Bonum Certa Men Certa

Microsoft Resorts to Blame Games (Against Exploiters of Microsoft's Own Flaws and Against Google)

Chinese girl in beijing



Summary: Microsoft is transforming the debate from one which is centered on Microsoft's inability to secure Windows to one that focuses on external factors (the press is blaming Chinese schoolchildren)

"Blame someone else" is the Microsoft mantra/motto [1, 2]. As we found out yesterday, Microsoft's legal team plays the same type of game. Microsoft is already downplaying the TPM crack and it goes further than this by blaming crackers for blue screens of death. In a world where almost half the machines that run Windows (that's 1 in 2) are confirmed/estimated to be infected, Microsoft can blame the crackers all it wants, but how and why do they manage to intrude other people's PCs in the first place? According to this message (relating to Microsoft's proposal of Internet driver's licences):



We are sitting on an Internet with *at least* a hundred million fully-compromised, fully-owned systems. Personally, I suspect that the number is closer to double that. Others have postulated still higher values. Whatever that number is, though, it's (a) big and (b) getting bigger. And there's no reason, at present, to suspect that the trend will reverse, because nobody's doing anything that appears to -- in any significant way -- to be an effective countermeasure.

The new owners of those systems have unfettered access to ANY credentials present on or used on those systems. The overwhelming majority of them are end-user systems, of course, but how many login or email or other access credentials does the average user have? A work email account? One for home? A freemail account? Some number of social networking accounts? How about banks? Utilities? Shopping sites? VPN for a client?


So, according to the above, it's safe to expect any second Windows PC to be a zombie (the statistics still vary depending on the source). It's not even improving. Here are some news articles from the weekend:

Cybercriminals Exploit Haiti Tragedy with Malware

There was no let up in spamming and phishing activities last month even as the entire world watched with sympathy the tragedy in Haiti. To add to the sorrow behind the devastating earthquake on January 12, cybercriminals took advantage of the tragedy to launch spamming and phishing attacks.


Chuck Norris Botnet Karate-chops Routers Hard

If you haven't changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris -- the Chuck Norris botnet, that is.

Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.


Olympic skier Begg-Smith known as 'spam king'

Kneber Botnet: What You Need to Know Right Now

Everything you ever wanted to know about Xbox hacking

Malware - usually in the form of fake point generators - often comes into play. "Fake points generators that run on your PC promise free Microsoft points in return for your login details," Boyd explained. "Of course, what happens is your data is sent back to base via email should you enter it into the program. Typically, the phishers will also hijack YouTube accounts and place fake 'it works' messages on the videos promoting them [phishing tricks]," he added.


BSODs are not the major problem, but their relevance to the cracking cannot be ignored.

The point the author makes about the problem would have been fixed long ago in Linux, or any other FOSS software, is the most important part of the article, in my opinion. The way the situation is today, you have a few people at Microsoft trying to keep up with security issues.


Obviously, people talk about the BSOD issue as one involving Microsoft's attempt to secure machines, but those machines are already compromised. It means that the discussion has been completely warped [1, 2] and Microsoft's blame-shifting game has worked effectively (with help from Amarillo). SJVN correctly points out that Microsoft is not off the hook because those BSODs were caused by Microsoft's inability to secure Windows in the first place.

More than a week after Microsoft released an XP patch that seemed to cause BSODs (Blue Screen of Death), Microsoft announced that the immediate cause was the Alureon rootkit. Fair enough, but what about the 17-year old Windows security hole that the rootkit was exploiting?

I mean, come on. This bug dates back to 1993 when Windows for Workgroups 3.11 and Windows NT 3.1 instead of Windows 7 were the hot new versions of Windows. Many of you have never even seen those operating systems much less used them. Since Microsoft has left this security hole open almost long enough for it to be old enough to vote, shouldn't they get some of the blame?

After all, the hackers behind Alureon, aka TDSS, Tidserv and TDL3, botnet were able to fix their malware to work around the Windows' fix before Microsoft finally figured it out. Maybe Microsoft should hire them to work on Windows security instead of relying on their own in-house software engineers. Nah. They're probably making more money from their botnets than Microsoft is willing to pay them.

Specifically, the problem was caused when Microsoft finally fixed a Windows memory call that no longer could be used to call a specific address.

[...]

Unsupported? After 17-years, I'd say, for better of worse, it was part and parcel of Windows. Of course, if Windows were an open operating system like Linux there wouldn't be any 'unsupported' ways of addressing memory. Heck, maybe someone besides a malicious hacker would have found the bug back before the turn of the century and fixed it.

[...]

The only real fix to this problem is to dump Windows. This is just another of the endless examples of how easy Windows is to attack. Even as Microsoft took care of this problem, it was revealed that the Windows-based Kneber botnet has attacked more than 374 U.S. firms and government agencies. Proper patching might have slowed it down -- most of the systems getting hit by it seem to be running Windows XP SP2.

Still, the bottom line is that Windows is being exploited every day and as the Alureon/XP patch mess showed, Microsoft isn't capable of keeping up with the hackers or their threats.


In another example of blame-shifting, the attacks on Google which were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] and Microsoft's own negligence [1, 2, 3] are now being attributed to only those who exploited the flaws, allegedly two schools in China [1, 2, 3, 4, 5, 6]. We say "allegedly" because the schools are denying it. From yesterday's news: "Two schools in China where computers were reportedly linked to cyberattacks on Google and other companies have denied involvement in the hack, Chinese state media said Sunday." Here again is misplaced focus on people who exploited Microsoft's defective software which Microsoft refused to patch for almost half a year despite knowing about it. The Washington Post says: "Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers, including security professionals, consultants and temporary contractors, according to an industry source."

But does it really matter? Once again the focus is being shifted to crackers rather than the company which facilitated those attack. Microsoft relied on the same spin when Conficker inflicted huge damage. It's the blame game being played with PR and once again Microsoft is left off the hook.

Elsewhere in the news we find that Microsoft blames Google for the broken business model of newspapers. "Microsoft Man To Publishers: Google Punches Holes In Your Paywall, But Bing Won’t," says the headline. We saw this before [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. That's Microsoft playing the blame game in order to get its rivals sued/banned/excluded.

Microsoft plays this game not only in print media but also in books. Here is Google with some publishers and authors defending Google's side.

Google Inc. and a group of publishers and authors urged a federal judge to accept a $125 million settlement that would create the world’s biggest digital book library.


Among the companies opposing the Google book settlement there is now Amazon, which joins Microsoft just like Yahoo! did.

Microsoft Inc. (MSFT), Amazon.com Inc. (AMZN) and others urged a federal judge Thursday to reject a revised settlement among Google Inc. (GOOG) and publisher and author groups over digital copies of books.


It's the DRM-loving Amazon, which has been filled with several Microsoft executives as we showed many times before (there is also the geographical factor when it comes to Amazon). It's funny how allies of Microsoft are typically among those opposing the settlement and blaming Google for the failure of the once-scarce-and-now-abundant information industry.

Recent Techrights' Posts

They Want You To Talk About Trump or 'The Other Bill' in Relation to Trafficking of Underage Girls for Sexual Exploitation
Just something we wanted to say...
How to Quadruple Your "Goodwill" Value and Grow Your (Wall) Street "Value" From $152B to $4000B Without Producing a Single Successful Product/Service
The longer it goes on for, the bigger the implosion will be
Staying Productive
Two very reputable institutions recently told us they now reckon Microsoft is somehow funding those SLAPPs against us
66 Countries Where More People Use iPhones (or iPads) Than Microsoft Windows, According to statCounter Data
a list of countries where iOS now exceeds Windows
Windows All-Time Lows, Android All-Time Highs in Kuwait
New lows for Windows can be found in many countries this month
The Register is Desperate for Money, According to The Register
I decided to check how they're doing as a business
Some Cola Formulas Aren't Secret, But the Barrier is the Branding
That's the power of the channel/distribution, marketing, and brand recognition (accomplished through endless marketing)
 
Links 06/08/2025: Faked Values of Slop Companies and Government Bailouts
Links for the day
FOSSY 2025 Conference Safety
The GAFAM-funded FOSSY 2025 is over
Microsoft's Favourite Pay-to-Say 'Analyst' Firm Has Just Collapsed
'Analysts' that helped propel Microsoft to fictional values akin to Ponzi schemes
Ask Google (Jeeves)
What does Google "know", not know, or would rather forget (or embellish)?
A Blow for Patent Ambitions of Bill Epsteingate
It's about money
Apple's iOS Bigger Than Microsoft Windows in Many Countries
This ought to alarm Microsoft
The Mainstream Media Talks About Spotify Share Price and Price Hikes, Not Its Debt Increasing by About 33% in Just 12 Months
Spotify isn't a company in good shape
New "US Editor for The Register" is 80% Microsoft and Windows
they typically just treat Microsoft like the "Holy Grail" of "IT"
Microsoft is Apparently Sending Gag Orders or NDAs to Staff That Got Laid Off (“We were told not to post on LinkedIn. Not to say anything.”)
The main lies we keep seeing
Richard M. Stallman Has Published AI Memos Since 1980 (45 Years Ago)
Back when the term AI actually meant something
Gemini Links 06/08/2025: BitTorrent and Feedly Bots
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, August 05, 2025
IRC logs for Tuesday, August 05, 2025
Openwashing Slop... Using Slop!
So get ready for "open" "hey hi" with its proprietary models to engage in openwashing, helped by serial sloppers who use the LLMs to produce fake 'articles'.
On "Tragedy of the Commons in the Production of Digital Artifacts"
There's a better way to do things. None of that should involve GAFAM.
Gemini Links 05/08/2025: Opel Zoo near Frankfurt and Alhena 5.2.5
Links for the day
The Inflammatory Influence of Social Control Media Giants
CPC's ByteDance says it's cool
Microsoft v Planet Earth
Is Microsoft profitable?
IRC Turns 37
Internet Relay Chat (short: IRC), which started in 1988, turns 37 this month
Shortly After a Microsofter Took Over The Register as Editor in Chief Microsoft Tim (Tim Anderson) is Back and It's Still Microsoft Propaganda, Sometimes Funded by Microsoft
Notice his focus
Stricter Enforcement of Worker Adjustment and Retraining Notification (WARN) Act is Sorely Needed
Who's keeping track anyway?
Calling Plagiarism "Intelligence" is Pure Genius, Brilliance!
One thing to "like" (or dislike) about LLMs is how they're falsely marketed using various buzzwords
Geminispace Promises Simplicity But Also Provides a "bunch of forums that get flood-filled by agitation against the very essence of Gemini itself"
claims of stagnation in Geminispace started because of a person who spent a long time agitating against GNU/Linux as well
Zimbabweans Aren't Into Windows or Microsoft
This cannot be good news for GAFAM
Microsoft's Washington Layoffs Aren't Everything, They're Definitely Not Happening in Just One State in the US
Washington is just more strict with WARN notices
Gemini Links 05/08/2025: Lagrange v1.18.6, No Stagnation in Geminispace, and Fake Coding (Slop)
Links for the day
The Register's Editor in Chief (Who Left for Google) Told Me "AI" Was a Bubble, But Now The Register Gets Paid to Participate in Inflating This Bubble
A lot of the online media is a scam
Introducing Mission:Libre and FreeXR (and BreakXR)
efforts that accompany the foundations put there by the Free Software Foundation in 1985
Slopwatch: WebProNews, LinuxSecurity, and Some Success Stories
Google News still has a slopfarm issue
Links 05/08/2025: Hey Hi (AI) Passing Fads and GAFAM "Embracing the Military"
Links for the day
Links 05/08/2025: Samsung and Microsoft Layoffs
Links for the day
Rumours of Mass Layoffs at Red Hat Next Week (August 11th, 2025)
The eleventh means next Monday
IBM is Shutting Down (Piecewise)
IBM is basically being liquidated
The Debian Language Police Department (PD)
"there has never been complaints about anyone that was offended by this -off package"
Tesla's Debt More Than Doubled in 2 Years and the Company Will Operate in the Red (at a Loss) Quite Soon
If your first-quarter net income is $409 million and you borrow billions from banks, plus interest to pay on those loans, then you're not far from returning to losses
When The Register MS Says "Linux Backdoor" It Actually Talks About Malware
The leading story in The Register US/MS this morning is Microsoft
Microsoft Windows Fell to 19% "Market Share" in Montenegro
Microsoft must be well aware of this trend
Why We Also Include Gopher Links in Our Gemini (Protocol) Links
There are still many people who use Gopher to relay their messages (like blog posts). They're mostly technical people.
Shouting is an Indication of a Lack of Convincing Argument
Beware what they are attempting to distract from
Mongolia: Microsoft Windows at All-Time Low
in 2009 when Windows was at 99.45% in Mongolia the company was "worth" less than 200 billion dollars
About a Quarter of Today's "linux" News in Google News Came From One Domain and It's a Slopfarm
Not kidding!
Gemini Links 05/08/2025: Zombie Threat and Switching to NixOS
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, August 04, 2025
IRC logs for Monday, August 04, 2025
ChatGPT in Trouble
Watch out for the newer buzzwords
The Register MS Links to the Wrong statCounter Page
They link to older data
Dr. Andy Farnell Explains How Google Turned From "Librarian" Into "Oracle", Telling Us What to Think Instead of Where to Look
Google was always a lousy librarian
Microsoft Layoffs Continue in August 2025
If Microsoft is doing so well, how come about 10 rounds of layoffs in about 7 months in 2025?
Microsoft and Windows Have Many Back Doors, But LLM Slop Keep Claiming That Linux Has "Backdoor"
It's another example of LLM slop as FUD amplifier, via slopfarms as well
In Many Countries Vista 11 Adoption Stalled or Became Negative
Not just because people move to GNU/Linux
Microsofters' Lawyers Are Name-calling and Insulting Microsoft Critics, Even Their Spouses
How not to win arguments
Flagging or Tagging Slop That We Find Online
Right now we use ImageMagick
Links 04/08/2025: Very Bad Weather and Travel Restrictions in China
Links for the day
Gemini Links 04/08/2025: Misiamisia and Mobile Linux
Links for the day
Microsoft's Stock is Like a Religion, Microsoft Goes Into 'Hiding' (From Shareholders)
like a religious person or devout believer, the media just parrot anything Microsoft says
Links 04/08/2025: 80 Years Since Last Nuclear War, IPv6 in China
Links for the day
Groklaw Static Site Relaunches With New Theme, But Many Pages and All the Comments Are Missing
We suppose that's still a lot better than the site being offline, as it was for several months
"For Five decades; For freedoms; For all users" (Original EMACS Turns 50 Next Year)
Linus Benedict Torvalds was only 6 when EMACS started
In Spain, Microsoft's Search Engine Market Share Fell to 2%
16 years have passed since Bing was introduced
Protecting GNU/Linux-Centric Journalism From Serial Sloppers
Unoriginal slop is taking away traffic from the people who did all the real work
It Looks Like Managers at Oracle Now Use LLM Slop to Write Blog Posts
Did he cheat by prompting LLMs for mindless text "filler"?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, August 03, 2025
IRC logs for Sunday, August 03, 2025
Gemini Links 04/08/2025: Qubes OS and Curious crypto case of certificates (CCCC)
Links for the day