is the full summary:

So far in calendar year 2014, Microsoft has fixed 215 vulnerabilities in Internet Explorer, with more coming out today. There have been security updates to Internet Explorer every month this year except for January.

This other report, titled “Potentially catastrophic bug bites all versions of Windows. Patch now”, does not entertain the possibility of back/bug doors in Microsoft Windows being exploited, despite that fact that Microsoft already told the NSA (prodifing exploit knowledge), which undoubtedly engages in illegal intrusions/cracking. A report from IDG notes that this bug is nearly two decades old and add that only “[w]ith help from IBM, Microsoft has patched a critical Windows vulnerability that flew under the radar for nearly two decades. ”

“How many times might this flaw have been exploited by now?”So IBM, despite having no access to source code (as far as we can tell), was perhaps the only reason why Microsoft addressed this issue two decades late, eh? How many times might this flaw have been exploited by now? A reader of us, alluding to that nonsense .NET PR, explains: “Perhaps a big reason for the PR teams trumpeting the open-core or freemium model?”

It sure serves as a good distraction. When Windows XP support (patches) came to an end a Microsoft-connected firm immediately (on the very same day) started throwing brands and logos in relation to an OpenSSL bug, stealing the show and spreading FUD for many months, generalising it so as to appear like a serious, inherent issue in FOSS.

Watch this critical remote code execution flaw in Windows. It is extremely serious, but there is no logo or brand for it (unlike FOSS FUD like “Heartbleed” or “Shellshock” — with a brand that was even perpetuated by the Russia-based Mandriva the other day).

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts