Bonum Certa Men Certa

U.S. Military Hit by Windows, Learns Nothing From Microsoft Negligence

Flag and tank



Summary: Failures to name the culprit after a serious military intrusion; new examples where Microsoft knowingly ignores and leaves open holes inside Windows

“LOOKS Like Microsoft is Doing Damage Control on Virus Attacks” was the title of this post from last week. There has been a hot debate about it recently, but owing to Slashdot spin not much was done to call out Windows. The DOD/Pentagon ought to say more about the role of Microsoft software, but even the original article from Wired only speaks about "worm" and "USB"/"flash drive", neglecting to say that only Windows can be affected. Here's the opening:



In the fall of 2008, a variant of a three year-old, relatively-benign worm began winding its way through the U.S. military’s networks, spread by troops using thumb drives and other removable storage media. Now, the Pentagon says the infiltration — first reported by Danger Room — was a deliberate attack, launched by foreign spies. It’s a claim that some of the troops who worked to contain the worm are finding hard to back up.

In the upcoming issue of Foreign Affairs, Deputy Defense Secretary William Lynn writes that the worm entered the military’s classified systems “when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive’s malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command.”


Why could Slashdot not state that this is a Windows issue? Should one just assume (magically, by default) that when no operating system is mentioned it must be Microsoft Windows? They do name and shame the operating system when it's not Windows.

Slashdot should know better because only yesterday it wrote about a data-stealing bug which is specific to Internet Explorer 8 (Windows only): [via]

There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way that IE 8 handles CSS style sheets.


We have written a great deal this year about Microsoft negligence [1, 2, 3] that led to security disasters, e.g. after Microsoft had ignored known Internet Explorer flaws for 6 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] (Microsoft is the worst in the regard, so Google banned Windows earlier this year).

"Researcher told Microsoft of Windows apps zero-day bugs 6 months ago," says this new headline from Gregg Keizer [1, 2], who adds yet another example of Microsoft ignoring problems for half a year (not even automatic patchers/trackers would help in such cases). Some things just never change.

Microsoft has said this year that for improved security users should consider moving to 64-bit Windows, but "Rootkit with Blue Screen history now targets 64-bit Windows," says this news headline.

A new version of the malware that crippled Windows PCs last February sidesteps safeguards designed to block rootkits from hijacking machines running 64-bit editions of Windows, researchers said Thursday.


Proprietary software for Windows is another problem (Adobe and Apple being prime examples), but Free software too, e.g. Mozilla Firefox, may sometimes suffer only from flaws that are inherited from Windows, not Linux/UNIX. Microsoft in the stack is a real troublemaker and Apple is not helping:

A security researcher has uncovered a new vulnerability in Apple QuickTime that can be used to bypass some security protections in Microsoft Windows.


Code needs to be openly audited/auditable to be trustworthy. Why did the U.S. military make the mistake of relying on Windows?

"Thanks to Mr. Gates, we now know that an open Internet with protocols anyone can implement is communism; it was set up by that famous communist agent, the US Department of Defense."

--Richard Stallman



Comments

Recent Techrights' Posts

Giving the False Impression That the R blogosphere is Microsoft's Microcosm
Curation that culls "astrotrufing" isn't censorship but quality control for relevance
WikiLeaks Wonders: Major Leaks That Shook the Worlds
Published 14 hours ago
No Outage Here
Microsoft seems to have lost control of the narrative
Microsoft Has Managed to Make GNU/Linux Users Scared of Updating Their GNU/Linux PCs (Thanks to UEFI 'Secure' Boot's Boosters!)
How many people know who's responsible for this mess?
 
Links 21/07/2024: Extreme Heat and Fortescue Layoffs
Links for the day
GNU/Linux Lifted Up 0.03% Closer to 4.5% "Market Share" (or 50% More Than a Year Ago)
How many businesses and homes are permanently giving up on Windows after recent days' events?
High Adoption Rates for GNU/Linux in Albania, According to statCounter
Albania has been a central point of some GNOME and diversity scandals
It'll Soon Be Half a Decade Since COVID-19's Breakout, We Still Need Verified Facts (Not Corporate Dogma) and Proper Media Reporting
COVID-19 has meant different things to different people
For the First Time, Microsoft's "Market Share" in North Macedonia Falls to Only a Quarter
Microsoft only has Windows
Evan Versus Julian
Published by Julian Assange's wife some hours ago
What The Internet Can Achieve When Put in the Hands of the Good People and Not Censored by the People Who Already Control the Mass Media
albeit Wikileaks put that in social control media owned and controlled by oligarchs
IRC Proceedings: Saturday, July 20, 2024
IRC logs for Saturday, July 20, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] Hate Speech
This is also what makes TikTok so dangerous
Shark-infected Water on the Web
Don't turn Gemini into another "Web"
OpenHarmony, HarmonyOS Next, Deepin, Kylin, and openKylin: How China's Various Manoeuvres Away From Windows Get Covered in the West
Kylin was openly based on Ubuntu
Links 20/07/2024: Tesla's UK Lawsuit for 5G Patents Licence Thrown Out by UK Court, Censorship Examples Surface
Links for the day
Gemini Links 20/07/2024: Why Sleep Is So Important, Bot Problems Online
Links for the day
[Meme] Truth Hurts
"Saying that I physically assaulted women is 'defamation'"
Techrights Turns 18 in About 3 Months
Nothing can stop us
When (Software) Freedom is the Goal
Freedom of thought also
Expect Many More Microsoft Layoffs After the Latest Windows Outages (Bonus: More Media Says Microsoft Has Cut Half the Staff in Nigeria)
after the latest worldwide blunder we can expect many businesses to gradually ditch Windows
Today GNU/Linux Broke All-Time Record in statCounter Again
Expect more people to hop over to GNU/Linux after the Windows fiasco
Joab Jackson and "The New Stack" Publishing Microsoft Spam (E.E.E. Against Linux) for a Payment From Microsoft
It's not a real news site
Links 20/07/2024: Patents on Software Squashed, Further Attacks on Independent News Sites
Links for the day
Links 20/07/2024: Shopping Mall in Southwestern China and New Health Crises
Links for the day
Microsoft/Windows Has Fallen Well Below 1% (Now 0.7%) in American Samoa
statCounter Sees Microsoft Windows at Below 1% in American Samoa
The Thelio Mega Is a Dual-GPU Linux Supercomputer
System76 sells many desktops and laptops built to run Linux. The company has now revealed its new high-powered Linux desktop, the Thelio Mega
[Meme] "System of a Down"
The latest international catastrophe kills people
Geminispace Growing and Getting More Free (Independent)
Because self-signed certificates are the way to go
Why Microsoft is Laying Off So Many People in Nigeria
Nigeria is a place Microsoft has lost
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 19, 2024
IRC logs for Friday, July 19, 2024
Gemini Links 20/07/2024: Gopher Catchup and Old Computer Challenge
Links for the day
Microsoft Lays Off Half of Its Workforce in Nigeria
Microsoft continues to implode in Africa
Links 19/07/2024: Microsoft Breaks Down and Amdocs Has 1,500-3,000 More Layoffs
Links for the day
Washington's WARN Site/Portal (That Excludes Many Microsoft Layoffs) is Now Down for Many Hours, Microsoft Causes Major Outages and Incidents Worldwide (Even Deaths)
The mass layoffs (lots of them in Azure since 2020) probably worsen resilience and security some more
UEFI 'Secure Boot' Once Again Bricking PCs and Fake Security Models Are Perishing in Geminispace
Let's Encrypt has just fallen again
[Meme] Conservative (and Fake) Nuclear Physicist Bill Gates
Didn't even graduate from college, media treats him like a world-renowned expert in nuclear energy
The Gemini Capsule of Tux Machines Turns 2 in Six Days
Many people actually use Gemini, some participate in it by creating their own capsule (or capsules)
GNU/Linux Rises to 4% in Saudi Arabia, Says statCounter, Windows Has Fallen to 11% (Android Exceeds 60%)
Microsoft might soon fall below 10% in KSA (Saudi Arabia)
IRC Proceedings: Thursday, July 18, 2024
IRC logs for Thursday, July 18, 2024
GNU/Linux news for the past day
GNU/Linux news for the past day
1901 Days in High-Security Prison (and 8 More Years in Severe Confinement) for the 'Crime' of Exposing War Crimes and Corruption
Julian Assange clip
Opensource.org = Microsoft Lobbying (Openwashing)
Here's the latest pair of blog posts
In Northern Mariana Islands, Where Julian Assange Pled Guilty 4 Weeks Ago, Windows Remains Second to Android, and GNU/Linux Still Grows in Oceania
It was the first month ever that statCounter saw more Web requests there from Android than from Windows
If GitLab Gets Sold (Datadog and Google Named Among Potential Buyers), It'll Prove Our Point About GitLab
Beware the bait on the hook