02.22.10

Gemini version available ♊︎

Microsoft Resorts to Blame Games (Against Exploiters of Microsoft’s Own Flaws and Against Google)

Posted in Google, Microsoft, Security, Windows at 7:32 am by Dr. Roy Schestowitz

Chinese girl in beijing

Summary: Microsoft is transforming the debate from one which is centered on Microsoft’s inability to secure Windows to one that focuses on external factors (the press is blaming Chinese schoolchildren)

“Blame someone else” is the Microsoft mantra/motto [1, 2]. As we found out yesterday, Microsoft's legal team plays the same type of game. Microsoft is already downplaying the TPM crack and it goes further than this by blaming crackers for blue screens of death. In a world where almost half the machines that run Windows (that's 1 in 2) are confirmed/estimated to be infected, Microsoft can blame the crackers all it wants, but how and why do they manage to intrude other people’s PCs in the first place? According to this message (relating to Microsoft's proposal of Internet driver's licences):

We are sitting on an Internet with *at least* a hundred million fully-compromised, fully-owned systems. Personally, I suspect that the number is closer to double that. Others have postulated still higher values. Whatever that number is, though, it’s (a) big and (b) getting bigger. And there’s no reason, at present, to suspect that the trend will reverse, because nobody’s doing anything that appears to — in any significant way — to be an effective countermeasure.

The new owners of those systems have unfettered access to ANY credentials present on or used on those systems. The overwhelming majority of them are end-user systems, of course, but how many login or email or other access credentials does the average user have? A work email account? One for home? A freemail account? Some number of social networking accounts? How about banks? Utilities? Shopping sites? VPN for a client?

So, according to the above, it’s safe to expect any second Windows PC to be a zombie (the statistics still vary depending on the source). It’s not even improving. Here are some news articles from the weekend:

Cybercriminals Exploit Haiti Tragedy with Malware

There was no let up in spamming and phishing activities last month even as the entire world watched with sympathy the tragedy in Haiti. To add to the sorrow behind the devastating earthquake on January 12, cybercriminals took advantage of the tragedy to launch spamming and phishing attacks.

Chuck Norris Botnet Karate-chops Routers Hard

If you haven’t changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris — the Chuck Norris botnet, that is.

Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University’s Institute of Computer Science in Brno, Czech Republic.

Olympic skier Begg-Smith known as ‘spam king’

Kneber Botnet: What You Need to Know Right Now

Everything you ever wanted to know about Xbox hacking

Malware – usually in the form of fake point generators – often comes into play. “Fake points generators that run on your PC promise free Microsoft points in return for your login details,” Boyd explained. “Of course, what happens is your data is sent back to base via email should you enter it into the program. Typically, the phishers will also hijack YouTube accounts and place fake ‘it works’ messages on the videos promoting them [phishing tricks],” he added.

BSODs are not the major problem, but their relevance to the cracking cannot be ignored.

The point the author makes about the problem would have been fixed long ago in Linux, or any other FOSS software, is the most important part of the article, in my opinion. The way the situation is today, you have a few people at Microsoft trying to keep up with security issues.

Obviously, people talk about the BSOD issue as one involving Microsoft’s attempt to secure machines, but those machines are already compromised. It means that the discussion has been completely warped [1, 2] and Microsoft’s blame-shifting game has worked effectively (with help from Amarillo). SJVN correctly points out that Microsoft is not off the hook because those BSODs were caused by Microsoft’s inability to secure Windows in the first place.

More than a week after Microsoft released an XP patch that seemed to cause BSODs (Blue Screen of Death), Microsoft announced that the immediate cause was the Alureon rootkit. Fair enough, but what about the 17-year old Windows security hole that the rootkit was exploiting?

I mean, come on. This bug dates back to 1993 when Windows for Workgroups 3.11 and Windows NT 3.1 instead of Windows 7 were the hot new versions of Windows. Many of you have never even seen those operating systems much less used them. Since Microsoft has left this security hole open almost long enough for it to be old enough to vote, shouldn’t they get some of the blame?

After all, the hackers behind Alureon, aka TDSS, Tidserv and TDL3, botnet were able to fix their malware to work around the Windows’ fix before Microsoft finally figured it out. Maybe Microsoft should hire them to work on Windows security instead of relying on their own in-house software engineers. Nah. They’re probably making more money from their botnets than Microsoft is willing to pay them.

Specifically, the problem was caused when Microsoft finally fixed a Windows memory call that no longer could be used to call a specific address.

[...]

Unsupported? After 17-years, I’d say, for better of worse, it was part and parcel of Windows. Of course, if Windows were an open operating system like Linux there wouldn’t be any ‘unsupported’ ways of addressing memory. Heck, maybe someone besides a malicious hacker would have found the bug back before the turn of the century and fixed it.

[...]

The only real fix to this problem is to dump Windows. This is just another of the endless examples of how easy Windows is to attack. Even as Microsoft took care of this problem, it was revealed that the Windows-based Kneber botnet has attacked more than 374 U.S. firms and government agencies. Proper patching might have slowed it down — most of the systems getting hit by it seem to be running Windows XP SP2.

Still, the bottom line is that Windows is being exploited every day and as the Alureon/XP patch mess showed, Microsoft isn’t capable of keeping up with the hackers or their threats.

In another example of blame-shifting, the attacks on Google which were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] and Microsoft’s own negligence [1, 2, 3] are now being attributed to only those who exploited the flaws, allegedly two schools in China [1, 2, 3, 4, 5, 6]. We say “allegedly” because the schools are denying it. From yesterday’s news: “Two schools in China where computers were reportedly linked to cyberattacks on Google and other companies have denied involvement in the hack, Chinese state media said Sunday.” Here again is misplaced focus on people who exploited Microsoft’s defective software which Microsoft refused to patch for almost half a year despite knowing about it. The Washington Post says: “Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers, including security professionals, consultants and temporary contractors, according to an industry source.”

But does it really matter? Once again the focus is being shifted to crackers rather than the company which facilitated those attack. Microsoft relied on the same spin when Conficker inflicted huge damage. It’s the blame game being played with PR and once again Microsoft is left off the hook.

Elsewhere in the news we find that Microsoft blames Google for the broken business model of newspapers. “Microsoft Man To Publishers: Google Punches Holes In Your Paywall, But Bing Won’t,” says the headline. We saw this before [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. That’s Microsoft playing the blame game in order to get its rivals sued/banned/excluded.

Microsoft plays this game not only in print media but also in books. Here is Google with some publishers and authors defending Google’s side.

Google Inc. and a group of publishers and authors urged a federal judge to accept a $125 million settlement that would create the world’s biggest digital book library.

Among the companies opposing the Google book settlement there is now Amazon, which joins Microsoft just like Yahoo! did.

Microsoft Inc. (MSFT), Amazon.com Inc. (AMZN) and others urged a federal judge Thursday to reject a revised settlement among Google Inc. (GOOG) and publisher and author groups over digital copies of books.

It’s the DRM-loving Amazon, which has been filled with several Microsoft executives as we showed many times before (there is also the geographical factor when it comes to Amazon). It’s funny how allies of Microsoft are typically among those opposing the settlement and blaming Google for the failure of the once-scarce-and-now-abundant information industry.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 17/10/2021: GhostBSD 21.10.16 and Mattermost 6.0

    Links for the day



  2. IRC Proceedings: Saturday, October 16, 2021

    IRC logs for Saturday, October 16, 2021



  3. [Meme] First Illegally Banning Strikes, Then Illegally Taking Over Courts

    The vision of Team Battistelli/Campinos is a hostile takeover of the entire patent system, not just patent offices like the EPO; they’d stop at nothing to get there



  4. Portuguese Network of Enablers

    Instead of serving Portuguese people or serving thousands of EPO workers (including many who are Portuguese) the delegation from Portugal served the network of Campinos



  5. In Picture: After Billions Spent on Marketing, With Vista 11 Hype and Vapourware, No Real Gains for Windows

    The very latest figures from Web usage show that it’s hardly even a blip on the radar; Windows continues bleeding to death, not only in servers



  6. [Meme] [Teaser] Double-Dipping Friedrich Rödler

    As we shall see tomorrow night, the EPO regime was supported by a fair share of corrupt officials inside the Administrative Council



  7. The EPO’s Overseer/Overseen Collusion — Part XIV: Battistelli's Iberian Facilitators - Portugal

    How illegal “Strike Regulations” and regressive ‘reforms’ at the EPO, empowering Benoît Battistelli to the detriment of the Rule of Law, were ushered in by António Campinos and by Portugal 5 years before Campinos took Battistelli’s seat (and power he had given himself)



  8. Links 16/10/2021: SparkyLinux Turns 10 and Sculpt OS 21.10

    Links for the day



  9. “Facebook Whistleblowers” Aside, It Has Been a Dying Platform for Years, and It's Mentally Perverting the Older Generation

    Guest post by Ryan, reprinted with permission



  10. [Meme] Microsoft Has Always Been About Control Over Others

    Hosting by Microsoft means subjugation or a slavery-like relationship; contrary to the current media narrative, Microsoft has long been censoring LinkedIn for China’s autocratic regime; and over at GitHub, as we shall show for months to come, there’s a war on information, a war on women, and gross violations of the law



  11. EFF Pushes for Users to Install DuckDuckGo Software After Being Paid to Kill HTTPS Everywhere

    Guest post by Ryan, reprinted with permission



  12. The Reign in Spain

    Discussion about the role of Spain in the EPO‘s autocratic regime which violates the rights of EPO staff, including Spanish workers



  13. [Meme] Spanish Inquisition

    Let it be widely known that Spain played a role in crushing the basic rights of all EPO workers, including hundreds of Spaniards



  14. Why You Shouldn’t Use SteamOS, a Really Incompetent GNU/Linux Distribution With Security Pitfalls (Lutris is a Great Alternative)

    Guest post by Ryan, reprinted with permission



  15. IRC Proceedings: Friday, October 15, 2021

    IRC logs for Friday, October 15, 2021



  16. Links 16/10/2021: Xubuntu 21.10 and DearPyGui 1.0.0

    Links for the day



  17. DuckDuckGo’s HQ is Smaller Than My Apartment

    Guest post by Ryan, reprinted with permission



  18. Post About Whether Vivaldi is a GPL violation Was Quietly Knifed by the Mods of /r/uBlockOrigin in Reddit

    Guest post by Ryan, reprinted with permission



  19. The EPO’s Overseer/Overseen Collusion — Part XIII: Battistelli's Iberian Facilitators - Spain

    The EPO‘s António Campinos is an ‘Academy’ of overt nepotism; what Benoît Battistelli did mostly in France Campinos does in Spain and Portugal, severely harming the international image of these countries



  20. From Competitive (Top-Level, High-Calibre, Well-Paid) Jobs to 2,000 Euros a Month -- How the EPO is Becoming a Sweatshop by Patent Examiners' Standards

    A longish video about the dreadful situation at the EPO, where staff is being ‘robbed’ and EPO funds get funnelled into some dodgy stock market investments (a clear violation of the institution’s charter)



  21. [Meme] Protecting European Patent Courts From EPO 'Mafia'

    With flagrant disregard for court rulings (or workarounds to dodge actual compliance) it seems clear that today's EPO management is allergic to justice and to judges; European Patents perish at unprecedented levels in national European courts and it should be kept that way



  22. Links 15/10/2021: Pine64's New PinePhone Pro and Ubuntu 22.04 LTS Codename

    Links for the day



  23. [Meme] GitHub Isn't Free Hosting, It's All About Control by Microsoft

    Deleting GitHub isn’t a political statement but a pragmatic decision, seeing how Microsoft routinely misuses its control over GitHub to manipulate the market



  24. With EPO 'Strike Regulations' Belatedly Ruled Unlawful, EPO Management May be Lowering the Salary Even Further by Introducing Outside 'Temps' or Casual Workers

    Institutional capture by an 'IP' (litigation) Mafia is nearly complete; with illegal so-called (anti) 'Strike Regulations' out the door, they're quickly moving on to another plan, or so it seems on the surface



  25. Links 15/10/2021: 95% of Ransomware Targets Windows

    Links for the day



  26. IRC Proceedings: Thursday, October 14, 2021

    IRC logs for Thursday, October 14, 2021



  27. The EPO’s Overseer/Overseen Collusion — Part XII: The French Connection

    The EPO‘s presidency (led by Frenchmen for nearly 15 years out of the past 18 years; Benoît Battistelli and António Campinos are both French despite their somewhat misleading surnames) is extremely unlikely to even be mildly scrutinised by the French delegates because of a web of nepotism and protectionism



  28. [Meme] Another Maladministration Meeting Comes to an End

    Did the EPO‘s overseeing body properly tackle Benoît Battistelli‘s illegal acts, authorised by that very same overseeing body? Don’t hold your breath as António Campinos continues to crack down on staff (maybe ILOAT will rule on it in 2030)



  29. Links 14/10/2021: LibreOffice 7.2.2, Happy Birthday to Jolla, Ubuntu 21.10, Devuan GNU+Linux 4.0, OpenBSD 7.0

    Links for the day



  30. [Teaser] What Miguel de Icaza Really Thinks of the CEO of Microsoft GitHub

    Following the opening of a new series about Microsoft GitHub we drop a little teaser today; we expect dozens of parts to be released in the coming weeks/months as facts are being validated and organised


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts