09.28.10

^{Gemini version available ♊︎}

Windows Insecurity Becomes a Political Issue

Posted in America, Asia, GNU/Linux, Microsoft, Security, Windows at 6:10 am by Dr. Roy Schestowitz

Summary: As wiretapping gets an upper hand in the United States and Iran’s computing facilities (about 30,000 machines with Windows) come under attack, questions are asked about GNU/Linux as a true need

“Chinese Internet espionage against human rights activists and journalists” reveals this new article on which Glyn Moody commented by saying: “Windows-based, it seems” (it may seem related to the latest incidents reported in Russia [1, 2]).

As the world becomes increasingly connected and increasingly digital, the choice of technology matters a lot to politics, including foreign affairs. Last week we wrote about Stuxnet [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], which some people suspect was targeting Iran specifically [1, 2, 3] and was designed for this purpose. Security guru Bruce Schneier does not believe that this is the case. Some days ago he wrote: “The article speculates that the target is Iran’s Bushehr nuclear power plant, but there’s not much in the way of actual evidence to support that.”

“Had it only affected Solaris or GNU/Linux, then surely the press would point this out, so it’s just not fair that Microsoft gets a free pass.”Whether Iran was targeted or not, it sure was among those affected. Glyn Moody says in relation to this article about Iran, “30K Windows PCs: might be time to look at GNU/Linux, eh?”

The cyber-attack on Iranian facilities is also covered in the British press [1, 2] and in Slashdot. The MSBBC doesn’t mention Windows at all, even though it’s exclusively a Windows issue. Had it only affected Solaris or GNU/Linux, then surely the press would point this out, so it’s just not fair that Microsoft gets a free pass.

IT Pro (UK) wonders if Stuxnet is “[t]he most serious threat yet”

Stuxnet is something unique, however. It has been causing something of a stir in the security community since it was first spotted by a small company from Belarus named VirusBlokAda.

When Microsoft put out an alert over the virus in July, Stuxnet quickly moved from being a relative unknown to something serious.

Then earlier this month, Stuxnet was observed doing something unprecedented: exploiting four zero-day vulnerabilities at once. It is this advanced capability that has caused such a commotion.

Now that full wiretapping is a hot subject in the United States (read the new article “Surveillance does not make us safe”), one has to wonder if new legislation is needed. When everyone can access almost everyone else’s (Windows) computer, surveillance down the wire is no longer a strict requirement. The Hill says that the “NSA chief envisions ‘secure zone’ on Internet to guard against attacks”.

The Pentagon official in charge of the military’s cyber unit on Thursday said the government should create a “secure zone” for federal agencies and critical private sector industries to protect them from potential attacks.

General Keith Alexander, who heads the U.S. Cyber Command, told reporters a network sectioned off from the rest of the Internet is probably inevitable for systems crucial to national security.

How about just taking Richard A. Clarke's advice and moving off Windows? █

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.