02.17.11

Gemini version available ♊︎

MSBBC Cracked, Canadian Government Cracked, Microsoft Blames Users, and .NET-based Aviation System Crashes

Posted in Microsoft, Servers, Windows at 2:39 pm by Dr. Roy Schestowitz

When system crashes can lead to plane crashes

Aeroplane

Summary: Another atrocious week for Microsoft’s security and reliability record

“Thanks to Windows’ built-in insecurity, its easy to create huge Windows botnets,” wrote the honourable SJVN a few days ago. It is widely recognised that Microsoft is largely responsible for many of Windows’ security failings, but Microsoft pressures journalists not to call out Windows using techniques that we covered here before.

MSBBC’s music sites have just been cracked and they turned hostile towards site visitors who use Windows. As the report puts it, “other top name insecurity vendors like Sophos, McAfee and even Microsoft’s anti-virus tools didn’t register the hack at all. That is an appalling detection rate from both free and paid-for anti-virus kits and, as of yesterday, Websense reckoned the anti-virus toolkits were still vulnerable.” This is just a Windows problem and someone who informed us that the Canadian government had just been cracked too says that 99% of the systems there run Windows (we cannot verify this claim, but if anyone can, please leave a comment).

It is unclear whether the attackers managed to compromise other departmental computer networks, including those that contain Canadians’ sensitive personal information such as tax and health records.

Once the attack was detected, government cybersecurity officials immediately shut down all internet access in both departments in an attempt to stop stolen information from being sent back to the hackers over the net.

It is obvious what’s happening here. A suicidal dependence on poor systems (such as Windows) is a crucial factor that can easily affect national security or suspend emergency services like dispatch of ambulances. The latter new example speaks of Windows viruses leading to a likely loss of lives (although disruption to service is denied by the face-saving officials). What is Microsoft’s response to all of this? As we noted yesterday, the company’s lobbyist from the government [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13] is trying to blame the users and there are strong responses to it again, such as:

Microsoft Vice President Scott Charney, a longtime advocate of a coordinated approach to cybersecurity, describes a vision of Internet health:

“We broke Windows. It’s your problem now.”

At least, that’s how I interpret his comments. Charney wants to have users pass a kind of “health test” for their computer before they can use web services.

“Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats,” he said.

Charney uses a public health model to support his new idea. Basically, in order to access web services (say, your bank – or cloud services, maybe even social networking like Facebook) you first need to let the provider run their virus check on your computer. Intrusive? I think so. Would you let a web site run their code (virus scan) on your machine before you are allowed to use their web application? I think I smell more malware coming.

Charney’s appalling remarks are also mentioned by Lia Timson at ITWire and Lia’s colleague Sam Varghese, who writes:

Passing the buck is a game at which Microsoft is adept. In the computer security industry, one needs to have tons of chutzpah to hold others responsible for one’s own security stuff-ups.

The good folk at Redmond possess this quality in spades.

Probably the best example of chutzpah that I can recall came from a young Bill Gates many years ago when the company was getting off the starting blocks. As Paul Allen, the other co-founder, had also taken up a job as head of software at MITs, the maker of the Altair, Gates argued that since he was working for Microsoft only and Allen was dividing his time, he (Gates) should have 64 percent of the founders’ shares and Allen should only get 36 percent.

Shortly after the division was done this way, young Bill went to MITs founder Ed Roberts and got a job there as well, for $US10 an hour. Microsoft’s culture has always been defined by Gates.

Scott Charney’s comments at the ongoing RSA conference are a good example of the blithe manner in which Microsoft tries to force the rest of the world to carry the can for the abysmal security of its products.

The monoculture otherwise known as Windows is in the main responsible for the plethora of viruses, worms, malware, scumware and other such $wares that plague the internet. DDoS attacks come, more often than not, from armies of Windows machines grouped in a botnet.

Sure, there are other operating systems involved too but they are in a minority. A very small minority. Windows is the main problem and everyone, his/her dog, his/her cat and his/her goldfish is aware of that.

Dr. Glyn Moody links to the article “Microsoft has a change of heart on how to keep Internet safe” and he adds: “or how about if Microsoft just wrote some decent code?”

“Will Virgin do the same thing as LSE following this daunting incident?”Yes, journalists too recognise that this is Microsoft’s fault, as stated at the beginning. The gullible, weak ones just bend to Microsoft PR agents and deceive the public about it. These are the sorts of people who do the scaremongering regarding “cyber war” so that companies like Microsoft and suppressive regimes can find good excuses for taking more control over people’s computers, spying on PCs of Windows users for example.

There is another timely example of the failed design of Microsoft software. It’s a major .NET failure just like the ones in LSE (a former Microsoft poster child). Not so long ago it turned out that a plane crash had been caused by Windows malware (with Microsoft boosters blaming IBM in vain [1, 2]) and amid other plane crashes and downtimes in airports [1, 2] it became evident that Microsoft belongs nowhere near aviation. Virgin made the mistake of going with Microsoft and watch what happens:

This latest computer crash, which looks to be as serious as the 2010 fiasco, will place more question marks around the integrity and robustness of the .NET based Navitaire New Skies system which claims to be able to handle load spikes and scale easily as passenger volumes increase.

The crash also raises questions about the level of redundancy built into Navitaire, which is supposed to provide back-up systems in the event of failure.

Will Virgin do the same thing as LSE following this daunting incident?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. twitter said,

    February 17, 2011 at 6:18 pm

    Gravatar

    Another good reason for governments to dump Microsoft comes from the Aaron Barr, HBGary disclosures. The exploits he advertised are almost all Microsoft problems or software that runs on Windows He brags about screwing private companies, governments, presumably the US included, as well as the “progressive groups” targeted by the US Chamber of Commerce and Bank of America.

    If I want to gain access to the Exelon plant up in Pottsdown PA I only have to go as far as LinkedIn to identify Nuclear engineers being employed by Exelon in that location. Jump over to Facebook to start doing link analysis and profiling. Add data from twitter and other social media services. I have enough information to develop a highly targeted exploitation effort.

    I can and have gained access to various government and government contractor groups in the social media space using this technique (more detailed but you get the point). Given that people work from home, access home services from work — getting access to the target is just a matter of time and nominal effort.

    As usual, the crooks go for the softest target and that is people’s home computers running Windows. One of the reasons Barr targeted family members of his targets was to gain access to company and organizational networks. In one of the images he’s quoted as saying, “An example. Richard probably has a home network. Richard and [his wife] probably share the same network, maybe even the same home computer. Either way. [sic] If I can exploit her account through one of her social connections I can exploit the home network/system.” The nasty things he does with such information and control are well documented, harass, demoralize, fracture, discredit and destroy the targeted groups and people.

    The best way for governments, companies and progressives alike to avoid this kind of screw over is for them to all start using free software which is miles ahead of non free software in all ways related to security, privacy and attribution. People using free software can easily sign or encrypt their communications and documents to assure privacy and authorship. That eliminates many of the social attacks Microsoft boosters will try to highlight in order to deflect attention from Microsoft flaws, the old “all software is crap, blame the user” misdirection. The number of free software exploits is vanishingly small because of inherently better design, continuous, rapid improvement and diversity based on architecture and distribution. Non free software was designed to exploit the user with unjust demands, so it is no surprise that backdoors and other treachery are more common than things users want.

  2. twitter said,

    February 18, 2011 at 1:00 am

    Gravatar

    NASDAQ was also cracked the other day. No, not the GNU/Linux trading computers, something called Directors Desk that they foolishly ran on Windows. NASDAQ and Slashdot both fail to call out Windows, and the Slashdot submitter disgraced themselves by saying, “the attackers are winning, and even well-funded organizations like NASDAQ can’t secure their networks reliably.” No one can secure Windows or any network with Windows on it. Google figured this out and banned Windows from their networks. When will other companies get with it?

    Dr. Roy Schestowitz Reply:

    I put that in daily links as I could not confirm that Windows was to blame.

    twitter Reply:

    Oh my, here’s Forbes rushing to Microsoft’s rescue. Mention of EU privacy violations is interesting but not as much fun as the estimated year of penetration “hackers” had to the supposed treasure trove of information on 10,000 board of directors, including Fortune 500 companies. The forbes rescue is that this attack had to be State-Sponsored because of how long it went undetected! It was an “Advanced Persistant Threat attack” (APT)!! The author splurges on,

    The security measures advertised on the Directors Desk website such as compliance with ISO27001, firewalls, IDS, and strong passwords are useless against APT because attacks are specifically designed to bypass everything that the target has put in place; even encryption. … NASDAQ needs to consult with security experts who understand and work APT attacks as soon as possible. If you’re a Directors Desk LLC customer, you should probably do the same.

    Call the author right away because he “provides custom security solutions that focus exclusively on the special needs of C-level and other senior executives.”

    News about the hack is ranked high in Google search results for “NASDAQ Directors Desk” but none of the articles in the first two pages call out Windows. This one (USA Today) thinks a poison pdf might have been planted but fails to mention the target would be Adobe Reader on Windows or that the attack was against a crappy Windows server. Instead the author calls Director’s desk a, “no-nonsense social network for very privileged users. Nasdaq describes it as a “complete turnkey, fully hosted online board technology solution”. Right. The author then details how a poison pdf would have been slipped it from a board member’s “PC” that got p0wnt by someone who had done a little HBGary style research, as Windows PCs often are. No mention is made of Windws, however. That Windows is insecure on desktops or servers is simply too easy a solution, a non story that won’t sell any fancy insecurity products. Network World fails to call out Windows, but comments do. There’s no mention of Windows here or in the New York Times or The Wall Street Journal.

    By not calling out Windows, all of these big publishers create panic without a reasonable solution, and set people up for great harm. Readers are invited to panic as they realize that criminals have penetrated all sorts of networks, private and government. They would not be so scared if they simply ditched Microsoft. Instead, I’m afraid Microsoft is going to use their failures to gain yet more power. People, ignorant of the cause of their problems, will be fleeced by snake oil vendors and Microsoft’s “public health” proposals will be used to discriminate against people who don’t use Windows and don’t have the problems. The snake oil solutions are a never ending story that Microsoft has pushed since the early days of MSDOS.

    Dr. Roy Schestowitz Reply:

    Google knew better and also named Windows.

DecorWhat Else is New


  1. Links 23/03/2023: RSS Guard 4.3.3 and OpenBSD Webzine

    Links for the day



  2. Experiencing 15 Years of LibrePlanet Celebration Firsthand as a Volunteer: 2023 - Charting the Course

    Article by Marcia K Wilbur



  3. [Meme] Grabinski the Opportunity

    Reports of European Patents being invalidated (judges do not tolerate fake patents) have become so common that a kangaroo court becomes a matter of urgency for the EPO‘s Benoît Battistelli and António Campinos; will the EU and the EPO’s Administrative Council go along with it, helping to cover up more than a decade of profound corruption?



  4. Union Syndicale Fédérale Cautions the EPO's Administrative Council About Initiating an Illegal Kangaroo Court System for Patents (UPC) While EPO Breaks Laws and Sponsors the Ukraine Invasion

    Union Syndicale Fédérale (USF) is once again speaking out in support of the staff union of Europe's second-largest institution, which lacks oversight and governance because of profound corruption and regulatory capture



  5. Investigation Underway: Sirius 'Open Source' Embezzled/Stole Money, Robbed Its Own Staff

    In light of new developments and some progress in an investigation of Sirius ‘Open Source’ (for fraud!) we take stock of where things stand



  6. [Meme] Sirius 'Open Source' Pensions: Schemes or Scams? Giving a Bad Name to Open Source...

    What Sirius ‘Open Source’ did to its staff is rightly treated as a criminal matter; we know who the perpetrators are



  7. Sirius 'Open Source' Under Investigation for Pension Fraud, Several Pension Providers Examine the Facts

    2 pension providers are looking into Sirius ‘Open Source’, a company that defrauded its own staff; stay tuned as there’s lots more to come. Is this good representation for “Open Source”? From a company that had many high-profile clients in the public sector?



  8. Links 23/03/2023: Sparky 2023.03 Special Editions and SUSE Changes CEO (Dirk-Peter van Leeuwen)

    Links for the day



  9. Links 23/03/2023: Linux 6.2.8 and XWayland 23.1.0

    Links for the day



  10. IRC Proceedings: Wednesday, March 22, 2023

    IRC logs for Wednesday, March 22, 2023



  11. Apple 'Porn' Filter

    Guest post by Ryan Farmer: Apple and US State Governments Developing System to Require People to Report Themselves for Watching Porn.



  12. 3.5 Years Later Gemini Protocol and Geminispace Are Still 100% Community-Controlled

    Community-centric alternatives to the World Wide Web have gained traction; one of them, Gemini Protocol, continues to grow in 2023 and we're pleased to report progress and expansion



  13. Windows Falls to 16% Market Share in India (It was 97% in 2009), Microsoft Layoffs Reach India Too

    This month’s picture from the world’s most populous nation does not look good for Microsoft (it looks good for GNU/Linux); anonymous rumour mills online say that Microsoft isn’t moving to India but is actually firing staff based in India, so it’s a case of shrinking, not offshoring. When even low-paid (much lower salaries) staff is discarded it means things are very gloomy.



  14. Links 22/03/2023: GNOME 44 “Kuala Lumpur”

    Links for the day



  15. Microsoft Has Also Infiltrated the OSI's Board of Directors After Rigged Elections

    Weeks ago we warned that this would happen and for the third or fourth time in 2 years the OSI’s election process broke down; today the Open Source Initiative (OSI) writes: “The polls just closed, the results are in. Congratulations to the returning directors Aeva Black…” (Microsoft employee)



  16. Links 22/03/2023: Official Thunderbird Podcast Starts

    Links for the day



  17. IRC Proceedings: Tuesday, March 21, 2023

    IRC logs for Tuesday, March 21, 2023



  18. Many More Microsoft Layoffs Later Today

    Yesterday we shared rumours about Microsoft layoffs being planned for later today (there were 3 waves of layoffs so far this year). There are several more people here who say the same. How much noise will Microsoft make in the “media” in order to distract? Will the chaffbot "ChatGPT" help create enough chaff?



  19. Links 21/03/2023: JDK 20 and GNOME 43.5

    Links for the day



  20. Germany's Lobbyists-Infested Government Sponsors the War on Ukraine via the European Patent Office (EPO)

    The chief UPC ‘judge’ is basically seeking to break the law (and violate constitutions, conventions etc.) to start a kangaroo court while dodging real courts, just like Vladimir Putin does



  21. [Meme] The Meme That Team UPC (the Collusion to Break the European Laws, for Profit) Threats to Sue Us For

    António Campinos and Team UPC are intimidating people who simply point out that the Unified Patent Court (UPC) is illegal and Klaus Grabinksi, shown above, strives to head a de facto kangaroo court in violation of constitutions and conventions (the UK does not and cannot ratify; Ireland hasn’t even held a referendum on the matter)



  22. Microsoft is Sacking People Every Month This Year, Even Managers (While Sponsored Media Produces Endless Chatbot Chaff)

    Lots of Microsoft layoffs lately and so-called ‘journalists’ aren’t reporting these; they’re too busy running sponsored puff pieces for Microsoft, usually fluff along the “hey hi” (AI) theme



  23. 3 Months Late Sirius 'Open Source' Finally Deletes Us From the Fraudulent 'Meet the Team' Page (But Still Lists Many People Who Left Years Ago!)

    Amid fraud investigations the management of Sirius ‘Open Source’ finally removed our names from its “Meet the Team” page (months late); but it left in the page about half a dozen people who left the company years ago, so it’s just lying to its clients about the current situation



  24. Amid Fraud at Sirius 'Open Source' CEO Deletes His Recent (This Month) Past With the Company

    Not only did the Sirius ‘Open Source’ CEO purge all mentions of Sirius from his Microsoft LinkedIn account; he’s racing against the clock as crimes quickly become a legal liability



  25. Web Survey Shows Microsoft Falling Below 15% Market Share in Africa, Only One Minuscule African Nation Has Windows Majority

    A Web survey that measured Microsoft Windows at 97% in Africa (back in 2010) says that Windows has become rather small and insignificant; the Microsoft-sponsored mainstream media seems to be ignoring this completely, quite likely by intention...



  26. Rumours of More Microsoft Layoffs Tomorrow (Including Managers!), Probably Azure Again (Many Azure Layoffs Every Year Since 2020)

    Amazon is laying off AWS staff and Microsoft has been laying off Azure staff for 3 years already, including this year, so it seems like the “clown computing” bubble is finally bursting



  27. [Meme] EPO's Management Brainstorm

    The story behind a misleading slogan told above



  28. The Photo Ops Festival of the Funky President António Campinos and Revolt From the Patent Examiners Whom He Perpetually Oppresses

    European Patents are being granted for no reason other than application and renewal fees, awarding European monopolies to companies that aren't even European (only about a third are actually European); staff of the EPO is fed up as it regards or views all this as an extreme departure from the EPO's mission (and it's also outright illegal)



  29. Links 21/03/2023: Trisquel GNU/Linux 11.0 LTS

    Links for the day



  30. Back Doors Proponent Microsoft Infiltrates Panels That Write the Security Regulations, Press Fails to Point Out the Obvious

    Cult tactics and classic entryism serve Microsoft again, stacking the panels and basically writing policy (CISA). As an associate explained it, citing this new example, Stanford “neglects to point out the obvious fact that Microsoft is writing its own regulations.”


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts