Bonum Certa Men Certa

NSA Shows Why We Should Abandon All Proprietary Software and Verify Trust

Without source code of all levels/layers of the software trust just cannot be established

Compiler



Summary: Proprietary software can never be secure and back doors inside of it can be assumed (unless proven otherwise), based on some of the latest NSA leaks

THE NSA is a criminal operation, so we expect it to work with other criminal operations. Microsoft and the NSA collude to make the world a less secure place, enabling espionage with Windows (Stuxnet for example) and providing video/audio surveillance in people's own homes without any warrants. Microsoft is about lawlessness is the same way the NSA is. The law of "rule" supersedes the rule of law.



Some say that the Windows-centric Stuxnet is the "world's first true cyber-weapon", but that is not true. History aside, to put it as IDG put it: "Stuxnet's creators recognized they had built the world's first true cyber-weapon and were more interested in pushing the envelope of this new type of digital warfare than causing large-scale destruction within targeted Iranian nuclear facilities, a study shows.

"In an analysis released last week, Ralph Langner, head of The Langner Group and a renowned expert in industrial control systems (ICS), also refuted arguments that only a nation-state had the resources to launch a Stuxnet-like attack. Assailants with less ambition could take the lessons learned and apply them to civilian critical infrastructure, he said."

This was an example of overreach and violation of the law, enabled of course by Microsoft and Windows. GNU/Linux does not sell its users down the river the way Windows does.

Sadly, firms like White Source make a comeback with their FUD and they single out FOSS for security issues (here is the press release). This is not acceptable because they totally ignore the much bigger threats, as above (where security issues are there by design).

The White House is at war against FOSS geeks and other phantom enemies [1,2], where the logic is something along the lines of, if we don't control it (we as in the government), then it's a threat to national security. While it seems clear that a brute force attack is the Achilles Heel of FOSS [3,4,5] and Google keeps improving security of FOSS projects like Android [6,7,8,9.10] and others [11,12], the logic followed by the likes of White Source and White House is that if something proprietary keeps its flaws (or back doors) secret, then it's secure and we should not pay attention to real security. Again, this is simply not acceptable.

The head of the Linux Foundation recently said that FOSS is safer, and Linux is more secure than any other OS [13]. Mikko Hypponen seems to agree with him [14] and despite some new known flaws in Red Hat software [15,16] (transparency makes weaknesses visible) we should remember that lack of knowledge about something does not mean it's not there. Just because we cannot easily see back doors in proprietary software doesn't mean they're not there (some groups of people know they're there and they exploit them silently). If Europe is serious about cyber security [17], then it should dump all proprietary software (back doors-friendly software) as soon as possible. Given everything we now know about the NSA, ignorance and uncertainty are no longer an excuse. A Dutch source has just revealed that the NSA cracked 50,000 computer networks. The evidence is overwhelming. Stuxnet is peanuts next to that.

Related/contextual items from the news:



  1. How Antisec Died
    Depending on when one asked, Antisec was generally between 8-10 people, with a solid core of about six. Not all of them were comfortable with talking to me, and certain ones were designated to communicate with press. I was never entirely sure who was in or out at any particular time — it was a fluid group. I never knew all the nicks. I talked repeatedly with five of them, including Sabu.


  2. Bizarre Online Gambling Movie-Plot Threat
    This article argues that online gambling is a strategic national threat because terrorists could use it to launder money.


  3. Huge horde of droids whacks code box GitHub in password-guess attack


  4. GitHub resets user passwords following rash of account hijack attacks
    GitHub is experiencing an increase in user account hijackings that's being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses.
  5. Google extends its proactive Patch Reward Program to include Android Open Source Project, Web servers, and more


  6. Google adds Android Open Source Project to Patch Rewards program
  7. Google expands Patch Rewards Program
  8. Google extends open source bug bounty programme to Android and Apache


  9. Android now part of Google’s Patch Reward Program


  10. Google adds Android and Apache to open source security rewards programme
    Google has extended its Patch Reward Program to include a raft of new platforms and technologies including its own Android system as it looks to improve the securiry of open source software.

    The firm announced an overhaul to its security patch policies last month, offering white hats up to $3,133 for fixes.


  11. Experts applaud Google completion of SSL certificate upgrade
    Step up to 2048-bit keys optimizes balance between protection of company services and maintaining performance


  12. Pinkie Pie and His Google Exploits: The Legend Grows
    Pinkie Pie returned in 2013 for the desktop Pwn2Own event operated by Hewlett-Packard's Zero Day Initiative (ZDI), taking aim once again at Google. This time, it was Google's Chrome browser running on Chrome OS. Pinkie Pie's effort landed him another $40,000 in award money for the discovery and reporting of what turned out to be a trio of flaws, including one buried deep within the Linux kernel. Chrome OS is a Linux-based operating system that Google uses on its Chromebook notebooks.

    But wait. There is still more.

    Just this week in Japan at HP's Mobile Pwn2Own event, the legend of Pinkie Pie grew as the My Little Pony-loving security researcher once again demonstrated previously unknown zero-day flaws in Google's Chrome. Pinkie Pie was able to pwn Chrome on both a Nexus 4 as well as a Samsung Galaxy S 4 smartphone. This time, Pinkie Pie pocketed $50,000 for his efforts.


  13. Linux chief: ‘Open source is safer, and Linux is more secure than any other OS’ (exclusive)


  14. Mikko Hypponen: Open Source Software Will Make the World More Secure
    Open source software can be one answer to combating the global surveillance of innocent citizens, said security expert Mikko Hypponen in his keynote last week at LinuxCon and CloudOpen Europe in Edinburgh.


  15. Hackers actively exploiting JBoss vulnerability to compromise servers, researchers say
    Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner.


  16. Red Hat: 2013:1521-01: python-django: Moderate Advisory


  17. European businesses urged implement anti-cyber security systems
    The European Cyber Security Directive, which proposes that European businesses have a legal obligation to ensure they have suitable IT security mechanisms in place, is soon to be enforced in the UK.




Recent Techrights' Posts

Jean-Pierre Giraud, Possible Forgeries & Debian: elections, judgments, trademark already canceled, archaeologist
Reprinted with permission from Daniel Pocock
Justices Jeremy Johnson and Victoria Sharp to Decide the Fate of Julian Assange in About Three Weeks
Will he be back home in Australia by year's end?
Treating Them as Teammates, Not as Political Props, Trophies, or Objects
Most of the world's people are women
Belarus: Bing Fell From 1.1% to 0.6% Since Microsoft Started the LLM Hype (Yandex is 50 Times Bigger Than Bing)
Now enter Belarus
Australia: Bing Lost Market Share Since the LLM Hype ("Bing Chat")
Google rose, Bing went down
[Meme] Canonical Has Basically Become Novell II
Today's Canonical...
 
