08.01.10

IRC Proceedings: August 1st, 2010

Posted in IRC Logs at 6:20 pm by Dr. Roy Schestowitz

Read the log

Enter the IRC channel now

Permalink Leave Your Comment      Send this to a friend

British Government Chooses to Stay Clunky With Internet Explorer 6

Posted in Europe, Microsoft, Security, Windows at 5:28 pm by Dr. Roy Schestowitz

Summary: When it comes to IT, the UK government chooses to stay frozen in 2001

THE PREVIOUS post discussed some of Microsoft’s very latest utter failures (security failures). According to a new report, Internet Explorer and Adobe Reader flaws are most exploited by crackers [1, 2]. To quote: “Of the Top 15 most exploited vulnerabilities, four involved Adobe Reader and five targeted Microsoft’s Internet Explorer, according to an M86 Security Labs report for the first half of 2010.”

Here in the UK there is a Web site where people make suggestions for the government to consider. One such suggestion is titled “encourage government departments to upgrade away from Internet Explorer 6″ (see the idea here).

“Patients would be safer if they brought a Live CD with them to the clinic.”For those who have not visited a British doctor, well… many are still using Internet Explorer 6 in their office. It’s insane. We wrote a great deal about the NHS and its relationship with Microsoft. Many lives are at stake and “computer crashes” are sometimes reported in surgeries. It’s reassuring, isn’t it? Patients would be safer if they brought a Live CD with them to the clinic.

For a long time now Microsoft has been lobbying to take control of healthcare systems around the world. Here is the longtime Microsoft booster Daniel Lyons posting a sort of Microsoft advertisement for it (this is sometimes known as a ‘fluff’ piece). There are some other new articles about Microsoft trying to “Alleviate Health IT Cloud Concerns”; it is trying to empower those decision makers who foolishly put patients’ data in the hands of corporations like Microsoft (with Russian spies).

“It’s not a private company which is entitled to make its own decisions not on behalf of taxpayers but only for shareholders who choose to participate and can leave at any time.”This is the public sector we’re talking about it. It’s not a private company which is entitled to make its own decisions not on behalf of taxpayers but only for shareholders who choose to participate and can leave at any time. Choosing Fog Computing for data which is confidential, sensitive and owned by the public is absolutely wrong. It’s worse than relying on proprietary software because data is beginning to travel (security risk).

In better news, as we pointed out a couple of weeks ago (additional links here), Microsoft is starting to lose its grip on the NHS, at least based on the licensing conundrum [1, 2].

Tens of thousands of NHS staff are to lose their personal copies of Microsoft Office after being caught out by a confusing licensing agreement.

Earlier this month, the NHS ended its £80 million Enterprise Agreement with Microsoft three years early. The agreement licensed 800,000 desktops across the health service, and offered software discounts to staff.

“NHS scraps huge Microsoft licensing deal,” said the headline from IDG and The Telegraph went along with “Microsoft loses NHS contract,” which is true just for the time being.

The Department of Health has decided not to renew its contract with Microsoft, saving up to £500million. The 12-year-old deal had meant that up to 900,000 NHS staff had full access to a full suite of Office applications, as well as the right to buy home access for £8.95.

Here is where the most recent news comes in. According to Slashdot, “UK Government Rejects Calls To Upgrade From IE6″

“The UK government has responded to a petition encouraging government departments to move away from IE6 that had over 6,000 signatories. Their response seems to be that a fully patched IE6 is perfectly safe as long as firewalls and malware scanning tools are in place, and that mandating an upgrade away from IE6 will be too expensive. The second part is fair enough in this age of austerity (I’d rather have my taxes spent on schools and hospitals than software upgrade testing at the moment), but the whole reaction will be a disappointment to the petitioners.”

From The Register we learn that “UK.gov sticks to IE 6 cos it’s more ‘cost effective’, innit” (it’s not).

It claimed at the time that its system, along with regular Microsoft updates, meant it was robust enough against the kind of attack that claimed over 30 corporate firms at the end of last year.

Google was perhaps the most high-profile victim of those attacks. It has since turned its back on supporting the old MS browser in its web apps.

Here is what Rupert Goodwins wrote about it:

UK Gov’t – ‘too expensive’ to upgrade from IE6

If you work for the Government or write software for government services, bad news – you’re going to be stuck with IE6 for the foreseeable. A 6000-strong petition for an upgrade has been rejected with the conclusion that “To test all the web applications currently used by HMG departments can take months at significant potential cost to the taxpayer. It is therefore more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector internet users.”

Which is, I fear, being economical with the truth rather than the money. It’s been economical for the rest of the world to move on – and the complete unexamined acceptance that ‘upgrade’ means ‘move to IE8′ and ‘Windows is the only game in town’ leaves a very bad taste in the mouth. And it’s a complete stopper on adopting the most important new technologies: how on earth can you move into the cloud if you don’t have decent Javascript support, for starters? And let’s not talk about HTML 5, or I’ll start to cry.

This is absolutely amazing. As our reader Patrick put it, “it’s “too expensive” to run Linux, yet its free … now it’s “too expensive” to upgrade from IE6, which is ALSO free… and IE6 is officially unsupported by Microsoft now too”

Microsoft is not even patching known flaws in Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. What utter negligence. All that Microsoft can do is deflect the issue and point fingers elsewhere. “55% of the flaws Microsoft reported to other vendors in the last 12 months go unfixed,” says one new report. What about Microsoft? And why does the British government not learn from Google and many other companies that are recent victims of Internet Explorer 6? █

Permalink Leave Your Comment      Send this to a friend

Security Emergency at Microsoft, All Windows Users Are Vulnerable for Now

Posted in Microsoft, Security, Windows at 4:30 pm by Dr. Roy Schestowitz

Windows users can cut the Internet cable to feel more secure

Summary: Every version of Windows is open to attack which has already targeted very many users and no patches are available yet

MICROSOFT HAD MANY security issues last month. We covered many of them over the course of the past fortnight, but here are some newer items and items which we missed.

Some while ago Microsoft discovered a very major zero-day flaw, which made a lot of headlines including this one where Microsoft is shown to be confirming the problem.

Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives.

“Microsoft Acknowledges Windows Shell Vulnerability,” says another article from around the same time. “Microsoft Warns Of Attacks Exploiting Windows Shell Flaw,” alerts CRN. This is an emergency which, according to OpenBytes begs for a vulnerability patch on Monday. For how many consecutive months must such embarrassments happen? Also in the news:

• Microsoft sets emergency Windows patch for Monday
• Microsoft To Release Emergency Patch For Windows
• Microsoft Releasing Windows Security Fix Next Week

According to this new report, Microsoft’s bad patches, which even Microsoft partners are scared to apply, leave many Windows installations unpatched and thus totally vulnerable on a permanent basis. Microsoft pulls support (as in security patches) for older versions of Windows (Windows 2000 and soon Windows Server 2003) and since upgrades are not free when it comes to Windows, more people are expected to have vulnerable machines. To Microsoft, it’s just a business decision. When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.

“When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it’s legally allowed.”Microsoft is largely a PR company, so needless to say it has ways of downlplaying the severity of such issues, which may have made one in two Windows PCs a zombie PC (since 2008).

As evidence of Microsoft’s PR crusade, look no further than the latest Microsoft Imagine Cup rubbish [1, 2, 3, 4, 5]. It’s Microsoft advertising and it’s a way of making the monopolist look like it is loved by children. It’s an attempt to change the company’s image and similar stunts currently come from Microsoft Malaysia. But that’s another story for another day. The point we are trying to make here is that no matter how serious Microsoft’s security problems are, it will always do lots of PR work to silence reporters. We have documented cases where Microsoft unleashes PR people at journalists (regarding Vista security) and in last month’s news we found “Irvine PR firm honored for work related to Microsoft patches”. Watch the body of this article:

Madison Alexander was honored for the agency’s work on behalf of its client, Shavlik Technologies. By consistently positioning Shavlik as an expert on Patch Tuesdays – when Microsoft Corp. releases software security updates once a month on a Tuesday – the firm delivered “prominent references” to Shavlik in media coverage of Patch Tuesdays, according a statement from Madison Alexander.

Juniper, which is run by several Microsoft executives, seem to be trying something similar with occasional press releases that are consistent with the same template.

“Microsoft’s security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do”This just shows how ‘independent’ the press really is and why. It’s all distorted by PR, but the PR happens behind the scenes (the back end, so to speak). “atom42 Tops Agency Leaderboard in Microsoft Competition,” says the headline of this new press release. “In a recent competition run by Microsoft to promote recently improved ‘decision engine’ Bing, online marketing agency atom42 outperformed larger rivals to win ‘blingin’ prizes.” Awww… wonderful!

Microsoft’s security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do [1, 2]. It is only making things worse because they take revenge and put all Windows users at risk. This is where Microsoft’s attitudinal problem (arrogance and power games [1, 2, 3]) contributes to lack of security in its products. Some security experts are even leaving Microsoft. New example:

Security researcher and former Microsoft gadfly Marc Maiffret has returned to the company he started when he was a teenager, eEye Digital Security.

Until Microsoft’s emergency security patch arrives everyone who uses Windows is at risk of being assembled into a botnet, “Experts predict extensive attacks of Windows zero-day,” says this report, noting that “Security organizations… raised Internet threat levels to warn users that they expect widespread attacks using exploits of a just-acknowledged critical bug in all versions of Windows.”

That’s right, all versions are affected, Vista 7 included. A while ago Microsoft said that 25,000 PCs were attacked with the latest Windows zero-day flaw (the number is now higher) and it investigated issues it could prevent by simply changing its internal culture. █

“Fuck! It took you a year to figure that out!”

–Bill Gates

“That’s the dumbest fucking idea I’ve heard since I’ve been at Microsoft.”

–Bill Gates

Permalink Leave Your Comment      Send this to a friend

The Chinese Will “Get Sort of Addicted, and Then We’ll Somehow Figure Out How to Collect Sometime in the Next Decade” –Bill Gates

Posted in Asia, Bill Gates, Deception, Microsoft, Windows at 3:40 pm by Dr. Roy Schestowitz

Summary: Microsoft does more to advertise the fact that its software is no longer gratis in China (“addition” phase expired) and more “piracy” propaganda is unleashed

Bill Gates is a shrewd businessman and his “drug dealer” mentality (seen in his current investments too, not just shown in the quote above where he referenced China) is becoming a lot more apparent in this current decade. Earlier this year we showed that Microsoft software was no longer gratis in China (Microsoft usually turned a blind eye before that), where Microsoft admittedly benefits from counterfeiting and unlicensed copies of Windows.

Microsoft is still suing Chinese companies this year. Their only crime is that they spread Microsoft’s software to a wider audience, just as Microsoft desired. Now there is another settlement (meaning that Microsoft gets to take money from another Chinese business) and there was even a press release about it, which is unusual. Microsoft wants to make this publicly known and make a general statement perhaps. From Nasdaq.com:

Microsoft Corp. (MSFT) said Thursday it settled a copyright infringement case with China’s Citic Kington Securities Co., marking another small victory for the software giant against software piracy in China.

Mark Lee reports in the US and Chinese sites too cover this. Microsoft gets the buzz it craved [1, 2], it is described in the press as the victim thanks to improper language like “piracy” and it turns out that Microsoft also has people sent to prison for distributing Windows/Office.

Microsoft said in April it won a decision from a court in Shanghai against a Chinese insurance company for intellectual property infringement. Last year, four people were sentenced to prison terms for distributing pirated Microsoft products.

We gave an example at the time.

Microsoft’s friend Dina Bass (from Bloomberg) has prepared a nice propaganda piece for Microsoft, the poor victim of “piracy” as she calls it.

Microsoft Corp.’s Donal Keating uses a custom-built microscope to take 72 high-resolution images of a counterfeit software disc at a Dublin, Ireland, crime lab.

[...]

In 2007, the company helped Chinese authorities break up a syndicate that had generated $2 billion in counterfeit Microsoft products. In December the company helped Indian police raid one of that country’s largest resellers of Microsoft products, which was pairing legitimate goods with knockoffs to boost profits.

But wait. Microsoft actually encouraged this some years ago. It was seeding the market, so to speak. How come? Bass does not explore these questions. To conform to the norm is to stick with Microsoft’s revisionism, the “official story” about so-called ‘pirates’.

“Narcotics, mafia, piracy, Microsoft Windows… just lump them all together to scare the readers.”In this same article, notice how Bass is associating unlicensed copies not just with piracy but also actual crime (pay attention to sentences like “The probing is part of a campaign by the world’s largest softwaremaker to vanquish counterfeiters. Microsoft employs 75 investigators, lawyers and analysts – many with experience in narcotics and Mafia cases – in nine labs around the world.”)

Narcotics, mafia, piracy, Microsoft Windows… just lump them all together to scare the readers. After all, at Microsoft it’s all about illusions. █

“Stewart Alsop, industry gadfly, presented Gates with the “Golden Vaporware” award, saying, “The delay of Windows was all part of a secret plan to have Bill turn thirty before it shipped.”

–Barbarians Led by Bill Gates, a book composed
by the daughter of Microsoft’s PR mogul

Permalink Leave Your Comment      Send this to a friend

Infosys is an Extension of Microsoft India

Posted in Asia, Dell, Microsoft at 3:02 pm by Dr. Roy Schestowitz

“To illustrate how someone could react to this mudslinging by Microsoft, I have written a hypothetical complaint titled ‘Microsoft is looting the nation in alliance with Indian IT giants’. While constructing this hypothetical complaint, I have used what I call the ‘Microsoft patented mud-slinging algorithm’. I have included it as a stand alone appendix (Annexure A) to this letter. The purpose is to demonstrate that such complaints and counter complaints would lead all of us to disaster. This hypothetical counter complaint shows Microsoft as working at national and International forums to maintain and enhance its monopoly in global markets, and as attempting to ensure its monopoly strangle-hold on Indian desktop Market. It also paints INFOSYS, TCS, WIPRO and NASSCOM as willfully helping Microsoft in this evil design, and thus acting grossly against Indian National interests.”

–Professor Deepak Phatak

India Gate

Summary: Microsoft’s internal IT services are to be run by Infosys in India; Indian call centres used for scam calls that exploit and abuse Microsoft customers

Microsoft is gradually outsourcing staff and particular business tasks to India. We wrote about this many times before and referenced dozens of articles. It’s not just engineers and support staff that Microsoft moves to India; parts of Microsoft’s legal team are also being shifted to India. Sometimes it is not Microsoft which directly deals with its tasks; one prominent example of this is the PR agencies of Microsoft. Microsoft can conveniently distance itself from AstroTurfing this way.

In India, Microsoft has de facto subsidiaries like Infosys [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17], which carries out some of Microsoft’s very own (internal) operations after changes that Microsoft announced earlier this year. Infosys also played Microsoft’s part in the software patents and OOXML debates, offering cheaper labour and local lobby for the software giant from Redmond. There are all sorts of words that describe Infosys’ behaviour and disservice to India. British colonialism relied on the likes of Infosys.

We have just found the following item in the news (again bumped up by Google News):

Microsoft and Infosys Joins Each Other | IT Services Out Sourcing

Two big companies of IT sector MICROSOFT and INFOSYS have signed a contract for next three years, according to this deal now INFOSYS and MICROSOFT will work together rand INFOSYS will organize the internal IT services of the Microsoft Company.

What can possibly go wrong? Well, Indian workers are skilled but they are also underpaid and Microsoft is allowed to get away with it (same for IBM and other multinationals). In other unrelated news:

Microsoft Scam Run From Indian call Centres

Cold callers pretending to be Microsoft’s support service have targeted Britons with a new scam.

According to an investigation conducted by The Guardian, people receive a call on their home phone line from someone with an Indian accent, are quoted their name and address before being told that their PC is infested with viruses that could irreparably damage their files.

Microsoft considers legal action against cold call cons

Microsoft is considering legal action against companies in its Microsoft Partner Network that claim to be calling on its behalf to tell people their PCs have been infected with malicious software.

This would be a defensible lawsuit. Yesterday we posted a warning about incidents of this kind at Dell (relying on Windows though). █

“In Ballmer’s naively managerial mind-set, if Wood said it would take two months, then in reality it could be done in one—if only people would get fired up.”

–Barbarians Led by Bill Gates, a book composed
by the daughter of Microsoft’s PR mogul

Permalink Leave Your Comment      Send this to a friend

Microsoft Executive Becomes Head of Channel 4 (UK) Online, Silverlight Revisited

Posted in Free/Libre Software, GNU/Linux, Microsoft at 2:36 pm by Dr. Roy Schestowitz

Summary: Microsoft’s Davidson-Houston is offered responsibilities that might again jeopardise Free software users in the UK; NASA’s exclusion of GNU/Linux is recalled

ONCE in a while we provide an example of Microsoft UK executives who move into news outlets. Examples of BBC entryism are very many, but we gave examples from other British television channels as well. Before Channel 4 dumped Silverlight (so did ITV) it was hostile towards customers/viewers who used GNU/Linux. They were rudely excluded thanks to Microsoft’s hostility towards GNU/Linux (the Mono-based Moonlight was no substitute). Now that a Microsoft business manager reportedly becomes the head of Channel 4 online we thought it would be worthwhile at least pointing this out.

Before Channel 4, Davidson-Houston spent five years at Microsoft, laterly as business manager at MSN/Windows Live.

It is not clear who chose Silverlight at Channel 4 in the first place, but let’s hope it never gets back. There is hardly any news about “Silverlight” anymore (just 3 examples in a month), so it settled as a niche product almost nobody uses and quite a few channels are dumping over time, even Microsoft's channels.

Another example of Silverlight causing trouble by refusing/denying access by non-Microsoft/Apple customers is NASA, which sold out to Microsoft in some major ways [1, 2, 3, 4, 5, 6] and last month continued to do 3-D work with Microsoft, a convicted monopolist to which it passes taxpayers’ money. Microsoft’s tradition when it came to space PR is the same as last year. This year too it’s hosting a “Space Elevator Consortium” which helps Microsoft in controlling agenda in venues that include NASA.

The International Space Elevator Consortium is giddy at the prospect. Indeed, it has released information to inform the world that at the 2010 Space Elevator Conference, held August 12-15 at the Microsoft Conference Center in Redmond, Wash., the two men who are most au fait with developing an elevator to the stars will be telling of progress.

NASA needs to dump Silverlight in order to serve those who fund it. █

Permalink Leave Your Comment      Send this to a friend

Catching up With Microsoft

Posted in Microsoft at 1:57 pm by Dr. Roy Schestowitz

Summary: Steve Ballmer unrest and the Microsoft spy are just few among many items we’ll cover this/next week

DUE to a variety of reasons (mainly vacation), we have fallen behind Microsoft news for 4 weeks. In the coming days we will make up for it by catching up with news as old as 4 weeks. We will try to avoid repetition and the goal is to cover all ground which needs to be covered. We finally caught up with GNU/Linux news a week ago and with Free/open source news a few days ago.

On the subject of Steve Ballmer we wrote in recent posts such as:

• Steve Ballmer at Risk of Being Thrown Out, Bill Gates Still Makes the News Due to Fraud
• Microsoft’s #1 Cash Cow Doesn’t Sell Well Anymore, Steve Ballmer Pressured to Leave

Ballmer has been pushed out by some angry investors for quite some time (last year even, based on investors who contacted us). Here is some new coverage of interest:

• Report: Brewing Exec Revolt against Microsoft’s Ballmer

• Are the knives out for Microsoft’s Steve Ballmer?

• Are Microsoft Execs In Open Revolt?

To quote: “But after 30 years, some of Ballmer’s fellow execs are rising against him, says Peter Lauria at the Daily Beast, finding him to be the biggest misfit in a company of misfits.”

Microsoft Nick is citing/quoting Rob Enderle to defend Ballmer.

Spy Case

We covered this before [1, 2], but for future reference, here are more links about the subject.

• Reports: alleged 12th Russian spy worked at Microsoft

• Russian agent had job at Microsoft

• Redmond man with possible link to Russian spy ring deported

• Microsoft Says 12th Alleged Russian Spy Was Employee

Microsoft acknowledges:

• Microsoft Says Alleged Russian Spy Was Employee

• Russian spy worked for Microsoft

• Update: Russian Spy Worked at Microsoft

• No. 12 in Russian Spy Ring Worked at Microsoft

He was a software tester, but probably got no access to customers’/users’ data.

• Microsoft: Deported Russian didn’t compromise company’s security

A Redmond, Wash., man who was deported to his native Russia on Tuesday as part of an investigation into a large spy ring didn’t compromise company security in the nine months he worked for Microsoft as an entry-level software tester, a Microsoft spokesman said Wednesday.

• Russian spy works for Microsoft

• Microsoft Confirms Twelfth Spy Worked As Software Tester

• Microsoft entangled in Russian spy scandal

• Russian spy works for Microsoft

• Alleged Russian Spy Worked at Microsoft

• Microsoft’s Russian Spy Was Greasy, Foreign, and Loved Snickers

• Russian Agent Alexey Karetnikov Had Job at Microsoft

• Suspected spy was Microsoft employee

It’s a little out of date, but the next few posts will cover areas we have not explored yet. █

Permalink 2 Comments      Send this to a friend

Links 1/8/2010: GNU/Linux Reviews and GhostBSD 1.5 Screenshots

Posted in News Roundup at 1:17 pm by Dr. Roy Schestowitz

Clip of the Day

Firefox 4 Beta 2 – Web Tech Preview

Permalink Leave Your Comment      Send this to a friend