Bonum Certa Men Certa

NSA Shows Why We Should Abandon All Proprietary Software and Verify Trust

Without source code of all levels/layers of the software trust just cannot be established

Compiler



Summary: Proprietary software can never be secure and back doors inside of it can be assumed (unless proven otherwise), based on some of the latest NSA leaks

THE NSA is a criminal operation, so we expect it to work with other criminal operations. Microsoft and the NSA collude to make the world a less secure place, enabling espionage with Windows (Stuxnet for example) and providing video/audio surveillance in people's own homes without any warrants. Microsoft is about lawlessness is the same way the NSA is. The law of "rule" supersedes the rule of law.



Some say that the Windows-centric Stuxnet is the "world's first true cyber-weapon", but that is not true. History aside, to put it as IDG put it: "Stuxnet's creators recognized they had built the world's first true cyber-weapon and were more interested in pushing the envelope of this new type of digital warfare than causing large-scale destruction within targeted Iranian nuclear facilities, a study shows.

"In an analysis released last week, Ralph Langner, head of The Langner Group and a renowned expert in industrial control systems (ICS), also refuted arguments that only a nation-state had the resources to launch a Stuxnet-like attack. Assailants with less ambition could take the lessons learned and apply them to civilian critical infrastructure, he said."

This was an example of overreach and violation of the law, enabled of course by Microsoft and Windows. GNU/Linux does not sell its users down the river the way Windows does.

Sadly, firms like White Source make a comeback with their FUD and they single out FOSS for security issues (here is the press release). This is not acceptable because they totally ignore the much bigger threats, as above (where security issues are there by design).

The White House is at war against FOSS geeks and other phantom enemies [1,2], where the logic is something along the lines of, if we don't control it (we as in the government), then it's a threat to national security. While it seems clear that a brute force attack is the Achilles Heel of FOSS [3,4,5] and Google keeps improving security of FOSS projects like Android [6,7,8,9.10] and others [11,12], the logic followed by the likes of White Source and White House is that if something proprietary keeps its flaws (or back doors) secret, then it's secure and we should not pay attention to real security. Again, this is simply not acceptable.

The head of the Linux Foundation recently said that FOSS is safer, and Linux is more secure than any other OS [13]. Mikko Hypponen seems to agree with him [14] and despite some new known flaws in Red Hat software [15,16] (transparency makes weaknesses visible) we should remember that lack of knowledge about something does not mean it's not there. Just because we cannot easily see back doors in proprietary software doesn't mean they're not there (some groups of people know they're there and they exploit them silently). If Europe is serious about cyber security [17], then it should dump all proprietary software (back doors-friendly software) as soon as possible. Given everything we now know about the NSA, ignorance and uncertainty are no longer an excuse. A Dutch source has just revealed that the NSA cracked 50,000 computer networks. The evidence is overwhelming. Stuxnet is peanuts next to that.

Related/contextual items from the news:



  1. How Antisec Died
    Depending on when one asked, Antisec was generally between 8-10 people, with a solid core of about six. Not all of them were comfortable with talking to me, and certain ones were designated to communicate with press. I was never entirely sure who was in or out at any particular time — it was a fluid group. I never knew all the nicks. I talked repeatedly with five of them, including Sabu.


  2. Bizarre Online Gambling Movie-Plot Threat
    This article argues that online gambling is a strategic national threat because terrorists could use it to launder money.


  3. Huge horde of droids whacks code box GitHub in password-guess attack


  4. GitHub resets user passwords following rash of account hijack attacks
    GitHub is experiencing an increase in user account hijackings that's being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses.
  5. Google extends its proactive Patch Reward Program to include Android Open Source Project, Web servers, and more


  6. Google adds Android Open Source Project to Patch Rewards program
  7. Google expands Patch Rewards Program
  8. Google extends open source bug bounty programme to Android and Apache


  9. Android now part of Google’s Patch Reward Program


  10. Google adds Android and Apache to open source security rewards programme
    Google has extended its Patch Reward Program to include a raft of new platforms and technologies including its own Android system as it looks to improve the securiry of open source software.

    The firm announced an overhaul to its security patch policies last month, offering white hats up to $3,133 for fixes.


  11. Experts applaud Google completion of SSL certificate upgrade
    Step up to 2048-bit keys optimizes balance between protection of company services and maintaining performance


  12. Pinkie Pie and His Google Exploits: The Legend Grows
    Pinkie Pie returned in 2013 for the desktop Pwn2Own event operated by Hewlett-Packard's Zero Day Initiative (ZDI), taking aim once again at Google. This time, it was Google's Chrome browser running on Chrome OS. Pinkie Pie's effort landed him another $40,000 in award money for the discovery and reporting of what turned out to be a trio of flaws, including one buried deep within the Linux kernel. Chrome OS is a Linux-based operating system that Google uses on its Chromebook notebooks.

    But wait. There is still more.

    Just this week in Japan at HP's Mobile Pwn2Own event, the legend of Pinkie Pie grew as the My Little Pony-loving security researcher once again demonstrated previously unknown zero-day flaws in Google's Chrome. Pinkie Pie was able to pwn Chrome on both a Nexus 4 as well as a Samsung Galaxy S 4 smartphone. This time, Pinkie Pie pocketed $50,000 for his efforts.


  13. Linux chief: ‘Open source is safer, and Linux is more secure than any other OS’ (exclusive)


  14. Mikko Hypponen: Open Source Software Will Make the World More Secure
    Open source software can be one answer to combating the global surveillance of innocent citizens, said security expert Mikko Hypponen in his keynote last week at LinuxCon and CloudOpen Europe in Edinburgh.


  15. Hackers actively exploiting JBoss vulnerability to compromise servers, researchers say
    Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner.


  16. Red Hat: 2013:1521-01: python-django: Moderate Advisory


  17. European businesses urged implement anti-cyber security systems
    The European Cyber Security Directive, which proposes that European businesses have a legal obligation to ensure they have suitable IT security mechanisms in place, is soon to be enforced in the UK.




Recent Techrights' Posts

The Lawsuit by Clients of Brett Wilson LLP Against Brett Wilson LLP is Officially On, It is Progressing, The 'Experts' Pick Outside Law Firms (RPC and Mills & Reeve) to Spare Them From Litigants in Person
So it is probably quite potent
The 'Culture Wars' in Free Software Have Gone Out of Control
Social control media amplifies such utterly infantile discourse
Teaser: To Compensate for the Fact Our Clients Are Terrible Human Beings Who Strangle Women (While on Microsoft's Payroll) and We Get Paid by Mystery Parties We Bombard You and Your Wife With Almost 10 Kilograms of Legal Papers
If you can't win an argument, then drown the other side with papers?
Now Confirmed in Western Media: Microsoft Azure Layoffs This Month
Affirmed by more sources moments ago
10 Out of 10: RMS Attracts Massive Audience in Göteborg, Sweden (All Seats Occupied, Some People Standing)
a 55-second clip of his talk
Slopwatch: Plagiarism and "Linux" Articles by Bots
Sites that do this won't survive; many of them rely on slop services (suppliers) that will cease to exist after the bubble bursts
 
This Past Friday, "Nearly 700 People Came to Listen to RMS!" (Richard Stallman)
"Nearly 700 people came to listen to RMS!"
Distinguished Lecture by Richard Stallman This Coming Monday in Rome
After "Free software, Crucial for Freedom in a Digital World"
Slopwatch: UbuntuPIT Churning Out Plagiarism and the Slopfarm LinuxSecurity Turns to Pseudonyms
Our hunch is, UbuntuPIT will sooner or later realise that this toxic approach is just harming UbuntuPIT and tainting the reputation of past articles
Gemini Links 11/10/2025: Nyctography, Gerrymandering, and Lurking
Links for the day
Links 11/10/2025: World Mental Health Day 2025, Another European Legal Defeat for Microsoft 360
Links for the day
MIT Technology Review is Part-Time SPAMfarm of Billionaires and Mega-Corporations
Does MIT operate its own "b2b" SPAMfarm?
Open Source Initiative Executive Director Leaves, Replacement Sought by Monopolists, Not the Community or OSI Members
Serves to show who runs this show...
Links 11/10/2025: China-US Tensions Grow Again, "Hey Hi" More Widely Recognised as Bubble Made of Capital That Doesn't Exist
Links for the day
Peter O'Callaghan QC represented grandparents, Westernport Hotel, at Liquor Royal Commission
Reprinted with permission from Daniel Pocock
Either The Register MS Divests From FOSS Coverage or Liam Proven is on Long Holiday
Publishers perish when their audience loses trust in them
Microsoft Cancelling Another Datacentre is a Sign of Financial Trouble and Lack of Growth
The debt continues to grow
Gemini Links 11/10/2025: An Evening at the Fair and Fast Fourier Friday
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, October 10, 2025
IRC logs for Friday, October 10, 2025
Geminispace is Very Large
The word continues to spread and the number of participants grows
Another Wave of Microsoft Layoffs, This Time During National Day Holiday
This time it's China again
Staying Happy in Times of Crackdowns on Civil Society
Optimism in this sort of "new reality" or "new normal" seems like something for the irrational person
"Nobel" Exploited Posthumously for "AI" Hype, Now They Do the Same With "Quantum"
ere have been many jokes about "Nobel" for peace (often granted to pro-war people) and a fake one for "Economics" (establishment propaganda)
Links 10/10/2025: Putin Admits Russia Downed Azerbaijan Airlines Jet, More New Heat Records
Links for the day
Noteworthy Claim That IBM is Firing a Lot of Lawyers This Week (RAs in the Legal Department)
A lot of what they do is patent 'trolling' or lawyering up against their own staff (e.g. HR disputes)
Links 10/10/2025: US Judge Bars Attacks by ICE On Journalists and Protesters; “We Took The Freedom of Speech Away” Says the President
Links for the day
Slopwatch: Serial Sloppers, Google News Gifting Slopfarms, and Fake News/Plagiarism About "Linux"
Google itself is a slop pusher these days
Qualcomm, the New Owner of Arduino, Blasted for Its Software Patents Tax on 'Smartphones'
A lot of Qualcomm's patents are on software. We wrote about this in prior years.
XBox Layoffs Rumours, Downtime, and Criticism From XBox Co-Founder
"everyone is ditching the xbox."
Links 10/10/2025: Honoring The Legacy Of Robert Murray-Smith, Many Articles on the Hey Hi (AI) Bubble
Links for the day
Gemini Links 09/10/2025: October Gothic and Reading Middle Earth Role Playing; C and Ada
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 09, 2025
IRC logs for Thursday, October 09, 2025
Links 09/10/2025: Farewell to Jane Goodall, California Bans Algorithmic Price-Fixing
Links for the day
Gemini Links 09/10/2025: Lost Wages and a Saga Of Continuing To Use Palm PDAs
Links for the day
Richard Stallman's Talk in Helsinki is Done. Tomorrow Göteborg.
There are scarce details in Finnish about Dr. Stallman's talk
New XBox Leaks Probably Serve to Confirm XBox's Collapse (Many More Layoffs)
It's very much consistent with what many other sites have reported lately
The Slop Song
The train wreck marches on
LLM Slop/Advanced Plagiarism Flooding the Zone With Capital That Does Not Exist
Many publishers out there still participate in this bubble instead of calling it what it is
Links 09/10/2025: Sacked Microsoft Workers Make "Sackbird", IBM Taps CockroachDB for PostgreSQL
Links for the day
"Happy Hacking Day" Richard Stallman Talk This Afternoon (From 14:00 to 16:00) at Haaga-Helia University in Pasila
Richard Stallman in Helsinki, Finland
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 08, 2025
IRC logs for Wednesday, October 08, 2025
Links 09/10/2025: Impact of Microsoft Layoffs, More Data Breaches
Links for the day
Gemini Links 09/10/2025: Autumn Blues and C IRC Bot
Links for the day