05.30.09

Gemini version available ♊︎

Microsoft Windows as Matter of National Insecurity

Posted in Microsoft, Security, Windows at 2:34 am by Dr. Roy Schestowitz

Lock

Summary: Security news roundup

THE United States military is repeatedly being invaded by crackers (example from December). This is caused by the use of Windows and the latest incident too alludes to the failure of anti-virus software, which gives clues away.

Anti-U.S. Hackers Infiltrate Army Servers

[...]

The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.

When foreign enemies enter your premises and access your data — especially in an age of modern warfare — this can be critical. As the following new article from The New York Times suggests, choice of software and its maintenance can determine winners or losers in a dispute or even war. Weapons become digital.

The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare.

[...]

“It’s the domestic spying problem writ large,” one senior intelligence official said recently. “These attacks start in other countries, but they know no borders. So how do you fight them if you can’t act both inside and outside the United States?”

Looking elsewhere in the news, Microsoft now acknowledges that its software is under attack and there is no patch available to fix this. Coverage includes:

The Register: Critical Windows vulnerability under attack, Microsoft warns

Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines.

Heise: Microsoft warns about critical DirectShow vulnerability

Microsoft has found a critical vulnerability in the DirectX library for Quicktime video playback, and it appears that the flaw is now being actively exploited. The software giant has issued a security advisory which contains quite detailed information about the vulnerability.

It is rather surprising that the Obama administration even considers Windows for its operations, especially gives that the army is moving from Windows to GNU/Linux (mostly Red Hat), for security reasons at the very least. Todd Bishop makes the following new claim:

Obama reforming online security

[...]

The government report (PDF) cites Microsoft repeatedly, but not in a bad way. Instead, it refers to testimony and research from the Redmond company to back up its contention that sweeping changes are needed in government coordination.

Given that Microsoft — with help from its front, the BSA — put its staff on top of the Department of Homeland Security [1, 2, 3], such an outcome should not be so shocking. In fact, given the lobbying and pressure Microsoft puts on the Democrats [1, 2, 3, 4, 5, 6, 7, 8], decisions that are driven by favours rather than rationale are only to be expected.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. Needs Sunlight said,

    May 30, 2009 at 6:56 am

    Gravatar

    Should be easy to trace. Any government purchases, especially for the military, have a paper trail in triplicate. The individuals involved in bringing MS products onto the military bases are going to be clearly documented so prosecution can begin any time really.

    Look at just a single Windows worm, conficker, which in its first months has done over 9.1 billion dollars in damage:

    http://www.tgdaily.com/content/view/42101/108/

    and it is still growing, even at Microsoft. The company itself still has infections, which puts a bullet in the myth that the company’s products can be secured if one “knows enough”

    http://www.networkworld.com/news/2009/052109-conficker-still-infecting-50000-pcs.html

    Even a teeny Windows worm like Slammer/Sapphire caused over a billion in cleanup.

    To add the personal factor to it, MS products have gotten shoved into hospitals and been causing major outages there on a frequent basis. Just for the sake of argument, if you say that there are 1500 hospitals with MS products and they go down twice each and one death results per outage, you have 3000 deaths.

    Deaths + Lost money = air strike

    We have the Internet’s equivalent of Osama bin Laden walking around on free foot: leader and a group costing tens of billions in unnecessary economic harm, plus thousands of direct and indirect deaths, per year all because of an ideology. Why is the military not even begining to move against the headquarters, the ringleaders or henchmen? Or is it a larger job requiring NATO to get involved? Or is this a case where the regional, unofficial militia need to rise to the occasion?

    That is not counting the economic harm caused by egregious, apparently intentional, failures in interoperability — even within the product line…

    Nor does it count the mafia style activities which keep the market from cleansing itself of these types.

    Get rid of MS products and tens of billions are saved immediately on just the malware problem. The savings easily cover the cost of any conversion or migration issues. The only loose end is finding a place in society for MSFTers so that they are not in a position to cause any more damage. Like an embezzler can’t work in accounting, a junky in a pharmacy and a pedo in daycare, MSFTers can’t stay in IT. The temptation for recidivism is too high as we see in Ohloh and other farces.

  2. Needs Sunlight said,

    May 30, 2009 at 7:37 am

    Gravatar

    For what it’s worth, the quick way to deal with the DirectX exploit is to stay with the established industry standard, OpenGL

    http://www.opengl.org/documentation/

    That includes watching out for traps like Picasa which use helper tools like Wine as vectors to spread DirectX vulnerabilities even to other platforms.

DecorWhat Else is New


  1. IRC Proceedings: Wednesday, January 19, 2022

    IRC logs for Wednesday, January 19, 2022



  2. Links 20/1/2022: Linuxfx 11.1 WxDesktop 11.0.3 and FreeIPMI 1.6.9 Released

    Links for the day



  3. Links 19/1/2022: XWayland 22.1 RC1 and OnlyOffice 7.0 Release

    Links for the day



  4. Links 19/1/2022: ArchLabs 2022.01.18 and KDE's 15-Minute Bug Initiative

    Links for the day



  5. When Twitter Protects Abusers and Abuse (and Twitter's Sponsors)

    Twitter is an out-of-control censorship machine and it should be treated accordingly even by those who merely "read" or "follow" Twitter accounts; Twitter is a filter, not a news/media platform or even means of communication



  6. IRC Proceedings: Tuesday, January 18, 2022

    IRC logs for Tuesday, January 18, 2022



  7. Links 19/1/2022: Wine 7.x Era Begins and Istio 1.12.2 is Out

    Links for the day



  8. Another Video IBM Does Not Want You to Watch

    It seems very much possible that IBM (or someone close to IBM) is trying to purge me from Twitter, so let’s examine what they may be trying to distract from. As we put it 2 years ago, "Watson" is a lot more offensive than those supposedly offensive words IBM is working to purge; think about those hundreds of Red Hat workers who are black and were never told about ethnic purges of blacks facilitated by IBM (their new boss).



  9. What IBM Does Not Want You to Watch

    Let's 'Streisand it'...



  10. Good News, Bad News (and Back to Normal)

    When many services are reliant on the integrity of a single, very tiny MicroSD card you're only moments away from 2 days of intensive labour (recovery, investigation, migration, and further coding); we've learned our lessons and took advantage of this incident to upgrade the operating system, double the storage space, even improve the code slightly (for compatibility with newer systems)



  11. Someone Is Very Desperate to Knock My Account Off Twitter

    Many reports against me — some successful — are putting my free speech (and factual statements) at risk



  12. Links 18/1/2022: Deepin 20.4 and Qubes OS 4.1.0 RC4

    Links for the day



  13. Links 18/1/2022: GNOME 42 Alpha and KStars 3.5.7

    Links for the day



  14. IRC Proceedings: Monday, January 17, 2022

    IRC logs for Monday, January 17, 2022



  15. Links 17/1/2022: More Microsoft-Connected FUD Against Linux as Its Share Continues to Fall

    Links for the day



  16. The GUI Challenge

    The latest article from Andy concerns the Command Line Challenge



  17. Links 17/1/2022: digiKam 7.5.0 and GhostBSD 22.01.12 Released

    Links for the day



  18. IRC Proceedings: Sunday, January 16, 2022

    IRC logs for Sunday, January 16, 2022



  19. Links 17/1/2022: postmarketOS 21.12 Service Pack 1 and Mumble 1.4 Released

    Links for the day



  20. [Meme] Gemini Space (or Geminispace): From 441 Working Capsules to 1,600 Working Capsules in Just 12 Months

    Gemini space now boasts 1,600 working capsules, a massive growth compared to last January, as we noted the other day (1,600 is now official)



  21. [Meme] European Patent Office Space

    The EPO maintains a culture of illegal surveillance, inherited from Benoît Battistelli and taken to a whole new level by António Campinos



  22. Gemini Rings (Like Webrings) and Shared Spaces in Geminspace

    Much like the Web of 20+ years ago, Gemini lets online communities — real communities (not abused tenants, groomed to be ‘monetised’ like in Facebook or Flickr) — form networks, guilds, and rings



  23. Links 16/1/2022: Latte Dock 0.11 and librest 0.9.0

    Links for the day



  24. The Corporate Cabal (and Spy Agencies-Enabled Monopolies) Engages in Raiding of the Free Software Community and Hacker Culture

    In an overt attack on the people who actually did all the work — the geeks who built excellent software to be gradually privatised through the Linux Foundation (a sort of price-fixing and openwashing cartel for shared interests of proprietary software firms) — is receiving more widespread condemnation; even the OSI has been bribed to become a part-time Microsoft outsourcer as organisations are easier to corrupt than communities



  25. EPO's Web Site Constantly Spammed by Lies About Privacy While EPO Breaks the Law and Outsources Data to the United States

    The António Campinos-led EPO works for imperialism, it not only protects the rich; sadly, António’s father isn’t alive anymore and surely he would blast his son for doing what he does to progress his career while lying to staff and European citizens



  26. Links 16/1/2022: Tsunami and Patents

    Links for the day



  27. IRC Proceedings: Saturday, January 15, 2022

    IRC logs for Saturday, January 15, 2022



  28. Links 16/1/2022: Year of the GNU/Linux Desktop and Catch-up With Patent Misinformation

    Links for the day



  29. Patrick Breyer, Unlike Most German Politicians, Highlights the Fact That Unified Patent Court (UPC) and Unitary Patent Are Incompatible With EU Law

    A longtime critic of EPO abuses (under both Benoît Battistelli and António Campinos leadership), as well as a vocal critic of software patents, steps in to point out the very obvious



  30. Links 15/1/2022: Flameshot 11.0 and Libvirt 8.0

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts