06.25.15
Posted in Europe, Patents at 7:01 am by Dr. Roy Schestowitz
Summary: Earliest coverage of yesterday’s protest against EPO corruption and abuses
THE EPO — like Microsoft — spies on people for business reasons, not for security reasons. Staff of the EPO decided to protest again, as we wrote earlier this week, and Microsoft Florian was there to document it.
Florian Müller, who used to lobby against software patents before defecting (Microsoft and other companies paid him for this), was there at the scene to cover the protest. “Yesterday,” he wrote early this morning, “the Staff Union of the European Patent Office (SUEPO) held a demonstration in front of the EPO’s main building in Munich. While there have already been various other SUEPO demonstrations in Munich, a couple of which I reported on, yesterday’s protest had a new (though not exclusive) focus: surveillance by means of hidden cameras and keyloggers. Participants in the demonstration carried signs showing surveillance cameras…”
There is an estimate of the number of staff in attendance. “It appears credible to me,” he said, that “approximately 1,000 EPO employees participated — a fairly high percentage of all Munich-based EPO staff.”
There are some photos there to prove it (without people’s faces, obviously for their own protection, knowing Benoît Battistelli’s modus operandi).
Separately, the London-based patent lawyers’ blog IP Kat warns us of the threat of UPC looming over the UK:
But first, a digression, which may be of more general interest than the specifics of the particular consultation. The IPKat, ever eager to seek news for his dear readers, took the opportunity to ask whether there was any truth in the speculation that has appeared repeatedly in comments on this blog and elsewhere that the current UK Government might delay ratification of the UPC Agreement until after the UK Referendum on membership of the EU, which is not scheduled until 2017. The Intellectual Property Office, as it turns out, has an answer prepared for this question, and the IPKat is delighted to share it with you.
The horrible UPC (making patents even worse and more wide-reaching) is trying to creep into Europe as quickly as possible (while the public is mostly asleep). The EPO is largely responsible for this and more scrutiny is needed. It’s similar to those awful ‘trade’ agreements, but awareness among the public is severely lacking. █
“Staff at the European Patent Office went on strike accusing the organization of corruption: specifically, stretching the standards for patents in order to make more money.
“One of the ways that the EPO has done this is by issuing software patents in defiance of the treaty that set it up.”
–Richard Stallman
Permalink
Send this to a friend
Posted in Microsoft, Security, Windows at 5:28 am by Dr. Roy Schestowitz
Turning the alphabet into a security nightmare
Summary: Windows userbase is once again under serious threat and high risk because something as simple as fonts (rendering of text/pixels on the screen) isn’t done securely in Windows
THERE IS plenty evidence which shows that Microsoft is not interested in security, maybe because there are commitments to the NSA (the motivations are hard to reason about, but Microsoft’s reluctant to patch known holes is easily demonstrable).
Now we are being reminded that even fonts are a security risk in Windows. Yes, Microsoft continues to put users under remote execution threat because of fonts. As the British media put it:
Get patching: Google Project Zero hacker Mateusz Jurczyk has dropped 15 remote code execution vulnerabilities, including a single devastating hack against Adobe Reader and Windows he reckons beats all exploit defences.
The accomplished offensive security researcher (@j00ru) presented findings at the Recon security conference this month under the title One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation [PDF ] without much fanfare and published a video demonstration of the exploit overnight.
As one commenter (found by Robert Pogson) put it, “Adobe (and I guess MS as well) put font handling in the kernel from NT 4.0 to gain speed at the expense of having privileged-based protection, and against Dave Cutler’s original micro kernel plans. What could possibly go wrong?”
Proprietary software is so bad that even fonts are a huge risk. This isn’t the first such incident. It serves also as a reminder for GNU/Linux users because some users continues to install proprietary software from Adobe, despite Free/libre alternatives being equally potent.
To quote the part which shows why Windows makes things even worse: “The nastiest vulnerabilities for 32-bit (CVE-2015-3052) and 64-bit (CVE-2015-0093) systems exist in the Adobe Type Manager Font Driver (ATMFD.dll) module which has supported Type 1 and Type 2 fonts in the Windows kernel since Windows NT 4.0.” █
“Our products just aren’t engineered for security.”
–Brian Valentine, Microsoft executive
Permalink
Send this to a friend
Posted in Microsoft at 5:13 am by Dr. Roy Schestowitz
Ghostwriting and PR disguised as ‘news’
Summary: Signs serve to indicate that Microsoft is already tightening its grip on technology news sites, ensuring that they give Microsoft disproportionate levels of coverage
“Welcome to the Microsoft Slashdot,” wrote a reader to us, alluding to the recent bias (more extreme than before) of that once-upon-a-time-decent news site. This reader is obviously concerned about Slashdot AstroTurfing, especially after what we saw recently, in part because of Microsoft Nick, who had joined as "Senior Editor".
