TJ Maxx all over again?

Summary: UPS is the latest victim of Microsoft's shoddy back door with software on top of it (Windows); attempts to blame FOSS for data compromise actually divert attention from the real culprit, which is proprietary software

A boycott against UPS, based on my bitter experiences, is nothing too prejudiced. Their system does not work well. That's an understatement actually. It's dysfunctional. In fact, it's an utter mess. I wasn't the only one who was utterly screwed, reputedly, and made deeply upset by them. I tried to accomplish something so simple and spent a huge amount of time achieving nearly nothing. They are badly coordinated and their system is crap. They're using an utterly flawed system, especially when it comes to exchanges with clients, including financial exchanges. Last year I was upset enough to produce some memes like the following:

Now it turns out that UPS was foolish enough to be using Microsoft Windows. Consequently, in many countries (not just one) it got "infected with credit card stealing malware" and customers are going to pay dearly (customers, not UPS):

Grocery shoppers nationwide probably had credit card data stolen

Coast-to-coast: Albertsons, Acme Markets, Jewel-Osco and more were hit. Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.

"Windows, again," says our reader. "See the annotations in the update..."

Notice how the Microsoft-friendly Condé Nast fails to even name Microsoft. Total cover-up, maybe misreporting. Disgusting. It's like naming an issue in some car model, stating that it is chronic, dangerous and widespread, but still not naming the car maker or the model. Recall also the biggest credit card-stealing incidents in recent history; it is almost always due to Microsoft and Windows.

There is a bunch of reports circulating right now which blame an OpenSSL bug (that Microsoft likes to hype up) for patients' data compromise.

A reader of ours who lectures on computer security explains: "The real problem was that, as seen in other articles, they used a VPN in place of real security. Oh, and the VPN was closed source, not OpenVPN."

"This is no surprise as when given internal access to any computer network, it is virtually a 100% success rate at breaking into systems and furthering access," says one report.

"They admit to having no security for their services and relying on a VPN to provide the illusion of security," our reader explains. "They also misuse the marketing term '0-day'."

Anything to keep the term "Heartbleed" in headlines, creating a FOSS scare...

You can count on the likes of Condé Nast covering Microsoft-induced disaster without mentioning Mirosoft at all while at the same time shouting "Heartbleed" from the rooftops, as Condé Nast so regularly does. ⬆