Bonum Certa Men Certa

Reader's Article: Microsoft Windows Hoses Homeland Security

Geodesic dome
Pentagons



Summary: DHS and Windows - affair revisited

WINDOWS CONTINUES to be a sordid, insecure mess. We will give some examples within days, but in the mean time, here is a new flaw in Internet Explorer 8, which Microsoft loves to pretend is secure:



"A nasty vulnerability exists in the latest Internet Explorer 8," Evans wrote. "I have been unsuccessful in persuading the vendor to issue a fix."

"The bug permits — for example — an arbitrary web site to force the victim to make tweets," he added.

The vulnerability may exist in other versions of IE and appears to be an extension of a cross-browser cross domain theft first documented by Evans via his scarybeastsecurity blog last December. Evans claims Microsoft has been aware of the bug since 2008, producing a harmless proof-of-concept exploit to illustrate his concerns.


A reader of ours has also just contributed the following short article: "Slashdot is running another story that fails to call out Windows. To be fair, neither did the Wired article or the Department of Homeland Security report itself. The last omission is inexcusable because DHS had all the information and should help US citizens make informed decisions by publishing instead of shielding Microsoft by obfuscating.

"There are tantalizing clues in the report and a damning indictment of Windows. The report The US Department of Homeland Security found more than a thousand serious vulnerabilities on their own network. Almost all of the holes were in applications run on Windows and flaws in Windows itself:

Overall, we identified 1,085 instances of high-risk vulnerabilities on the MOE [Mission Operating Environment]; 202 were unique across 174 MOE computers scanned. The majority of the high-risk vulnerabilities involved application [94%] and operating system [6%] and security software patches that had not been deployed ...The application vulnerabilities identified in our scans of the MOE, which NCSD uses for email service and access to NCPS Einstein data, include those involving Microsoft applications, Adobe Acrobat, and Sun Java. ... more exploitation attempts are recorded on application programs, especially email attacks that exploit vulnerabilities in commonly used software and programs such as Adobe and Microsoft Office. Though application attacks are on the rise, operating system ... Though application attacks are on the rise, operating system attacks are still a security concern; more than 90% of operating system attacks involve buffer overflow vulnerabilities against Windows operating systems.


"When someone says "email attacks" they are usually talking about a particular Windows client. Because the DHS did not break down applications by OS, readers are left guessing what they are talking about. Why bother to give the breakdown for the minority problem, OS, while leaving the majority of problems, applications, nebulous?

"We do know from the report that DHS is a Windows shop and that causes most of the problems. The agency flagellates itself for not following Federal Information Security Management Act (FISMA) requirements or their own policies and recommends they, "Implement a software management solution that will automatically deploy operating system and application security patches and updates on all MOE computer systems to mitigate current and future vulnerabilities." If they were using GNU/Linux, they would already have such a thing because every distribution comes with a package manager.

"Updates are nearly impossible on Windows but trivial with GNU/Linux. Updates for Windows are spread far and wide on vendor sites, often behind javascript and other barriers to automated discovery. Many vendors have auto update tools but many resemble spyware, introduce security problems of their own and running them all at once drains system resources. Worse, Microsoft is notorious for breaking Windows and other applications with their updates, and every large organization and software vendor ends up doing their own set of tests before they can roll out anything to users. This is an enormous duplication of effort not found in the cooperative world of GNU/Linux. Free software has no such barriers to discovery or copy, so all of the heavy lifting gets done by distributions' package manager that is already automated."

Does it not seem reasonable to suggest that DHS should abandon Windows? Sadly, it has former Microsoft seniors in house.

Recent Techrights' Posts

At BetaNews, "Most Commented Story" Is Not a Story But LLM Slop! (Readers Talking to Bots)
They make fake stories with provocative headlines and then boast that these get many comments
[Meme] Swiss Lawyers/Attorneys Who Fake Qualifications and Rob People
Switzerland mostly guards its reputation by censorship of media
Just How Slow Has the News Industry Become?
We're drowning in garbage from fake publishers
BetaNews is Beta-Testing the Site as LLM Slop With Microsoft Propaganda Thrown In
Many of the people there are Microsoft boosters and they use slop as "filler" (for marketing)
Gemini Links 13/11/2024: Phasing Out 3G, Brian Kernighan Books, Tcl/Tk, Time to Ditch x86
Links for the day
BetaNews, Inc. Became a Spam Operation/Web Site, LLM Spew (Slop) for SEO Disguised as "Articles"
Published 5 minutes ago by Brian Fagioli...
WordPress is for the 'Old Web'; the New Web Necessitates Static Pages
There are purely practical reasons to move away from WordPress and the likes of it
Biggest Debt Leap in Years, More Than Half a Trillion Dollars in Just One Month
We remind people (almost every year) that it's also "buynothingday"
 
More Than 3 Years After Vista 11's Release More Chinese Computer Users Still Use Vista 7 (Than "11")
it was "officially" released October 5, 2021
In Switzerland, GNU/Linux Reaches Record Highs, But What About the Corruption?
Pocock is a disappointed citizen of Switzerland
Things That Still Work OK (But We're Being Shamed for Using)
Using old stuff is nothing to be shamed of (or afraid to do)
Free Software is About Collaboration
WordPress limits it
Even the Managing Editor of BetaNews is Doing Slop and Spam
A Fish Rots From The Head Down
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 12, 2024
IRC logs for Tuesday, November 12, 2024
PERA Bill in US Senate Strives to Crush Caselaw, Making Patents on Mathematics and Algorithms 'Great Again'
Follow the money
Evolution of euthanasia & WIPO UDRP similarities exposed by W. Scott Blackmer
Reprinted with permission from Daniel Pocock
Links 12/11/2024: A Lot of Censorship and SWNS at 50
Links for the day
Gemini Links 12/11/2024: Invidious Down and YouTube Addiction
Links for the day
Links 12/11/2024: Hey Hi (AI) Failures and COP29 Fakers
Links for the day
Latest Rumours of Red Hat Layoffs
Rumours or gossip is how almost everything starts
Windows Falling to All-Time Lows and Microsoft Has Nothing to Replace It With
It's mostly Android (Linux) replacing Windows
Cybershow Has a New 81-Minute Episode on Digital Sovereignty and International Cyber-Relations
it is a high-quality show
Activism in the Digital Realm Can Never (and Must Never) Rely on GAFAM
This simply means that tech activists must completely abandon any hopes of finding allies in Google or IBM or whatever...
Golden Dawn(ald) and What GAFAM Means to Liberal Techies
In one single screenshot
IBM CEO Says Donald Trump as President-Elect is Good for IBM in New Interview With CNBC
most unprincipled CEO ever?
GNU/Linux Up to 6.1% in Finland (Almost 9% If One Counts ChromeOS Too)
Home of Linux (the kernel)
BetaNews Has Become a SPAM/Slop Factory, Brian Fagioli Publishes Fake 'Articles'
everything is now suspect in BetaNews
It's Morbid to Talk About Living People as If They're Dead
What happens to LLM slop when Brian Fagioli dies?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, November 11, 2024
IRC logs for Monday, November 11, 2024
Free Software and Love of Nature
It's not a coincidence that many Free software activists are also lovers of nature
Silicon Valley and GAFAM Were Never Liberal
spineless CEOs and founders aren't against Trump
Windows and 'The Desktop' Floundering
Microsoft should be extremely worried
WordPress is Bad for the Planet (Even If Many Still Use It)
the costs nobody wishes to talk about
Gemini Links 11/11/2024: Closed Systems and Verify You Are Human To Continue
Links for the day
Running Twitter at a Loss and Then Profiting From Trumpism
How very liberal of Jack Dorsey, the greedy "Liberal" who only prioritised money
Microsoft, Which Benefits From Donald Trump, is Normalising Donald Trump
Some people still wrongly believe that Microsoft is left-leaning
ChromeOS and GNU/Linux Growing in Spain (Almost 10% Now)
Whether this persists next month and next year will certainly matter
When You Upload Talks of Richard Stallman to Proprietary YouTube
Also: notice they work to abolish the word "whitelisted"
Free Software is Probably a Lot Healthier for You
Does Free software help people live longer and/or live better for longer?
Sweden: ChromeOS + GNU/Linux at 17%, an All-Time High
According to statCounter
Windows Collapsed to Only 12% of the Operating Systems Market in India, Says statCounter
Windows falls to 64% on desktops/laptops in India, dips to 12% overall
Links 11/11/2024: Mastodon Year 2 in Review, Freshworks Laying Off 13% of Staff
Links for the day
[Video] Daniel Pocock Warning About Someone Like Elon Musk Buying and Misusing Twitter Almost 7 Years Ago
Daniel Pocock spoke about Facebook and Twitter while attending the UN Forum on Business and Human Rights in Geneva, Switzerland
[Meme] It Takes Only Words to Destroy Malicious People and Pathological Liars
Trying to silence us is foolish. Boasting about this in public is worse than foolish; it's a legal liability.
Dead Blog ('Hoisted By His Own Petard')
The saying "people who live in glass houses shouldn't throw stones" is also applicable here
Debian Voters Clearly Supportive of Richard Stallman (Founder of GNU/Linux), But Debian Leaders Keep Giving Voting Rights to Microsoft Staff
It can be seen that the pro-Stallman positions are dominant
WordPress is Unfit for Purpose in 2024
The Web itself changed a lot and the majority of Web traffic is pure junk
[Meme] Remember That Microsoft and Trump Already Have a "Targets List"
Microsoft loves Trump bailouts
Service Notice: IRC Downtimes RESOLVED
We believe we've solved this entirely (or hope so), but it may take another week to know for sure
Linux 'Not Inclusive' 6.12 (Trumpism Inside Linux Foundation Affirmed)
They can make a codename for this release: Linux 'Not Inclusive' 6.12
The Open Source Initiative (OSI) is Dead. Cause of Death: Microsoft Bribes.
At the core, Linux Foundation and OSI adopted lies as a business model
Joan Meyer correctly linked Gideon Cody raid on Marion County Record to Kristallnacht
Reprinted with permission from Daniel Pocock
Trans People Misused to Attack a Project or Developer Who Has Nothing to Do With Them
And why that truly hurts all trans people
Our 18+ Years of Freedom-Fighting
We always fight back
Gemini Links 11/11/2024: Men Losing Grip and "You're Relaxing Wrong"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 10, 2024
IRC logs for Sunday, November 10, 2024
Nobody Knows What's in Our Fridge! Wow, Spooky!
Freedom means you can also purchase things anonymously
Freedom Must Always Be Fought For (All the Time)
Ridicule of "freedom fighters" in the digital realm is typically orchestrated by dictators or wannabes.