08.12.15

Gemini version available ♊︎

The Huge, Collateral Cost of Microsoft’s Collusion With Five Eyes Espionage Agencies

Posted in Microsoft, Security, Windows at 4:51 pm by Dr. Roy Schestowitz

Michael S. Rogers
“I don’t want a back door. I want a front door.” — Director of the National Security Agency (NSA), April 2015

Summary: Microsoft Windows continues to be inherently insecure, at the very least because Microsoft worked to make intrusion possible by shady agencies that operate outside the law (much like cyber gangs)

IT IS no secret that Microsoft works closely with the NSA and other Five Eyes agencies. It is also no secret that Stuxnet was developed by those agencies and targets Microsoft Windows. After it had targeted Iran it sort of ‘spilled out’ and caused many billions in damages all around the world (we covered examples). Having gotten out of hand, Microsoft’s back doors for espionage agencies were soon exploited also by the “bad guys” (not that espionage agencies can be described as “good guys”). There is no substitute for absolute, scientifically-verifiable security and strong encryption. People who sell “Golden Key” dreams are non-technical war-loving liars. Based on this new article (Dan Goodin finally targets Microsoft for a change, having repeatedly bashed just Free software), a new Windows “exploit is reminiscent of those used to unleash Stuxnet worm.” To quote Goodin: “The vulnerability is reminiscent of a critical flaw exploited around 2008 by an NSA-tied hacking group dubbed Equation Group and later by the creators of the Stuxnet computer worm that disrupted Iran’s nuclear program. The vulnerability—which resided in functions that process so-called .LNK files Windows uses to display icons when a USB stick is plugged in—allowed the attackers to unleash a powerful computer worm that spread from computer to computer each time they interacted with a malicious drive.”

“GNU/Linux is designed for security from the ground up and if one does not believe it, one can freely scrutinise the code.”Any design that lets a USB device trigger commands at such high levels is a design that’s clearly not designed by security professionals. Many other issues tied to this design have been reported for over a decade and Microsoft is not fixing it. According to last year’s explosive report, titled “N.S.A. Devises Radio Pathway Into Computers”, the NSA “relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers.”

The media may go on about how Microsoft no longer delivering security patches is an issue, but as Microsoft tells the NSA about holes before patching them, what difference does it make? All versions of Windows, no matter how up to date they are, are vulnerable. It’s not an accident. “Both Microsoft and HP were insistent companies that hadn’t refreshed [Windows Server 2003] after 14 July,” said the report, “are exposing themselves to all sorts of security attacks, and that up-to-date patches and firmware are needed.”

No, their first mistake is that they use Windows anything (never mind Windows Server, irrespective of the version too). Windows is not designed to be secure. It has back doors and front doors. GNU/Linux is designed for security from the ground up and if one does not believe it, one can freely scrutinise the code.

“The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team.”

CIO David Wennergren, Department of Defense (October 2009)

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 21/05/2022: GitLab at Fedora and Pipewire in Next Ubuntu

    Links for the day



  2. Links 21/05/2022: HP Teams up with System76

    Links for the day



  3. IRC Proceedings: Friday, May 20, 2022

    IRC logs for Friday, May 20, 2022



  4. Links 20/05/2022: Thunderbird Revenue Rising

    Links for the day



  5. Outsourcing Sites to Social Control Media is an Outdated Mindset in 2022

    Centralised or federated censorship/filtering platforms (also known as "social [control] media" [sic]) aren't the way forward; we're therefore a little surprised that Linux Weekly News (LWN) bothers with that languishing bandwagon all of a sudden



  6. Links 20/05/2022: Plasma's Latest Beta in Kubuntu 22.04, Kapow 1.6.0 Released

    Links for the day



  7. Turkey's Migration to Pardus Linux and LibreOffice Explained 2 Months Ago in LibrePlanet

    This talk by Hüseyin GÜÇ was uploaded under the title “Real world GNU/Linux story from Istanbul”



  8. In Turkey, Windows Market Share is Down to Almost Nothing, 'Linux' is About Two Thirds of the Connected Devices

    Watch this graph of Windows going down from around 99.5% to just 11.55% this month



  9. The Lies and Delusions of António Campinos

    Monopolies and American corporations (and their lawyers) are a priority for today's EPO, Europe's second-largest institution



  10. Links 20/05/2022: Fedora BIOS Boot SIG

    Links for the day



  11. Links 20/05/2022: Oracle Linux 8.6 and VMware Security Crisis

    Links for the day



  12. IRC Proceedings: Thursday, May 19, 2022

    IRC logs for Thursday, May 19, 2022



  13. Links 19/05/2022: Rust 1.61.0 and Lots of Security FUD

    Links for the day



  14. EPO Eating Its Own (and Robbing Its Own)

    António Campinos is lying to his staff and losing his temper when challenged about it; Like Benoît Battistelli, who ‘fixed’ this job for his banker buddy (despite a clear lack of qualifications and relevant experience), he’s just robbing the EPO’s staff (even pensioners!) and scrubbing the EPC for ill-gotten money, which is in turn illegally funneled into financialization schemes



  15. [Meme] EPO Budget Tanking?

    While the EPO‘s António Campinos incites people (and politicians) to break the law he’s also attacking, robbing, and lying to his own staff; thankfully, his staff isn’t gullible enough and some MEPs are sympathetic; soon to follow is a video and publication about the EPO’s systematic plunder (ETA midnight GMT)



  16. EPO.org (Official EPO Site) Continues to Promote Illegal Agenda and Exploit Ukraine for PR Stunts That Help Unaccountable Crooks

    epo.org has been turned into a non-stop propaganda machine of Benoît Battistelli and António Campinos because the EPO routinely breaks the law; it’s rather tasteless that while Ukrainians are dying the EPO’s mob exploits Ukraine for PR purposes



  17. [Meme] EPO Applicants Unwittingly Fund the War on Ukraine

    As we’ve just shown, António Campinos is desperately trying to hide a massive EPO scandal



  18. EPO Virtue-Signalling on the Ukrainian Front

    António Campinos persists in attention-shifting dross and photo ops; none of that can change the verifiable facts about the EPO’s connections to Lukashenko’s 'science park' in Minsk



  19. Links 19/05/2022: PostgreSQL 15 Beta 1 and Plasma 5.25 Beta

    Links for the day



  20. A Libera.Chat Anniversary and Happy Birthday (Maybe the Last) to 'Leenode'

    What became known as the so-called ‘Leenode’ is a cautionary tale, but maybe it is also a blessing in disguise because IRC as a whole seem to have become a lot more decentralised (as everything should be)



  21. Links 19/05/2022: The Gradual Fall of Netflix/DRM

    Links for the day



  22. IRC Proceedings: Wednesday, May 18, 2022

    IRC logs for Wednesday, May 18, 2022



  23. Links 18/05/2022: Qt Company Loses Chief; OpenSUSE Leap Micro 5.2 and RHEL 9 Final

    Links for the day



  24. Jim Zemlin's Wife is Funded by Puppies (Microsoft)

    Jim Zemlin — like his wife — is bagging millions from Microsoft, but that’s clearly a conflict of interest for the Linux Foundation



  25. Links 18/05/2022: More Defections From WordPress to Gemini

    Links for the day



  26. Links 18/05/2022: PikaScript and cURL's Annual User Survey

    Links for the day



  27. IRC Proceedings: Tuesday, May 17, 2022

    IRC logs for Tuesday, May 17, 2022



  28. Phoronix: Microsoft and Phoronix Sponsor (and Close Microsoft Partner) AMD All Over the Place

    When you’re taking massive 'gifts' from AMD (and also some from Microsoft) maybe it’s not surprising that editorial decisions change somewhat…



  29. EPO Has No F-ing Oversight

    Earlier today SUEPO mentioned this new article demonstrating that EPO President António Campinos can very obviously and blatantly violate the Code of Conduct of the Office without facing any consequences; there are translations too, so the report is now available in four languages



  30. [Meme] Linux-Rejecting Foundation

    The Linux Foundation never really leads by example; by default, it uses proprietary software


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts