Bonum Certa Men Certa

With SSH Keys on Windows the World Will be a Vastly Less Secure Place

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

Summary: Another warning about the grave consequences of putting SSH endpoints on an operating system which is compromised by design

QUITE a few readers (and also pro-Microsoft bullies) have written to us regarding yesterday's article about OpenSSH and Microsoft, the first PRISM company which also uses broken (by design) ciphers to act as passive back doors. Microsoft is losing and is getting left behind, hence it tries to 'embrace' the competition. It's not a good gesture but an effort to entice people into Windows prison, i.e. inherent insecurity. OpenSSH is supposed to be all about security, which Windows is inherently (by design) not compatible with. Does anyone really want to put public and private keys on a machine that is remotely accessible by spies? That's suicidal for a government, corporation, legal firm, journalist, etc.

"We already know, thanks to leaks from Edward Snowden, that spies in the West are systematically harvesting passwords of systems administrators and then use these to hijack/infiltrate entire networks."Microsoft promotion sites continue to praise Microsoft, whereas other sites cautiously welcome the move [1, 2, 3, 4, 5, 6]. This has been mentioned in various news sites since we first covered it, some Linux-centric ones ones too [1, 2]. In Linux Questions, for example, comments included "welcome microsoft to the year 2000." Or even: "It was nice having known about you, PuTTY."

To set the record straight, if we correctly understand Microsoft's plans (all they are at this stage is just speculative, as there is not even a timetable, let alone any code), there will be increased access by espionage-seeking, power-motivated spies to people's SSH keys. This will decrease overall security. Windows will be the weakest link. We already know, thanks to leaks from Edward Snowden, that spies in the West are systematically harvesting passwords of systems administrators and then use these to hijack/infiltrate entire networks all around the world. All that Microsoft's involvement can achieve in this case is an increase in compromised computer networks. Putting SSH keys on Windows is the technical equivalent of putting tanks on rhapsodies (rendering the tanks sinkable).

Recent Techrights' Posts

GNOME Console Won’t Support Color Palettes or Profiles; Will Support Esperanto
Reprinted with permission from Ryan Farmer
Let's Hope GNU Makes it to 100
Can GNU still be in active use in 2083? Maybe.
GNU is 40, Linux is Just 32
Today it's exactly 40 years since Richard Stallman sent a message regarding GNU
GNU/Linux and Free Software News Mostly in Tux Machines Now
We've split the coverage
Links 27/09/2023: GNOME Raves and Firefox 118
Links for the day
Links 27/09/2023: 3G Phase-Out, Monopolies, and Exit of Rupert Murdoch
Links for the day
IBM Took a Man’s Voice, Pitting Him Against His Own Work, While Companies Profit from Low-Effort Garbage Generated by Bots and “Self-Service”
Reprinted with permission from Ryan Farmer
Links 26/09/2023: KDE, Programming, and More
Links for the day
Mozilla Promotes the Closed Web and Proprietary Webapps That Are Security and Privacy Hazards
This is just another reminder that the people who run Mozilla don't know the history of Firefox, don't understand the Web, and are beholden to "GAFAM", not to Firefox users
Debian More Like an Exploitative Sweatshop Than a Family
Wiltshire is riding a high horse in the UK, talking down to Indians who are "low-level" volunteers in his kingdom of authoritarians, guarded by an army of British lawyers who bully bloggers
Small Computers in Large Numbers: A Pipeline of Open Hardware
They guard and prioritise their "premiums", causing severe price hikes due to supply/demand disparities.
Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up)
There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus
Real Life Should be Offline, Not Online, and It Requires Free Software
Resistance means having the guts to say "no!", even in the face of great societal burden and peer pressure
10 Reasons to Permanently Export or Liberate Your Site From WordPress, Drupal, and Other Bloatware
There are certainly more more advantages, but 10 should suffice for now
About 200,000 Objects in Techrights Web Site
This hopefully helps demonstrate just how colossal the migration actually is
Good Teachers Would Tell Kids to Quit Social Control Media Rather Than Participate in It (Teaching Means Education, Not Misinformation)
Insist that classrooms offer education to children rather than offer children to corporations
Twitter: From Walled Gardens to Paywalls and/or Amplifiers of Fascism
There's moreover a push to promote politicians who are as scummy as Twitter's owner
The World Wide Web is Being Confiscated From Us (Like Syndication Was Withdrawn About a Decade Ago) and We Need to Fight Back
We're worse off when fewer people promote RSS feeds and instead outsource to social control media (censorship, surveillance, manipulation)
Next Up: Restoring IRC Log Pipelines, Bulletins/Full Text RSS, Wiki (Archived, Static), and Pipelines for Daily Links
There are still many tasks left ahead of us, but we've progressed a lot
An Era of Rotting Technology, Migration Crises, and Cliffhanging
We've covered examples from IBM, resembling the Microsoft world