We are already seeing puff pieces about Vista 10, basically Microsoft marketing framed as ‘news’. Microsoft AstroTurfing must have officially begun for Windows, for several sites such as Ars Technica UK (launched with aid from Microsoft ads, conditional upon them appearing in every page and editors thus unable to fearlessly criticise Microsoft), Slashdot, and The Register are truly stuffed.
“Microsoft is now trying to save its biggest cash cow by making Android essentially a Microsoft Office platform.”“Currently on the Slashdot front page,” wrote the reader, “9 mentions of Microsoft and 11 mentions of Windows. They’re getting almost as bad as the Register and this (arstechnica.co.uk) shower. It’s all fake adverts being pushed by a Microsoft still desperately trying to be relevant. [At] arstechnica.co.uk 8 mentions of Windows and 4 mentions of Microsoft…”
Microsoft is a company that shrinks (with layoffs), but it doesn’t mean it can no longer control the media through its extensive network of unethical PR agencies (Microsoft has copywriters). Over time Microsoft may be less able to bribe officials, journalists and hire/commission assault teams (euphemistically called "compete teams" because they are inherently anti-competitive). It’s going to be increasingly hard or challenging because the budget is smaller. Microsoft fired many of its marketing staff last year. Nevertheless, we need to keep watching. Microsoft is a master of manipulation of the media. It has decades of experience and it has no ethical constraints, as we have demonstrated over the years.
Microsoft is now trying to save its biggest cash cow by making Android essentially a Office Microsoft platform. Data is being transmitted to Microsoft, but does anyone care? Even Linux sites carry water for Microsoft right now (regarding Android), not just Microsoft media moles (former staff) like Sarah Perez at AOL (seeding further coverage). Don’t think that Microsoft isn’t playing dirty games behind the scenes to make it so. █
“Working behind the scenes to orchestrate “independent” praise of our technology, and damnation of the enemy’s, is a key evangelism function during the Slog.”
–Microsoft, internal document [PDF]
Permalink
Send this to a friend
Posted in Deception, GNU/Linux, Microsoft at 4:48 am by Dr. Roy Schestowitz
“I’ve killed at least two Mac conferences. [...] by injecting Microsoft content into the conference, the conference got shut down. The guy who ran it said, why am I doing this?”
–Microsoft's chief evangelist
Summary: DockerCon gives room to Microsoft propagandists who want to divert the audience’s attention from secure GNU/Linux focus to proprietary Windows with back doors and surveillance
DOCKER rapidly grows in terms of adoption (and hype). It is Free/libre software and it is predominantly a GNU/Linux technology, like much of the whole container phenomenon. This is why Microsoft cannot just leave it alone (read: tolerate it).
Days ago we saw two misleading articles from Matt Weinberger about the Russinovich spiel, pretending that Microsoft and GNU/Linux can now sing Kumbaya. “Microsoft loves Linux” pins are now being distributed, according to a photo from this new article which says “Microsoft has doubled down on its support for Docker, further integrating the software container tech with Azure and Visual Studio Online and demoing the first-ever containerized application spanning both Windows and Linux systems.”
Proprietary software is the last thing Docker needs. Docker staff needs to learn to say “no”, having witnessed what happens to just about every company that liaises with Microsoft (even charities like OLPC). A lot of Microsoft proxies like ‘Open Tech’, CodePlex and others have virtually become non-existent, but the Trojan horse strategy has not completely failed yet. It just keeps evolving.
“To drive the point home,” wrote Neil McAllister, “there were plenty of free T-shirts available at the Microsoft booth on the subject of uniting Windows and Linux via Docker. There were even buttons with the catchphrase that Microsoft CEO Satya Nadella coined in November, “Microsoft ♥ Linux.””
For those who actually believe that Microsoft has changed its colours, here are just some recent doings (of Nadella) which ought to remind us that Microsoft actually hates GNU/Linux:
What next after “Microsoft ♥ Linux” PR? “UEFI ♥ Linux”? “SCO ♥ Linux”? “Novell ♥ Red Hat”? The bigger the lie, the more confusing and provocative it becomes. Perhaps provocation really is the goal (see Microsoft’s quote at the top of this article). █
Photo credit: Neil McAllister
Permalink
Send this to a friend
Content is available under CC-BY-SA