Bonum Certa Men Certa
Links 11/2/2015: First Ubuntu Phone on Sale Today, Tizen 2.3 Source Code Released | Microsoft's Mole Strategy Against Free Software Spreads OOXML, Surveillance, Other Malice to the Real, Potent Alternatives

Microsoft Back Door in Windows (All Versions) Intentionally Left Open For Over a Year, Existed for 15 Years

Summary: It has become more obvious that Windows back doors are there by design (or knowingly left there by intention) even after Snowden's NSA leaks

THERE ARE SOME corporate media reports about Microsoft patches, but few realise the significance of it. Microsoft tells the NSA about unpatched holes in Windows and other Microsoft software, which is the equivalent of giving the NSA back door access.



As we noted some weeks ago, evidence shows that Microsoft doesn't care about security and it is evidently the same with Apple. They both sat on known flaws that were critical for longer than 3 months, refusing to patch them. Both proprietary software companies, which together command the lion's share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).

"Both proprietary software companies, which together command the lion's share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known)."Dan Goodin, who typically spends his 'journalism' career bashing Free software over security, has finally decided to shift some focus and write about a massive Windows flaw. It's a major one, no doubt; But no name, no "branding"...

In Goodin's own words:

Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.

The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines.


The significant part is in the second paragraph above ("took Microsoft more than 12 months to fix"). We can interpret that as saying that the hole, which NSA used for over a year for back door access (because Mirosoft told the NSA about it), is finally being acknowledged to the public. Therein lies the 'magic' of proprietary software. Is the NSA now 'done' cracking all the world's networks that have Windows in them? Is it now 'safe' to finally close this back door?

Microsoft Windows is an utter joke when it comes to security, as Microsoft's own actions serve to show. Back doors surely look like the goal, not an error. Windows was recently used to crack Sony years after the NSA had cracked North Korea's network. Those who knowingly used an operating system with back doors can't blame anyone other than themselves and perhaps Microsoft/NSA. Misplaced blame these days typically names China, Russia, or North Korea.

Remember that Microsoft leaves security holes open/in fact anyway, no matter if versions of Windows are supported or not (upgrades are neither simple nor free). As Goodin's former employer puts it:

What happens six months from now, on 14 July? That's the date Microsoft issues its last security fix ever for Window Server 2003 – the end of extended support from the server operating system's maker.


The article states that many servers will basically be left with permanent back doors. Many of them contain customers' (or patients') data.

As Robert Pogson put it, "Server 2003, which is due to go without support this summer won’t be fixed for a recent Patch Tuesday revelation of a vulnerability built-in by design a decade ago and impossible to fix without breaking everything…"

He concludes correctly: "Maybe it’s time people switched to GNU/Linux, an operating system not designed by salesmen. It’s not perfect but at least the bugs are fixable."

Yes, even bugs with special names, logos, and "branding" -- those that the corporate media loves to hype up.
Links 11/2/2015: First Ubuntu Phone on Sale Today, Tizen 2.3 Source Code Released | Microsoft's Mole Strategy Against Free Software Spreads OOXML, Surveillance, Other Malice to the Real, Potent Alternatives

Recent Techrights' Posts

Microsoft Mass Layoffs Without Severance Pay Reported Hours After Microsoft Reported Weak Numbers and Microsoft Stock Fell
Microsoft has a bloodbath this month
Another Slew of Fake Articles About 'Linux' and 'Security' From Brittany Day at linuxsecurity.com (Spamfarm/Slopfarm)
linuxsecurity.com is basically a pariah and parasite. It lessens the incentive to write real articles about "Linux" by generating fake ones to outrank the originals.
IBM: Many Thousands of Layoffs in 2025
If 2025 is expected to be the same, then perhaps about 20,000 IBM workers will no longer be there
 
Techrights Should be Even Faster Now
We're now better off
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 30, 2025
IRC logs for Thursday, January 30, 2025
Richard Stallman (RMS) Gave 3 Talks in India in Less Than a Week
In India this month we've not seen a single negative comment about RMS
Indian Data Biases statCounter For or Against "Linux"
In statCounter, the GNU/Linux increases and decreases are deeply tied to what it does with data collected in India
The Corporate Media Pretends That Facebook ("Meta") Has Performed Well, But Its Debt Doubles Every 2 Years Despite Mass Layoffs
That same media also helps parrot misleading financial claims
Microsoft's Debt Surged by More Than 6,000,000,000 Dollars in Just 3 Months
numbers released hours ago
The Sheer Irony of Microsoft Proxy Accusing Others of 'Stealing'
Wherever DeepSick's data came from, Microsoft (or its proxy) is in no position to issue criticism.
The Difference a Decade (and GAFAM Money) Makes
Credibility cannot be purchased
[Meme] The Free Software Foundation (FSF) Has Critics Because Its Message is Effective
Applying to others the same standards one is willing to violate?
The Free Software Foundation (FSF) Raised $422,000 (Another $22k in the Two Weeks After Campaign Ended), Proving That Truth and Justice Tend to Find a Way
10,000+ dollars a week even without campaigning for more funds
Faking Revenue Increase by Buying Your Own Products and Services (Through Scams and Scammers Like Scam Altman)
Is this what society deserves? Media that instead of exposing corruption has chosen to participate in it and profit from it?
Links 30/01/2025: Fentanylware (TikTok) Causes Deaths, FBI Seizes Domains
Links for the day
Gemini Links 30/01/2025: Action vs Inaction, Gopherholes, and More
Links for the day
Links 30/01/2025: Microsoft Wants Convicted Felon to Give Fentanylware (TikTok) to It (After Making a Phonecall Asking for That in 2019), "Moving Away From Google's Ecosystem"
Links for the day
Jack M. Germain (LinuxInsider) Seems to Have Turned to LLM Slop, Graphics Slop, and B2B SPAM
LinuxInsider is barely active anymore
Links 30/01/2025: Amazon Layoffs and DeepSeek Panic
Links for the day
Gemini Links 30/01/2025: Chaos Reigns, E-mail, Searching
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 29, 2025
IRC logs for Wednesday, January 29, 2025
Google: Your Only Option is Google YouTube (Coming Soon: Mandatory DRM and Attestation?)
Digital Restrictions (DRM) to follow? Only for "approved" (attestation) browsers?
Mastodon Was Always Biased (Just Like Twitter After Abandoning Chronological and Neutral Timelines in Order to Become More Like Facebook)
So bury-brigading and click-farming control what people see
Certificate Authority Let's Encrypt Falls to Only 0.4% of the Total in Geminispace
Geminispace does not need to outsource trust
The Munich-Based EPO is Still Using a Platform That Promotes the Far Right and Rehabilitates Nazism
Active Twitter account
Links 29/01/2025: Dismantling Public Health in the US, Air Busan Plane Up in Flames (South Korea's Air Disasters Streak)
Links for the day
Announcements and Administrivia
This week we're going out for two days in a row to celebrate an achievement that's very respectable
Gemini Links 29/01/2025: Japan, GTD, and More
Links for the day
Sir, Yes, Sir. The Life of EPO Patent Examiners.
If working for the EPO makes it harder to sleep at night, take action
How the EPO Pressures Staff Into Minting More Monopolies (Patents), Even Illegal Ones That Harm Europe and Ultimately Dismantle the Rule of Law
insights into the pressure examiners are under
LLM Slop Machines Are Not a Win for "Open Source" and If They Get Cheaper, It's Even Worse
If some program that claims to be "Open Source" pollutes the Web with fake articles (Microsoft SPAM and fake "Linux" articles), whose win is it?
Links 29/01/2025: Data Privacy Day and Growing Tensions in Europe
Links for the day
Nazi Twitter (aka "X") Became a Troll Site That Lets People Buy a Blue Tick While Its Boss Actively Promotes Neonazi Politicians
the intellectual level of people who infest the Web through "Twitter" or "X"
This is Why They're So Afraid of Richard Stallman (He Tells People the Correct History)
Then they post about it to Microsoft's LinkedIn
Richard Stallman Speech in Bengaluru, "Silicon Valley of India"
62 years have passed since his "young nerd" days and he's still at it
Claim: Facebook Deletes Posts of IBM Red Hat Critics
As always, follow the money (advertisers)
Links 29/01/2025: Climate Crisis and "It’s time for the Xbox to fade away" (Microsoft Lose)
Links for the day
Links 29/01/2025: Buying Groceries During a Trade War, Political 'Retro'
Links for the day
More Illegal Patents at the EPO, Legality of Granted European Patents No Longer Matters to the Office
breaking the law for profit
Network Improvements Tomorrow
"Network maintenance" down in London
Sharing is Caring (But Advocating Copyleft Makes You a "Target")
GPLv3 does not close all the loopholes which the "Affero" helps close
Articles About Free Speech at Facebook
'Facebook vs Linux' story is now receiving a lot more media coverage
We Were Right About stallmansupport.org Making an Error by Joining Social Control Media. mastodon.social Suspends stallmansupport.org.
From what we can guess, accounts can be banned by some oversensitive admin or a mob of users ("bury brigades")
"Latest Technology News" in BetaNews Still LLM Slop and SPAM Composed by LLMs (It's Basically a Spamfarm Disguised as a News Site)
Only a fool would visit BetaNews in search of actual news
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 28, 2025
IRC logs for Tuesday, January 28, 2025
The EPO's Corruption, If It Remains Untackled, Helps the Far Right and Enemies of European Unity/Solidarity
Do not negotiate with evil
The Web, Including Wikipedia, Gets Filled With Lies About Bill Gates, Added by Bill Gates and His PR Team
Of course Wikipedia is funded by Gates
Facebook Banning Linux Sites (or People Who Link to Linux Sites) is Another Symptom of the Web's Demise
The state of media on the Web is really bad; Social Control Media amplifies the badness, as Facebook serves to show
Gemini Links 29/01/2025: Neovim Telescope and Writing Less
Links for the day