10.08.15
Posted in Microsoft at 11:02 am by Dr. Roy Schestowitz
“Our products just aren’t engineered for security.”
–Brian Valentine, Microsoft executive
Windows are famously easy to smash
Summary: Security flaws and even blatantly obvious loopholes for surveillance are identified in several of Microsoft’s so-called ‘products’, which turn users (and their data) into the real product (to be sold to private companies or shared with spies)
THOSE who pay close attention to the news (as we typically do) have lost count of the number of Microsoft back doors, affecting a large number of products and vast number of people. The whole spectrum of application has a plethora of ways to take over PCs and intercept messages. That’s not even an accident.
Neel Gupta wrote a month ago about Microsoft and the NSA, including the way this relates to UEFI (remote takeover at hardware level, aided by secret software and keys). Gupta wrote: “As Microsoft Windows has already lost this ‘trust’ through Spams, Blackmails, _NSAKEY, and not fixing critical bugs. So Microsoft changed it’s definition of ‘trust’ in computing: devices with dedicated microprocessor designed to secure the hardware against consumers, and only allow software signed(authorized) by the device manufacturer to run on the device.”
“There is not even a denial that there are back doors and wiretapping (without warrant). They just excuse themselves by saying “law enforcement”.”Curiously enough, based on [1] (below), Microsoft continues to expose users on the Web, making its use of HTTPS a total sham, almost definitely by design (and intention). When users go to Outlook to read their E-mails things get even worse [2,3]. “Backdoor in Outlook Web Application operates inside target’s firewall,” to quote a Microsoft-friendly writer/publication.
Microsoft ‘privacy’ is a lie, as software like Skype serves to demonstrate. There is not even a denial that there are back doors and wiretapping (without warrant). They just excuse themselves by saying “law enforcement”. The FBI never complains about encryption in Microsoft or Windows because there is none that’s truly effective.
Don’t believe what the media is saying right now about Vista 10 figures (e.g. number of devices or users) because these are lies, as we explained last week (many who tried Vista 10 moved away from it afterwards).
As Gupta’s SAP blog concludes: “Note that Windows XP, Vista, 7, and 8 are all going down. With the exodus from Windows, if we as SAP don’t create solutions on Linux and Mac/iOS, we will loose customers to those who do.” █
Related/contextual items from the news:
-
If you think using secure HTTP would be enough to protect your privacy when checking webmail, think again. When users connect to their Microsoft user account page, Outlook.com, or OneDrive.com even when using HTTPS, the connection leaks a unique identifier that can be used to retrieve their name and profile photo in plaintext.
A unique identifier called a CID is exposed because it’s sent as part of a Domain Name Service lookup for the address of the storage server containing profile data and as part of the initiation of an encrypted connection. As a result, it could be used to track users when they connect to services from both computers and mobile devices, possibly even identifying users as their requests leave the Tor anonymizing network.
-
SECURITY RESEARCHERS FROM Cybereason have sounded a klaxon over a problem with the Microsoft Outlook Web Application (OWA) that could let attackers swoop in and tag and bag data and documents through the use of APT techniques.
Cybereason discovered the bug when a customer with some 19,000 endpoints suspected that it was the victim of infection.
-
Backdoor in Outlook Web Application operates inside target’s firewall.
Permalink
Send this to a friend
Posted in America, Patents at 10:36 am by Dr. Roy Schestowitz
Summary: Criticism of NASA’s habit of clinging onto patents when it is actually the public which pays for everything
THE ISSUE that we occasionally tackle here in Techrights (and the #techrights IRC channel) is unjust monopoly acquired or protected by hoarding of patents. It is especially unjust when it’s public money (tax) subsidising this kind of monopoly. Such was the case with NASA when it sold patents (paid for by the public) to patent trolls about 3 years ago. NASA had previously helped protect and expand Microsoft’s illegal monopoly [1, 2, 3].
“Some of the people who helped NASA build its rockets are the same people (and by extension their teams) that helped launch rockets into London in the second world war.”This time, for a change, NASA decides to give these patents back to those who paid for them, setting these patents free to all [1, 2, 3, 4, 5, 6, 7]. It is claimed that as many as 1200 patents (if not more) will be set free, but there are some caveats (see headlines that mention “free access to its patents for startup entrepreneurs”).
NASA’s work is funded by taxpayers, so the very idea of them ‘donating’ patents is ludicrous (or indicative of corruption). NASA shouldn’t waste its time on patents in the first place; it can just publish its ideas and inventions in its public-facing Web site.
Don’t romanticise too much over NASA and its glorified patents. Yours truly used to believe the popular lie that space exploration of NASA gave us Teflon. Well, Teflon was made for nuclear weapons (cold war), so even this isn’t a good example of NASA’s so-called ‘inventions’. Some of the people who helped NASA build its rockets are the same people (and by extension their teams) that helped launch rockets into London in the second world war. █
Permalink
Send this to a friend
Posted in Europe, Patents at 10:16 am by Dr. Roy Schestowitz
Battistelli wants to ‘pacify’ the office by means of threats, bullying, and even exile
Summary: SUEPO, the staff union, and boards that are independent from the EPO are both under attack and are constantly threatened by Benoît Battistelli and his goons
THE misconduct at the EPO is becoming an urgent issue to tackle. We wrote about patent trolls fighting against Android (i.e. Linux) in Europe just a few days ago and the UPC may soon become a reality, joining blatant injustices like the TPP.
“The EPO wants staff to blindly obey its decisions on patents and workers’ rights while the EPO itself does not obey the law.”Earlier this week the FFII’s President Benjamin Henrion wrote that “EPO does not follow the “rule of law” principle, which means any of its acts are not challengeable in front of a court” (i.e. above the law).
The EPO wants staff to blindly obey its decisions on patents and workers’ rights while the EPO itself does not obey the law. This is double standard of the highest order.
In “March of this year alone, the IPKat welcomed 212,040 site visitors,” it wrote earlier this month. Well, that’s obviously because of EPO scandals, especially the news from the Netherlands which made it a very busy month for EPO-related news. We are gratified to see that Merpel is back to covering this topic. Last week she wrote about some new developments and yesterday she wrote about Željko Topić's latest attacks on workers' rights, preceding next week's demonstration.
“We are gratified to see that Merpel is back to covering this topic.”“On this world day against software patents,” Henrion wrote, “we have to wake up sleeping Europeans against swpatv3 via the Unitary Patent Court” (UPC is just the latest among many plots or ploys that can further legitimise software patents in Europe from the back door).
“Cisco and Samsung cross-license to ignore the harm of patents,” he noted, but the “option [is] not available to small companies and developers” (it’s very much like OIN, which helps large corprations legitimise and preserve software patents, as we last explained last night).
SUEPO, the staff union at the EPO, seems eager to fight back and challenge the gangster of the management, Mr. Topić.
“Mr Zeljko Topic (VP4),” it wrote, “and Mr Raimund Lutz (VP5) issued on 2 October 2015 a Communiqué to EPO staff titled “Your rights” which was later published here by IPKat.
“SUEPO was sorely tempted to rebut the slanderous allegations of VP4 and VP5, but the public ridicule to which they are subjected speaks volumes on our behalf, see for instance the comments on IPKat.
“Based on the very latest from IP Kat, the EPO’s Battistelli is now destroying the boards (of appeal) that are supposed to provide an independent last resort when the EPO is misbehaving.”“If anyone has doubts about the legality of SUEPO’s actions or about the sincerity of the EPO’s offer of impartial legal assistance, the SUEPO committee will be happy to answer questions. At this moment, it will suffice to say that SUEPO applauds VP4 and VP5 for finally grasping the notion of the applicability of “basic fundamental rights” and “general principles of law”, and look forward to further progress reports about their seemingly ongoing study of fundamental legal doctrines.”
Based on the very latest from IP Kat, the EPO’s Battistelli is now destroying the boards (of appeal) that are supposed to provide an independent last resort when the EPO is misbehaving. As Merpel put it: “The drive to get the Boards out of Munich strikes Merpel as either deeply stupid or entirely cynical, and she doesn’t believe Mr. Battistelli is at all stupid. The purported problem identified in Mr Battistelli’s proposal to reform the Boards of Appeal was the “perception of independence”. You couldn’t, he argued, have Boards in the same building as other EPO employees whose decisions a Board might be reviewing — which is an odd argument, since there are no Examining or Opposition Divisions based in the Isar building.
“A rather more widespread perception around the EPO is that Mr Battistelli can’t bear to have the Boards in “his” building (Merpel seems to recall that they were there first, though), and/or that he wanted to teach the Boards a lesson. Even having his own private express lift from car park to the sumptuously appointed presidential floor does not always exclude the chance that he might encounter one face-to-face during his working day.
“The relationship was poisoned when the Enlarged Board decided Case R19/12, a decision about judicial independence about which Mr Battistelli was furious. You see, far from lacking independence, the real problem for EPO management is that the Boards are sometimes too damn independent and this cannot be tolerated. Yes, there’s a structural issue in how the Boards fit into the European Patent Organisation, which would require amendment of the Convention to fully remedy, but this did not seem to cause problems in practice until now. Nobody should pretend that this proposal to move the Boards out of Munich serves the interests of judicial independence. It is really the opposite: showing this group of ungrateful judges who’s really the boss, who’s in control of their careers.
“There are many things that are rotten at the EPO and the rest of the month will be spent putting some more ‘dirty laundry’ out there.”“Having established that the Boards had to get out of the current Munich headquarters, Mr Battistelli identified two options: find another building in Munich, or relocate the members of the Boards to Berlin (Vienna, which is now the front runner, appears to have been arranged behind the backs of the Administrative Council (AC) and of the Boards, since it never formed part of the formal proposal).”
So Battistelli wants them exiled like Napoleon. See what we recently (earlier this month) wrote about these attacks on the boards. There are many things that are rotten at the EPO and the rest of the month will be spent putting some more ‘dirty laundry’ out there. █
Permalink
Send this to a friend
Content is available under CC-BY-SA