Gemini Protocol Turns 5 in 15 Hours
Geminispace is still very much alive
OSI's Blog is Still 100% "AI" Nonsense Sponsored by Microsoft (the Authors Are Also Salaried by Microsoft)
The founder of the OSI no longer supports the OSI
Poland is Another Country Where Bing Lost a Lot of Market Share Since the LLM Gimmicks
down from 3.24% to 2.4%
It Took Microsoft More Than 3 Years to Get a Quarter of Windows Users to 'Upgrade' to Vista 11 (3 Out of 4 Windows Users Still Reject It)
That is exactly what's happening right now
[Meme] The Empire
Don't be like Putin
They Want 'Transparency' Only for the General Public (Every Bit of Communication Available to the Government, Usually Via Corporations)
The EU might decide to effectively ban SSH
Free Software Won't Fix Equality, But It Helps
Let's examine Free software in the context of: 1) money. 2) justice.
Links 19/06/2024: SFTP and Gopher Milestone
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 18, 2024
IRC logs for Tuesday, June 18, 2024
US Surgeon General's Advice on Social Control Media (and "Smart" Phones) Seems Reasonable
People forget what the real world is about
Quiet at Planet Debian
planet.debian.org has not had any updates since 5 days ago
Morale at Microsoft Sinks to New Lows
The annual 'Employee Signals' survey showed a drop from 69% to 62% in positive responses
Microsoft Windows is Being Abandoned in the UK, Relative to Other Platforms (New All-Time Lows)
Windows at new lows
Links 18/06/2024: More Executives Leave Microsoft, Attacks on the Press in Russia and 'Exile'
Links for the day
[Meme] Always Livecasting
Wait Till Systemd-Recall
Gemini Links 18/06/2024: Unconscious Consumption and Firewall Autoban
Links for the day
While Everyone is Furious at Vista 11 (Over TPM, Recall and Other Malicious 'Features') Canonical is Selling It to People
So the only thing Canonical says about Windows is that you should give it a try?
Links 18/06/2024: Adobe and Internet Archive in Trouble
Links for the day
Peter Duffy Explains SystemD
Ein Volk, Ein Reich, Ein Führer!
[Meme] The Doyen and the Colonel
EPO continues to prioritise lawbreaking over knowledge
EPO Union Action: Next Week SUEPO The Hague and SUEPO Munich Talk About New Pension Scheme (NPS) and Salary Savings Plan (SSP)
So there are basically 32 days left for more people to intervene
[Meme] Wait Till Systemd-Recall
The only thing Linux still needs is a forensics backdoor
GNU/Linux Up This Month in India (or Why Famous Criminal Bill Gates Keeps Visiting Modi)
truth tends to catch up with people
Microsoft Poetterix is Work in Progress
Linux's New DRM Panic 'Blue Screen of Death' In Action
24/7 Work Discipline
it's not so much about how much (or how long) one works, it's about how one works and whether one feels comfortable doing it
Adamant Conformism is an Enemy of Science
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 17, 2024
IRC logs for Monday, June 17, 2024
Links 18/06/2024: Further Mass Layoffs and Gemini Leftovers
Links for the day
At IBM, "Brownnosing is the Norm."
Many of these comments are from IBM insiders
Myanmar/Burma: Google Gains One Percent, Microsoft Loses One Percent Since the LLM Hype ('Bing Chat')
it's not hard to understand LLMs didn't replace real search and didn't replace Google, either
[Meme] KISS, not SAAS
Gemini Protocol turns 5 in exactly 2 days
Hostageware: The Threat of Clown Computing (or 'SaaS', Another Misnomer or Buzzword) to Computer Users Everywhere
This problem isn't limited to Free software adopters
Six on the Beach: After Losing Six Continents Microsoft is Losing Oceania Too
Based on the 6- or 7-continent view of the world
Links 17/06/2024: Mass Layoffs Accelerating in Tech, Concerns About Impact of the Net
Links for the day
Gemini Links 17/06/2024: Hyprland Analysed and No Use for Betrusted
Links for the day
Microsoft Can Never Make a Comeback Anymore, the Community is Shutting It Out
We're relying on the real community, not fake ones or coopted ones
The World is Becoming (or Has Already Become) Linux
An intercontinental success story
Georgia: Bing Share Fell by Half Since 'Bing Chat' (LLM Hype), Fell Behind Yandex As Well
Georgia's situation is interesting
[Meme] Community of People to be Exploited, Then Thrown Away, Left Behind or Even Slandered
Debian.org front page
Alexandre Oliva's FSF disposition
During my recent trip for LibrePlanet, I was fortunate to have, or at least start, long conversations with nearly everyone in FSF staff
[Meme] SPI and 'FSFE': Sponsored by Microsoft to...
women's instincts do not matter to these strongmen
One More (Failed) Attempt to Deplatform the Sites by Harassing and Threatening Webhosts
What we're seeing here is a person who abuses the system in Canada at Canadian taxpayers' expense trying to do the same in the UK, at British taxpayers' expense
[Meme] Shitburger of an LLM
IBM and the Hololens
Links 17/06/2024: Chatbot Nonsense Thrown Under the Bus (Severe Failure, Pure Hype), How to Finance Free Software 'Hackers'
Links for the day
Debian's Personal Attacks Are Upsetting Women, Too
Female Debian Developer: "I Believe Daniel [Pocock] is On the Right Track."
Microsoft's Bing is So Irrelevant in Moldova (1%) That Russia's Yandex is About 5 Times Bigger
How much longer before Microsoft throws in the towel?
12 Days Have Passed Since the Edward Brocklesby Revelations and Debian Project Has Said Absolutely Nothing About That
One must therefore assume they have nothing to say in their defence (covering up severe security failings)
Yes, You Can
Unless you live somewhere like Russia...
[Meme] Listen to the Experts
Bill Gates didn't even finish university]
Roy and Rianne's Righteously Royalty-free RSS Reader (R.R.R.R.R.R.) and the Front-End Interfaces
As the Web deteriorates the availability, quality and prevalence of RSS feeds is not improving, to put it mildly
Algeria Shows High GNU/Linux and Android Adoption, All-Time High and Almost Three-Quarters of Web Requests
GNU/Linux was below 3%, now it is above 3%
Mass Layoffs at Microsoft-owned GitHub (About 80 Percent of the Staff in India Laid Off)
It's not just in India
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 16, 2024
IRC logs for Sunday, June 16, 2024
Gemini Links 16/06/2024: Scarecrows, Moles, Ham Radio, and No IPs
Links for the day