09.23.10

Gemini version available ♊︎

Like Teaching Children to ‘Smoke’ Safely to Reduce Risk of Cancer

Posted in Deception, Microsoft, Security, Windows at 6:13 pm by Dr. Roy Schestowitz

No smoking

Summary: “National Cyber Security Awareness Month” is being exploited by a programme that receives the support of Howard Schmidt from Microsoft (now Cyber Security Czar); In it, children aged 11-14 would be taught cyber ‘security’ rather than insecure parts of the systems simply removed

“The estimated cost of unsolicited emails to businesses in 2007 was $100 billion,” wrote lnxwalt earlier today, pointing to this page. The overall cost of Windows botnets that dispatch spam and cause other harm may be measurable on the scale of trillions.

Microsoft is currently alerting customers that ASP.NET is a security problem. We covered this in earlier stages of the problem [1, 2]. It affects a lot of Windows-powered Web sites and last night there was a discussion in IRC about the serious Twitter flaw and whether it affects just Internet Explorer, Windows, and Office users. One newly-published article says:

[T]he worms of yore were so devastating because they could exploit a global monoculture: Microsoft Internet Explorer or Microsoft Word running on Microsoft Windows just about everywhere. This made it far simpler to exploit weaknesses in distant PCs, because the actual architecture was known with a high degree of probability.

With the mouseover mess, we were saved by the wonderfully diverse ecosystem of Twitter clients operating through the Twitter API. This meant that assumptions that were correct for code running on the twitter.com site were not valid elsewhere.

This hammers home once more the importance of avoiding monocultures, and encouraging rich and diverse ecosystems (multicultures?) One of the easiest ways of doing that is to adopt free software alternatives to all the Microsoft warhorses. The open source world being what it is, it is far more varied, not least in terms of versions and applications (critics might even call it fragmented). That makes mass attacks hard, and therefore unlikely, since ne-er-do-wells don’t even bother trying when they can just code for Windows.

Open source is certainly not immune to attacks – for example, I fell victim to the mouseover exploit despite using a completely free software stack (thanks, Twitter.com) – but it reduces the risk overall. That means if you are not using it for business, you are increasing that risk – which would be a pretty irresponsible thing to do, no?

On the client side, having Windows cannot help.

Microsoft’s former employee Howard Schmidt of now the Cyber Security Czar in the United State (after a recent appointment which we mentioned in [1, 2, 3, 4, 5, 6, 7]) and rather than calling out Windows and making platform recommendations, he does the usual thing by endorsing/giving people unnecessary ‘education’ about Windows et al. He can’t take Windows off schools’ agenda where Gates (his former boss) is increasingly taking control, can he? Some PR puppets sent us the following E-mails a short while ago, helping to show how Schmidt and his subordinates try to tackle this problem. Below we put the message, without appending an accompanying press release that we omit.

A free program that brings top cyber security experts into schools to teach kids how to avoid online dangers has received the support of White House Cyber Security Coordinator Howard Schmidt.

The (ISC)2 Safe and Secure Online Program, administered by the world’s largest body of information security professionals, brings experts into schools to teach children ages 11-14 how to protect themselves in a cyber-connected world. Issues addressed include cyber bullying, social networking, online predators, identity theft, online reputation, and more.

Launched in the U.S. in the fall of last year, the program has reached more than 30,000 kids. Just in time for National Cyber Security Awareness Month, the U.S. program now has more than 1,000 cyber expert volunteers signed on to conduct presentations this fall.

Please see full details below. If you would like to know if any schools presentations are taking place near you, or if you would like additional information on the program, please contact me. Thank you.

Juliette Mutzke
Maples Communications, Inc.

Schools should not be used to indoctrinate children with presentations on how to use Microsoft software and other products securely (it is often not possible). It is neither effective nor a decent use of school time/budget.

“[W]hen nobody is using Windows, there will be no botnets”

Professor Eben Moglen, 2010

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. twitter said,

    September 23, 2010 at 8:53 pm

    Gravatar

    Ugh, I did not think the cyber bully was a Microsoft indoctrination course … silly me. I’ll have to coach my kid not to laugh out loud at all the silly things they will talk about.

  2. twitter said,

    September 24, 2010 at 8:07 pm

    Gravatar

    Here is a Windows only flaw that’s also sabotage for Firefox on Windows. I had forgotten about this one:

    Heise describes a new demo showing how Firefox running under Windows XP SP2 can be abused to start applications. For this to work, however, Internet Explorer 7 needs to be installed. This severe security problem promises another round in the ‘who-is-to-blame-war’ between Mozilla and Microsoft. Mozilla currently is leading the race for a patch, as they have one ready in their bugzilla database. ‘The authors of the demo note that there are many further examples of such vulnerabilities via registered URIs. What is so far visible is just “the tip of the iceberg”. They state that registered URIs are tantamount to a remote gateway into your computer. To be on the safe side, users should, in the authors’ opinion, deregister all unnecessary URIs – without, however, elucidating which are superfluous.’

    So, some kind of XP SP2 “patch” “registered” a bunch of executables to be remotely executable via any browser. Firefox, putty and other seeminly secure software is as useful on Windows as a vault door is on a straw hut.

DecorWhat Else is New


  1. Links 4/12/2021: Gedit Plans and More

    Links for the day



  2. Links 4/12/2021: Turnip Becomes Vulkan 1.1 Conformant

    Links for the day



  3. IRC Proceedings: Friday, December 03, 2021

    IRC logs for Friday, December 03, 2021



  4. Links 4/12/2021: EndeavourOS Atlantis, Krita 5.0.0 Beta 5, Istio 1.11.5, and Wine 6.23; International Day Against DRM (IDAD) on December 10th

    Links for the day



  5. Another Gemini Milestone: 1,500 Active Capsules

    This page from Balázs Botond plots a graph, based on these statistics that now (as of minutes ago) say: “We successfully connected recently to 1500 of them.” Less than a fortnight ago more than 1,800 capsules overall were registered by Lupa, almost quadrupling in a single year



  6. [Meme] António Campinos and Socialist Posturing

    Staff of the EPO isn’t as gullible as António Campinos needs it to be



  7. António Campinos as EPO President is Considered Worse Than Benoît Battistelli (in Some Regards) After 3.5 Years in Europe's Second-Largest Institution

    The EPO's demise at the hands of people who don't understand patents and don't care what the EPO exists for is a real crisis which European media is unwilling to even speak about; today we share some internal publications and comment on them



  8. Media Coverage for Sale

    Today we're highlighting a couple of new examples (there are many other examples which can be found any day of the year) demonstrating that the World Wide Web is like a corporate spamfarm in "news" clothing



  9. Links 3/12/2021: GNU Poke 1.4 and KDDockWidgets 1.5.0

    Links for the day



  10. IRC Proceedings: Thursday, December 02, 2021

    IRC logs for Thursday, December 02, 2021



  11. Links 3/12/2021: Nitrux 1.7.1 and Xen 4.16 Released

    Links for the day



  12. Links 2/12/2021: OpenSUSE Leap 15.4 Alpha, Qt Creator 6

    Links for the day



  13. The EPO's “Gender Awareness Report”

    There’s a new document with remarks by the EPO’s staff representatives and it concerns opportunities for women at the EPO — a longstanding issue



  14. IRC Proceedings: Wednesday, December 01, 2021

    IRC logs for Wednesday, December 01, 2021



  15. EPO Staff Committee Compares the Tactics of António Campinos to Benoît Battistelli's

    The Central Staff Committee (CSC) of the EPO talks about EPO President António Campinos, arguing that “he seems to subscribe to the Manichean view, introduced by Mr Battistelli…”



  16. Prof. Thomas Jaeger in GRUR: Unified Patent Court (UPC) “Incompatible With EU Law“

    The truth remains unquestionable and the law remains unchanged; Team UPC is living in another universe, unable to accept that what it is scheming will inevitably face high-level legal challenges (shall that become necessary) and it will lose because the facts are all still the same



  17. Links 1/12/2021: LibrePlanet CFS Extended to December 15th and DB Comparer for PostgreSQL Reaches 5.0

    Links for the day



  18. EPO Cannot and Will Not Self-Regulate

    The term financialisation helps describe some of the activities of the EPO in recent years; see Wikipedia on financialisation below



  19. [Meme] Germany's Licence to Break the Law

    Remember that the young Campinos asked dad for his immunity after he had gotten drunk and crashed the car; maybe the EPO should stop giving diplomatic immunity to people, seeing what criminals (e.g. Benoît Battistelli) this attracts; the German government is destroying its image (and the EU’s) by fostering such corruption, wrongly believing that it’s worth it because of Eurozone domination for patents/litigation



  20. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains



  21. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day



  22. Links 1/12/2021: NixOS 21.11 Released

    Links for the day



  23. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021



  24. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day



  25. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves



  26. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."



  27. Video: Making the Internet a Better Place for People, Not Megacorporations

    Following that earlier list of suggested improvements for a freedom-respecting Internet, here's a video and outline



  28. Links 30/11/2021: KDE Plasma 5.23.4, 4MLinux 38.0, Long GitHub Downtime, and Microsoft's CEO Selling Away Shares

    Links for the day



  29. A Concise Manifesto For Freedom-Respecting Internet

    An informal list of considerations to make when reshaping the Internet to better serve people, not a few corporations that are mostly military contractors subsidised by the American taxpayers



  30. Freenode.net Becomes a 'Reddit Clone' and Freenode IRC is Back to Old Configurations After Flushing Down Decades' Worth of User/Channel Data and Locking/Shutting Out Longtime Users

    Freenode is having another go; after “chits” and “jobs” (among many other ideas) have clearly failed, and following the change of daemon (resulting in massive loss of data and even security issues associated with impersonation) as well as pointless rebrand as “Joseon”, the domain Freenode.net becomes something completely different and the IRC network reopens to all


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts