Bonum Certa Men Certa

Microsoft's Insecure-by-Design (Sometimes With Back Doors) 'Contributions' to OpenSSH

Making a mockery out of the spirit of OpenBSD, having given money to OpenBSD

Manchester church Vulnerability (need for money) found in the Church of BSD



Summary: Microsoft is seemingly disrupting the high standards of the OpenSSH project (and by extension OpenBSD and Free/libre software), as its focus on security is ludicrous at best

LAST week, in our daily links, over a dozen links were included about a new revelations of flaws in a hugely popular encryption method. A paper presented by award-winning academics demonstrated a serious weakness. OpenSSH was among the alleged targets, potentially allowing spies to infiltrate, intercept and decrypt communications/data relayed over SSH. The philosophy and principles (UNIX) of OpenSSH had kept it strong for a very long time.



"Knowing the role that social engineering plays in weakening encryption, the last thing one needs right now is PRISM pioneer (first company) and a back doors proponent like Microsoft inside the OpenSSH community."Those who keep abreast of privacy news (including NSA leaks) will know that there is an aggressive effort to crack SSH. Some ciphers were recently phased out or deprecated as a result. Knowing the role that social engineering plays in weakening encryption, the last thing one needs right now is PRISM pioneer (first company) and a back doors proponent like Microsoft inside the OpenSSH community. As we pointed out earlier this year, OpenSSH is being subjected to E.E.E. (embrace, extend, extinguish) treatment from Microsoft [1, 2] because money talks. Microsoft has a lot of money (despite losses in the billions) and OpenBSD is underfunded, hence desperate for money.

Secure channels and Microsoft Windows are incompatible concepts. It cannot be done because Windows itself has back doors, allowing penetration at root (Administrator) level. Microsoft is now pushing its back-doored, insecure-by-design APIs into the SSH project and also puts people's keys on boxes with such inherent insecurities. How terrible a recipe is that? Is OpenBSD willing to compromise its credibility and reputation just because Microsoft gave it a 'generous' payment (some would call it a bribe)?

According to this update from Microsoft, they now intend to:

Leverage Windows crypto api’s instead of OpenSSL/LibreSSL and run as Windows Service...


People in the comments (not deleted, at least not yet) rightly post complaints. One said: "I don't think I like that your replacing an open source SSL with a closed source Windows crypto api."

Another commenter said: "Do I see a trap here?! If the Windows port uses the closed source crypto api is the whole OpenSource OpenSSH-idea then still intact?"

"Microsoft takes something that's not its own and then 'bastardises' it, making it an inferior 'Windows thing' which spreads only because of the network effect or illegal bundling."iophk told us: "How much key code can they replace with dodgy homebrew and still be allowed to use the same name? Without the crypto, it is not the same software and merely a derivative."

Well, that's just how E.E.E. has historically worked. Microsoft takes something that's not its own and then 'bastardises' it, making it an inferior 'Windows thing' which spreads only because of the network effect or illegal bundling.

iophk has also pointed out to us that Roger A. Grimes, who works for Microsoft and IDG (news publisher) at the same time (clearly a conflict of interests), presents a false dichotomy, "freedom or security" (right there in the headline). Computer security is never the goal at Microsoft; they want back doors for so-called 'national security' (i.e. state power with remote access to citizens' PCs).

"The first rule of zero-days is no one talks about zero-days," reads this new headline (remember that Microsoft wilfully enables NSA access through zero-days).

"If Microsoft cannot honour Free software and respect the APIs of OpenBSD, OpenSSH, OpenSSL etc. then maybe it's time to tell Microsoft to take back its 'bribe' money and go away, leaving OpenSSH alone (and secure)."Microsoft's E.E.E. tactics are becoming a big threat not just to GNU/Linux but also to BSD and Free software as a whole. Microsoft now tries to become a GNU/Linux host, despite its known record of scanning every single file (claiming to do so because of child pornography) and colluding with the government for warrantless access to data stored on servers.

The E.E.E. against GNU/Linux is perhaps best demonstrated by this new article about how Microsoft tries to take over Big Data (a lot of data, sometimes incredibly sensitive) on GNU/Linux servers. "Last month Microsoft did something extraordinary," says the author, "something which demonstrates how completely the company has changed since its third CEO, Satya Nadella, took over."

Satya Nadella just turned the company into more of a surveillance company, as Vista 10 serves to remind us. He continues to attack GNU/Linux in many ways (including patent extortion) while saying that Microsoft "loves Linux' (a lie as big as a lie can get).

If Microsoft cannot honour Free software and respect the APIs of OpenBSD, OpenSSH, OpenSSL etc. then maybe it's time to tell Microsoft to take back its 'bribe' money and go away, leaving OpenSSH alone (and secure). Almost every distribution of GNU/Linux comes with OpenSSH. Microsoft is a wolf in sheep's clothing and it has no room inside FOSS until it quits attacking FOSS and collaborating with abusive espionage agencies like GCHQ and the NSA.

Recent Techrights' Posts

Another Dose of Fake 'Articles' About Linux
Don't give visibility to the nonsense of Microsoft
Synthesised Voices Aren't a New Technology (the Hype Might Be, They Call It "Hey Hi" Now)
I still consider this an extension of the "hey hi" (AI) hype
 
GNOME Foundation Says It's Nearly Broke (Again), It's Getting Rid of More People (Only Women Get the Boot), and It Will Improve Communications and Transparency Even Though It Secretly Ousts People From the GNOME Foundation Board (for Secret Reasons)
It only talks about this months later (under strict gag orders, only public shaming of a person)
Links 08/10/2024: Australian Fines for Twitter (X), Fake Patent Courts Still Not Scuttled
Links for the day
Gemini Links 08/10/2024: Guilt by Association, Workers vs Owners
Links for the day
Links 08/10/2024: War Updates, Samsung's Layoffs, and Gemini
Links for the day
Links 08/10/2024: Microsoft Deleting Office Documents Instead of Saving Them, "Threads Still Sucks"
Links for the day
gemini.techrights.org and techrights.org (Same Server, Not the Same Protocol)
We're reminding readers that everything in this site is fully accessible via gemini.techrights.org in Gemini Protocol
X Has Axed Itself. This is Great News and Further Affirmation of Everything We've Said About Social Control Media.
Don't waste any more time on social control media
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 07, 2024
IRC logs for Monday, October 07, 2024
Gemini Links 08/10/2024: Contingency Begets Complexity, Playing With Bezier Curves
Links for the day
Almost Half the Web Users Connecting to Your Site Are Using Linux
almost 1 in 2 Web-connected devices runs Android and about 2% run "proper" GNU/Linux
The Web Has Severe Amnesia Problems, But We Still Remember How Gilberto Gil Promoted Free Software in Brazil
The Digital Tipping Point (DTP) is years behind us now
LLM Hype is Already Descending, Apple Stopped Investing in the Money Furnace
Wall Street is a perverse force in the technology market, incentivising the most harmful (and mostly useless) things
Change Control and What Will Come After Git (If That's Still Possible at All)
It would be wrong to believe (at least misguided) Git can be a "standard" skill 30 or 50 years from now.
On the Web, HTTPS Has Actually Become a Privacy Problem (Broadcasting Usage/Access to the All-Seeing CA Eye). Geminispace Doesn't Have This Problem.
Down to 23 capsules: the rapid demise of Certificate Authority (CA) Let's Encrypt in Geminispace
Links 07/10/2024: Politics, Education, Wars, Financial Crunch
Links for the day
Munich Was Having Real Difficulties Moving From GNU/Linux to Windows
How many are still using GNU/Linux?
Links 07/10/2024:China’s 'Deflation' (Price Decreases), Brazil Still Bars Twitter ("X")
Links for the day
Links 07/10/2024: "Creative Computing" Turns 50, Long War in Middle East Turns 1
Links for the day
Gemini Links 07/10/2024: Luck and Dishonesty, Gaming Getting Worse
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 06, 2024
IRC logs for Sunday, October 06, 2024
EPO: We Give Recognition to Frauds
Good to see some frank recognition right there in the EPO's own Web site
Even Though We Don't Focus on statCounter for Now (Not Our Top Priority) GNU/Linux Reaches New Highs This Month:
We caught GNU/Linux at 4.86% before, but only temporarily
Links 06/10/2024: Ham Radio for Recovery, Health Problems Worldwide
Links for the day
Gemini Links 06/10/2024: Special Interest Galore and Religion
Links for the day
Keeping Control Out of Dictators' Hands
When people are just "numbers"...
Links 06/10/2024: Misinformation Growing on the Web, "Hey Hi" Hype Waning for Lack of RoI
Links for the day
[Meme] Years Have Passed and EPO Management Still Isn't Obeying a Ruling From a Court Regarding Communications Between Staff
Representatives talking to their staff is "privacy violation"?
Presentations of the Staff Union of the European Patent Office in Its Headquarters Tomorrow After Work
Annual General Meeting and reports
Gemini Links 06/10/2024: SSH Keys and Hobby Game Development
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 05, 2024
IRC logs for Saturday, October 05, 2024