EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.13

NSA Shows Why We Should Abandon All Proprietary Software and Verify Trust

Posted in Free/Libre Software, Security at 11:19 am by Dr. Roy Schestowitz

Without source code of all levels/layers of the software trust just cannot be established

Compiler

Summary: Proprietary software can never be secure and back doors inside of it can be assumed (unless proven otherwise), based on some of the latest NSA leaks

THE NSA is a criminal operation, so we expect it to work with other criminal operations. Microsoft and the NSA collude to make the world a less secure place, enabling espionage with Windows (Stuxnet for example) and providing video/audio surveillance in people’s own homes without any warrants. Microsoft is about lawlessness is the same way the NSA is. The law of “rule” supersedes the rule of law.

Some say that the Windows-centric Stuxnet is the “world’s first true cyber-weapon”, but that is not true. History aside, to put it as IDG put it: “Stuxnet’s creators recognized they had built the world’s first true cyber-weapon and were more interested in pushing the envelope of this new type of digital warfare than causing large-scale destruction within targeted Iranian nuclear facilities, a study shows.

“In an analysis released last week, Ralph Langner, head of The Langner Group and a renowned expert in industrial control systems (ICS), also refuted arguments that only a nation-state had the resources to launch a Stuxnet-like attack. Assailants with less ambition could take the lessons learned and apply them to civilian critical infrastructure, he said.”

This was an example of overreach and violation of the law, enabled of course by Microsoft and Windows. GNU/Linux does not sell its users down the river the way Windows does.

Sadly, firms like White Source make a comeback with their FUD and they single out FOSS for security issues (here is the press release). This is not acceptable because they totally ignore the much bigger threats, as above (where security issues are there by design).

The White House is at war against FOSS geeks and other phantom enemies [1,2], where the logic is something along the lines of, if we don’t control it (we as in the government), then it’s a threat to national security. While it seems clear that a brute force attack is the Achilles Heel of FOSS [3,4,5] and Google keeps improving security of FOSS projects like Android [6,7,8,9.10] and others [11,12], the logic followed by the likes of White Source and White House is that if something proprietary keeps its flaws (or back doors) secret, then it’s secure and we should not pay attention to real security. Again, this is simply not acceptable.

The head of the Linux Foundation recently said that FOSS is safer, and Linux is more secure than any other OS [13]. Mikko Hypponen seems to agree with him [14] and despite some new known flaws in Red Hat software [15,16] (transparency makes weaknesses visible) we should remember that lack of knowledge about something does not mean it’s not there. Just because we cannot easily see back doors in proprietary software doesn’t mean they’re not there (some groups of people know they’re there and they exploit them silently). If Europe is serious about cyber security [17], then it should dump all proprietary software (back doors-friendly software) as soon as possible. Given everything we now know about the NSA, ignorance and uncertainty are no longer an excuse. A Dutch source has just revealed that the NSA cracked 50,000 computer networks. The evidence is overwhelming. Stuxnet is peanuts next to that.

Related/contextual items from the news:

  1. How Antisec Died

    Depending on when one asked, Antisec was generally between 8-10 people, with a solid core of about six. Not all of them were comfortable with talking to me, and certain ones were designated to communicate with press. I was never entirely sure who was in or out at any particular time — it was a fluid group. I never knew all the nicks. I talked repeatedly with five of them, including Sabu.

  2. Bizarre Online Gambling Movie-Plot Threat

    This article argues that online gambling is a strategic national threat because terrorists could use it to launder money.

  3. Huge horde of droids whacks code box GitHub in password-guess attack
  4. GitHub resets user passwords following rash of account hijack attacks

    GitHub is experiencing an increase in user account hijackings that’s being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses.

  5. Google extends its proactive Patch Reward Program to include Android Open Source Project, Web servers, and more
  6. Google adds Android Open Source Project to Patch Rewards program
  7. Google expands Patch Rewards Program
  8. Google extends open source bug bounty programme to Android and Apache
  9. Android now part of Google’s Patch Reward Program
  10. Google adds Android and Apache to open source security rewards programme

    Google has extended its Patch Reward Program to include a raft of new platforms and technologies including its own Android system as it looks to improve the securiry of open source software.

    The firm announced an overhaul to its security patch policies last month, offering white hats up to $3,133 for fixes.

  11. Experts applaud Google completion of SSL certificate upgrade

    Step up to 2048-bit keys optimizes balance between protection of company services and maintaining performance

  12. Pinkie Pie and His Google Exploits: The Legend Grows

    Pinkie Pie returned in 2013 for the desktop Pwn2Own event operated by Hewlett-Packard’s Zero Day Initiative (ZDI), taking aim once again at Google. This time, it was Google’s Chrome browser running on Chrome OS. Pinkie Pie’s effort landed him another $40,000 in award money for the discovery and reporting of what turned out to be a trio of flaws, including one buried deep within the Linux kernel. Chrome OS is a Linux-based operating system that Google uses on its Chromebook notebooks.

    But wait. There is still more.

    Just this week in Japan at HP’s Mobile Pwn2Own event, the legend of Pinkie Pie grew as the My Little Pony-loving security researcher once again demonstrated previously unknown zero-day flaws in Google’s Chrome. Pinkie Pie was able to pwn Chrome on both a Nexus 4 as well as a Samsung Galaxy S 4 smartphone. This time, Pinkie Pie pocketed $50,000 for his efforts.

  13. Linux chief: ‘Open source is safer, and Linux is more secure than any other OS’ (exclusive)
  14. Mikko Hypponen: Open Source Software Will Make the World More Secure

    Open source software can be one answer to combating the global surveillance of innocent citizens, said security expert Mikko Hypponen in his keynote last week at LinuxCon and CloudOpen Europe in Edinburgh.

  15. Hackers actively exploiting JBoss vulnerability to compromise servers, researchers say

    Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner.

  16. Red Hat: 2013:1521-01: python-django: Moderate Advisory
  17. European businesses urged implement anti-cyber security systems

    The European Cyber Security Directive, which proposes that European businesses have a legal obligation to ensure they have suitable IT security mechanisms in place, is soon to be enforced in the UK.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 9/1/2017: Civilization VI Coming to GNU/Linux, digiKam 5.4.0 Released

    Links for the day

  2. Links 9/1/2017: Dell’s Latest XPS 13, GPD Pocket With GNU/Linux

    Links for the day

  3. Update on Patent Trolls and Their Enablers: IAM, Fortress, Inventergy, Nokia, MOSAID/Conversant, Microsoft, Intellectual Ventures, Faraday Future, A*STAR, GPNE, AlphaCap Ventures, and TC Heartland

    A potpourri of reports about some of the world’s worst patent trolls and their highly damaging enablers/facilitators, including Microsoft which claims that it “loves Linux” whilst attacking it with patents by proxy

  4. Mark Summerfield: “US Supreme Court Decision in Alice Looks to Have Eliminated About 75% of New Business Method Patents.”

    Some of the patent microcosm, or those who profit from the bureaucracy associated with patents, responds to claims made by Techrights (that software patents are a dying breed in the US)

  5. Eight Wireless Patents Have Just Been Invalidated Under Section 101 (Alice), But Don't Expect the Patent Microcosm to Cover This News

    Firms that are profiting from patents (without actually producing or inventing anything) want us to obsess over and think about the rare and few cases (some very old) where judges deny Alice and honour patents on software

  6. 2017: Latest Year That the Unitary Patent (UPC) is Still Stuck in a Limbo

    The issues associated with the UPC, especially in light of ongoing negotiations of Britain's exit from the EU, remain too big a barrier to any implementation this year (and probably future years too)

  7. Links 7/1/2017: Linux 4.9.1, Wine 2.0 RC4

    Links for the day

  8. India Keeps Rejecting Software Patents in Spite of Pressure From Large Foreign Multinationals

    India's resilience in the face of incredible pressure to allow software patents is essential for the success of India's growing software industry and more effort is needed to thwart corporate colonisation through patents in India itself

  9. Links 6/1/2017: Irssi 1.0.0, KaOS 2017.01 Released

    Links for the day

  10. Watchtroll a Fake News Site in Lobbying Mode and Attack Mode Against Those Who Don't Agree (Even PTAB and Judges)

    A look at some of the latest spin and the latest shaming courtesy of the patent microcosm, which behaves so poorly that one has to wonder if its objective is to alienate everyone

  11. The Productivity Commission Warns Against Patent Maximalism, Which is Where China (SIPO) is Heading Along With EPO

    In defiance of common sense and everything that public officials or academics keep saying (European, Australian, American), China's SIPO and Europe's EPO want us to believe that when it comes to patents it's "the more, the merrier"

  12. Technical Failure of the European Patent Office (EPO) a Growing Cause for Concern

    The problem associated with Battistelli's strategy of increasing so-called 'production' by granting in haste everything on the shelf is quickly being grasped by patent professionals (outside EPO), not just patent examiners (inside EPO)

  13. Links 5/1/2017: Inkscape 0.92, GNU Sed 4.3

    Links for the day

  14. Links 4/1/2017: Cutelyst 1.2.0 and Lumina 1.2 Desktop Released

    Links for the day

  15. Financial Giants Will Attempt to Dominate or Control Bitcoin, Blockchain and Other Disruptive Free Software Using Software Patents

    Free/Open Source software in the currency and trading world promised to emancipate us from the yoke of banking conglomerates, but a gold rush for software patents threatens to jeopardise any meaningful change or progress

  16. New Article From Heise Explains Erosion of Patent Quality at the European Patent Office (EPO)

    To nobody's surprise, the past half a decade saw accelerating demise in quality of European Patents (EPs) and it is the fault of Battistelli's notorious policies

  17. Insensitivity at the EPO’s Management – Part V: Suspension of Salary and Unfair Trials

    One of the lesser-publicised cases of EPO witch-hunting, wherein a member of staff is denied a salary "without any notification"

  18. Links 3/1/2017: Microsoft Imposing TPM2 on Linux, ASUS Bringing Out Android Phones

    Links for the day

  19. Links 2/1/2017: Neptune 4.5.3 Release, Netrunner Desktop 17.01 Released

    Links for the day

  20. Teaser: Corruption Indictments Brought Against Vice-President of the European Patent Office (EPO)

    New trouble for Željko Topić in Strasbourg, making it yet another EPO Vice-President who is on shaky grounds and paving the way to managerial collapse/avalanche at the EPO

  21. 365 Days Later, German Justice Minister Heiko Maas Remains Silent and Thus Complicit in EPO Abuses on German Soil

    The utter lack of participation, involvement or even intervention by German authorities serve to confirm that the government of Germany is very much complicit in the EPO's abuses, by refusing to do anything to stop them

  22. Battistelli's Idea of 'Independent' 'External' 'Social' 'Study' is Something to BUY From Notorious Firm PwC

    The sham which is the so-called 'social' 'study' as explained by the Central Staff Committee last year, well before the results came out

  23. Europe Should Listen to SMEs Regarding the UPC, as Battistelli, Team UPC and the Select Committee Lie About It

    Another example of UPC promotion from within the EPO (a committee dedicated to UPC promotion), in spite of everything we know about opposition to the UPC from small businesses (not the imaginary ones which Team UPC claims to speak 'on behalf' of)

  24. Video: French State Secretary for Digital Economy Speaks Out Against Benoît Battistelli at Battistelli's PR Event

    Uploaded by SUEPO earlier today was the above video, which shows how last year's party (actually 2015) was spoiled for Battistelli by the French State Secretary for Digital Economy, Axelle Lemaire, echoing the French government's concern about union busting etc. at the EPO (only to be rudely censored by Battistelli's 'media partner')

  25. When EPO Vice-President, Who Will Resign Soon, Made a Mockery of the EPO

    Leaked letter from Willy Minnoye/management to the people who are supposed to oversee EPO management

  26. No Separation of Powers or Justice at the EPO: Reign of Terror by Battistelli Explained in Letter to the Administrative Council

    In violation of international labour laws, Team Battistelli marches on and engages in a union-busting race against the clock, relying on immunity to keep this gravy train rolling before an inevitable crash

  27. FFPE-EPO is a Zombie (if Not Dead) Yellow Union Whose Only de Facto Purpose Has Been Attacking the EPO's Staff Union

    A new year's reminder that the EPO has only one legitimate union, the Staff Union of the EPO (SUEPO), whereas FFPE-EPO serves virtually no purpose other than to attack SUEPO, more so after signing a deal with the devil (Battistelli)

  28. EPO Select Committee is Wrong About the Unitary Patent (UPC)

    The UPC is neither desirable nor practical, especially now that the EPO lowers patent quality; but does the Select Committee understand that?

  29. Links 1/1/2017: KDE Plasma 5.9 Coming, PelicanHPC 4.1

    Links for the day

  30. 2016: The Year EPO Staff Went on Strike, Possibly “Biggest Ever Strike in the History of the EPO.”

    A look back at a key event inside the EPO, which marked somewhat of a breaking point for Team Battistelli

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts