10.15.10

Gemini version available ♊︎

Microsoft Uses GNU/Linux for DNS, But Still Stuck at Beginners’ Level

Posted in Microsoft, Security, Windows at 7:36 am by Dr. Roy Schestowitz

“In Ballmer’s naively managerial mind-set, if Wood said it would take two months, then in reality it could be done in one—if only people would get fired up.”

Barbarians Led by Bill Gates, a book composed
by the daughter of Microsoft’s PR mogul

Summary: Microsoft DNS servers are said to be attacking other servers and Microsoft ignores the problem for weeks; Microsoft partners are accused of using DNS to harm and defame critics too; the MSBBC provides some more perception management by giving Microsoft a platform

It’s happening again. Microsoft reveals to the world that even Microsoft can’t help using GNU/Linux [1, 2, 3, 4, 5, 6]. It’s just too awesome to avoid!

Unfortunately for Microsoft, it clearly lacks the skills to operate Free software. There’s no in-house talent and internal operations are moreover outsourced/off-shored to Infosys where wages are lower. So anyway, what’s it all about? Microsoft uses Linux for DNS and avoids its own ‘solutions’. We have already given many links on security flaws in Microsoft's DNS implementation and Windows zombies with resultant DNS downtimes. Microsoft is now trying Linux and it allegedly misconfigured the servers, which obviously get hijacked as a result. [via]

For the past three weeks, internet addresses belonging to Microsoft have been used to route traffic to more than 1,000 fraudulent websites maintained by a notorious group of Russian criminals, publicly accessible internet data indicates.

The 1,025 unique websites — which include seizemed.com, yourrulers.com, and crashcoursecomputing.com — push Viagra, Human Growth Hormone, and other pharmaceuticals though the Canadian Health&Care Mall. They use one of two IP addresses belonging to Microsoft to host their official domain name system servers, search results from Microsoft’s own servers show. The authoritative name servers have been hosted on the Microsoft addresses since at least September 22, according to Ronald F. Guilmette, a researcher who first uncovered the hijacking.

Two days ago it was confirmed:

According to network security researcher Ronald F. Guilmette, the Microsoft IP addresses had been used to host the websites’ authoritative name servers since at least September 22. El Reg ran the data he supplied by experts in DNS and botnet take-downs, and most said it likely indicated that one or more machines on Microsoft’s network had been infected with malware.

About 24 hours after The Reg article ran, security reporter Brian Krebs reported that one of the two Microsoft IPs had been used to coordinate a massive denial-of-service attack against his website, KrebsOnSecurity.com. Shortly after the attacks began on September 23, researchers were able to pinpoint the Microsoft IP and within hours they notified Microsoft of the compromised IPs, the site reported.

Remarkably, the machines weren’t unplugged from Microsoft’s network until Tuesday, almost three weeks later, shortly after The Register article was published. Also notable, according to Krebs, the machines that were compromised were running Linux.

“It’s not very clear why Microsoft failed to properly investigate the report at the time and allowed the abuse to continue on its network for another three weeks,” say other sources and Brian Krebs probably has the most detailed analysis:

The attack on my Web site happened on Sept. 23, roughly 24 hours after I published a story about a criminal online service that brazenly sold stolen credit card numbers for less than $2 each (see: I’ll Take Two MasterCards and a Visa, Please). That story got picked up by BoingBoing, Gizmodo, NPR and a variety of other sites, public attention that no doubt played a part in the near-immediate suspension of that criminal Web site.

At first, it wasn’t clear what was behind the attack, which at one point caused a flood of traffic averaging 2.3 gigabits of junk data per second (see graph above). Not long after the attack ended, I heard from Raymond Dijkxhoorn and Jeff Chan, co-founders of SURBL, which maintains a list of Web sites that have appeared in spam. Chan sent me a message saying he had tracked the attack back to several Internet addresses, including at least one that appeared to be located on Microsoft’s network — 131.107.202.197.

Damage control came later:

Update, 7:34 p.m. ET: Christopher Budd, Microsoft’s response manager for trustworthy computing, sent this statement via email: “Microsoft became aware of reports on Tuesday, October 12, 2010, of a device on the Microsoft network that was possibly compromised and facilitating spam attacks. Upon hearing these reports, we immediately launched an investigation. We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error. Those devices have been removed and we can confirm that no customer data was compromised and no production systems were affected. We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls.”

This exercise in damage control meets Pogson who writes that Microsoft “has been outed running GNU/Linux on some unsecured testing machines. The machines were being used to route surfers to spam sites.” He then asks:

All kinds of questions arise:

* What was M$ doing with DNS servers running GNU/Linux open to the web?
* Why were they unsecured?
* Why did they take weeks and media coverage to get them taken off-line when a target of a DDOS attack organized by those servers reported to M$ promptly weeks ago?
* If they were in a testing lab, why weren’t they being tested???
The Register article was published. Also notable, according to Krebs, the machines that were compromised were running Linux.

Damage control fail. Sorry, Microsoft.

Speaking of DNS, G-WAN alleges that Microsoft “is (illegally) Hijacking 16 of our Domain Names”. We have not worked to verify this, but it’s worth looking into.

This whole thing is becoming a PR disaster for Microsoft because it shows that the company uses Linux for its internal operations (whilst also attacking companies which use Linux), does not use it properly, and to make matters worse, it does not care if it harms other people’s systems because of its misconfigured Linux boxes. And by the way, it’s definitely a human problem, not a Linux problem, according to IDG:

Microsoft blamed human error after two computers on its network were hacked and then misused by spammers to promote questionable online pharmaceutical websites.

What a multi-dimensional PR disaster. Can the MSBBC rescue Microsoft’s reputation? It sure can try.

The MSBBC has just published this rubbish ‘article’ where rather than say that about one in two Windows PCs is compromised decided to go to Microsoft for material, again (Windows zombies are just "sick" PCs, according to the MSBBC which quotes Microsoft's Charney).

Watch them using Microsoft-supplied/given numbers to talk about Windows and thus only deceive the public while pretending to inform:

The US leads the world in numbers of Windows PCs that are part of botnets, reveals a report.

More than 2.2 million US PCs were found to be part of botnets, networks of hijacked home computers, in the first six months of 2010, it said.

Says Microsoft. It’s always orders of magnitude off target.

This article is so poor that it ends up making Microsoft look like a saviour rather than the party to blame for botnets. Technology propaganda continues to arrive from the MSBBC, which is occupied by former Microsoft UK executives. No surprise there, ever, but that’s okay because it’s so predictable.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. twitter said,

    October 15, 2010 at 8:24 am

    Gravatar

    “Human error” ? Chances are, they used telnet or Putty from a Windows machine that was already part of a botnet to access and control the gnu/linux machine. Nothing on Microsoft’s campus is safe.

    Dr. Roy Schestowitz Reply:

    A year or two years ago I read reports about en masse compromise of FTP accounts hosted on GNU/Linux in the UK. It later turned out that Windows hosts were used to just capture the FTP passwords after the PCs had been hijacked.

    Always identify the weakest links. Intruders target those. Remote administration of Red Hat from Windows, for example, is almost as secure as managing Windows Server.

DecorWhat Else is New


  1. [Meme] [Teaser] More to Life Than Patents

    Greedy sociopaths oughtn’t be put in charge of patent offices; this is what’s dooming the EPO in recent years (all they think about is money



  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement

    Microsoft contemplated buying GitHub 7.5 years ago; the goal wasn’t to actually support “Open Source” but to crush it from the inside and that’s what Microsoft has been doing over the past 2.5 years (we have some details from the inside)



  3. Links 18/10/2021: Linux 5.15 RC6 and 7 New Stable Kernels

    Links for the day



  4. [Meme] The Austrian School of Friedrich Rude Liar

    With reference to the Austrian School, let’s consider the fact that Friedrich Rude Liar might in fact be standing to personally gain by plundering the EPO‘s staff by demonising them while helping Benoît Battistelli crush them



  5. IRC Proceedings: Sunday, October 17, 2021

    IRC logs for Sunday, October 17, 2021



  6. How (Simple Technical Steps) to Convince Yourself That DuckDuckGo is Just Spyware Connected to Microsoft, Falsely Advertised as 'Privacy'

    In recent days we published or republished some bits and pieces about what DuckDuckGo really is; the above reader dropped by to enlighten us and demonstrate just how easy it is to see what DuckDuckGo does even at the client side (with JavaScript); more people need to confront DuckDuckGo over this and warn colleagues/friends/family (there’s more here)



  7. Austria's Right-Wing Politicians Displaying Their Arrogance to EPO Examiners

    The EPO‘s current regime seems to be serving a money-hungry lobby of corrupt officials and pathological liars; tonight we focus on Austria



  8. [Meme] Friedrich Rödler's Increasingly Incomprehensible Debt Quagmire, Years Before EPO Money Was Trafficked Into the Stock Market

    As it turns out, numerous members of the Administrative Council of the EPO are abundantly corrupt and greedy; They falsely claim or selfishly pretend there’s a financial crisis and then moan about a "gap" that does not exist (unless one counts the illegal gambling, notably EPOTIF, which they approved), in turn recruiting or resorting to scabs that help improve ‘profit margins’



  9. The EPO’s Overseer/Overseen Collusion — Part XV: Et Tu Felix Austria…

    Prior to the Benoît Battistelli and António Campinos regime the EPO‘s hard-working staff was slandered by a corrupt Austrian official, Mr. Rödler



  10. Links 17/10/2021: Blender 2.93.5, Microsoft Bailouts

    Links for the day



  11. Links 17/10/2021: GhostBSD 21.10.16 and Mattermost 6.0

    Links for the day



  12. IRC Proceedings: Saturday, October 16, 2021

    IRC logs for Saturday, October 16, 2021



  13. [Meme] First Illegally Banning Strikes, Then Illegally Taking Over Courts

    The vision of Team Battistelli/Campinos is a hostile takeover of the entire patent system, not just patent offices like the EPO; they’d stop at nothing to get there



  14. Portuguese Network of Enablers

    Instead of serving Portuguese people or serving thousands of EPO workers (including many who are Portuguese) the delegation from Portugal served the network of Campinos



  15. In Picture: After Billions Spent on Marketing, With Vista 11 Hype and Vapourware, No Real Gains for Windows

    The very latest figures from Web usage show that it’s hardly even a blip on the radar; Windows continues bleeding to death, not only in servers



  16. [Meme] [Teaser] Double-Dipping Friedrich Rödler

    As we shall see tomorrow night, the EPO regime was supported by a fair share of corrupt officials inside the Administrative Council



  17. The EPO’s Overseer/Overseen Collusion — Part XIV: Battistelli's Iberian Facilitators - Portugal

    How illegal “Strike Regulations” and regressive ‘reforms’ at the EPO, empowering Benoît Battistelli to the detriment of the Rule of Law, were ushered in by António Campinos and by Portugal 5 years before Campinos took Battistelli’s seat (and power he had given himself)



  18. Links 16/10/2021: SparkyLinux Turns 10 and Sculpt OS 21.10

    Links for the day



  19. “Facebook Whistleblowers” Aside, It Has Been a Dying Platform for Years, and It's Mentally Perverting the Older Generation

    Guest post by Ryan, reprinted with permission



  20. [Meme] Microsoft Has Always Been About Control Over Others

    Hosting by Microsoft means subjugation or a slavery-like relationship; contrary to the current media narrative, Microsoft has long been censoring LinkedIn for China’s autocratic regime; and over at GitHub, as we shall show for months to come, there’s a war on information, a war on women, and gross violations of the law



  21. EFF Pushes for Users to Install DuckDuckGo Software After Being Paid to Kill HTTPS Everywhere

    Guest post by Ryan, reprinted with permission



  22. The Reign in Spain

    Discussion about the role of Spain in the EPO‘s autocratic regime which violates the rights of EPO staff, including Spanish workers



  23. [Meme] Spanish Inquisition

    Let it be widely known that Spain played a role in crushing the basic rights of all EPO workers, including hundreds of Spaniards



  24. Why You Shouldn’t Use SteamOS, a Really Incompetent GNU/Linux Distribution With Security Pitfalls (Lutris is a Great Alternative)

    Guest post by Ryan, reprinted with permission



  25. IRC Proceedings: Friday, October 15, 2021

    IRC logs for Friday, October 15, 2021



  26. Links 16/10/2021: Xubuntu 21.10 and DearPyGui 1.0.0

    Links for the day



  27. DuckDuckGo’s HQ is Smaller Than My Apartment

    Guest post by Ryan, reprinted with permission



  28. Post About Whether Vivaldi is a GPL violation Was Quietly Knifed by the Mods of /r/uBlockOrigin in Reddit

    Guest post by Ryan, reprinted with permission



  29. The EPO’s Overseer/Overseen Collusion — Part XIII: Battistelli's Iberian Facilitators - Spain

    The EPO‘s António Campinos is an ‘Academy’ of overt nepotism; what Benoît Battistelli did mostly in France Campinos does in Spain and Portugal, severely harming the international image of these countries



  30. From Competitive (Top-Level, High-Calibre, Well-Paid) Jobs to 2,000 Euros a Month -- How the EPO is Becoming a Sweatshop by Patent Examiners' Standards

    A longish video about the dreadful situation at the EPO, where staff is being ‘robbed’ and EPO funds get funnelled into some dodgy stock market investments (a clear violation of the institution’s charter)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts