CISA Has a Microsoft Conflict of Interest Problem (CISA Cannot Achieve Its Goals, It Protects the Worst Culprit)
Yet another example (lots of that lately, e.g. [1, 2]) of people from Microsoft "speaking for" "Open Source" and for "security"!
The Linux Foundation's watered-down view of the world - wherein Bill Gates created computing with his own bare hands and now masters security - must be collectively rejected. Sadly, however, CISA (for national policy) has been infiltrated by Microsofters who who make up the panels and set the agenda while the same is true in the 'Linux' Foundation, even its security-oriented subgroups. Microsoft staff now claims to speak for the Linux Foundation and one isn't allowed to call the emperor "naked". That would be a Code of Conduct violation, resulting in suspension or even expulsion.
Notice what CISA has just alerted about. It is a Windows issue. As our associate put it, "would this ban Windows and the other Microsoft products out there?"
Instead it is likely that CISA will spin those Windows issues as universal issues (same problem in Europe). Microsofters inside CISA will probably play down reports about GooseEgg. As psydroid put it, "Europe won't have much of an IT infrastructure by them because expenses for keeping the creaky Swiss cheese Microsoft solutions in place will have skyrocketed by them -- "solutions" to no problem ever."
At least some of the press coverage rightly attributes GooseEgg to Microsoft's Windows:
-
State-level actor using flaw patched in October 2022 to hit Microsoft
A state-level actor, suspected to be from Russia and known as APT28 or Fore st Blizzard, has been using malware known as GooseEgg to exploit a vulnerability within the Windows Print Spooler service.
-
CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation
CISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild.
We recently mentioned (in passing) that CISA had been infiltrated by some Microsofters (plural), who are now "Leading Open Source Security @ CISA" (yes, from MSFT to CISA).
An associate asked about this today and later noted that "it was a rhetorical question but does raise an important observation about conflict of interest."
So Microsoft now speaks for "Open Source Security"?
Microsoft speaks neither for Open Source nor for security, except when it decides that it does. "Open Source loves Microsoft," Jim Zemlin insists. Listen to the expert*!
Our associate added: "Specifically the position of Microsoft inside CISA combined with the ostensible watchdog role of the program (new conflict of interest) can be abused by Microsoft to avoid calling attention to the Windows-specific nature of ransomware and the sole solution of dropping Windows.
Related to this is a new report about Microsoft profiting from bad security (i.e. from Microsoft's own failures, as shown above). "Microsoft make holes through bad engineering and sloppy workmanship and instead of fixing them is allowed to sell after-market add-ons," the associate said. "In other words, they get paid more the worse their software becomes. And one potential conflict of interest is that CISA would thus become in effect a marketing arm for Microsoft, like the LEO-backed Business Software Alliance." █
_____
* Jim Zemlin does not use Open Source (he rejects it). He has openly, publicly boasts that his wife Sheela controls him. Why brag about it? To appeal to a so-called 'left'? Sheela is even more Microsoft funded than Jim. Besides, he should form his own judgement, not inherit it from some MBA that defrauds people (Bakkt). In reality, he should not be in charge of Linux and he should not decide on anything "Open Source". He lacks the necessary credentials and experience. This is kakistocracy that empowers the least community-attentive. Deferring to Sheela should be enough of a red flag. As if "my wife controls me" is the new "cool". Equality means not "my wife controls me" but mutual respect and cooperation on decisions. As many of our readers know already, the 'Linux' Foundation is so 'popular' that it needs to spend several millions of dollars every year purchasing positive press coverage about itself.