05.02.21

Microsoft-Centric “Ransomware Task Force”

Posted in Deception, Microsoft, Security at 3:37 am by Guest Editorial Team

Original by Mitchel Lewis, republished with permission

Microsoft ransom
Source: https://www.statista.com/statistics/701020/major-operating-systems-targeted-by-ransomware/

Summary: Mitchel Lewis, a former Microsoft employee, takes a look at Microsoft-connected or Microsoft-controlled ‘think tanks’ in ‘task force’ clothing

Although most platforms have had their flare-ups with ransomware, it’s well-known that Microsoft’s legacy architecture has a hyper-monopoly with respect to ransomware infections that consequently renders all other platforms into negligible outliers in comparison. In fact, there’s nothing in this world that Microsoft monopolizes better than ransomware attacks at the moment.

Depending on who you ask, anywhere from 85–99% of ransomware attacks occur on Microsoft architecture, often via well-known vulnerabilities. Because of this common denominator, most working within the ransomware space daily would find it supremely difficult gloss to over the vulnerability of Microsoft’s architecture as being a key component in the rising prominence of ransomware and this is especially true if they were asked to write an 80-page report on the matter.

Taskforce ransom
A “venerable” who’s who of the ransomware field.

Recently though, a team of more than 60 lawyers and supposed experts that no one has ever heard of before from software companies, cybersecurity vendors, government agencies, non-profits, and academic institutions came together with the Institute for Security and Technology, an institute that no one has ever heard of before, and achieved the irrational by developing a “comprehensive framework” attempting to tackle the modern threat of ransomware. To no surprise and in true Dunning-Kruger fashion whenever expertise is proclaimed, these experts managed to accomplish the unconscionable by overlooking Microsoft’s blatant complicity in the ransomware space and the fundamental importance of modern infrastructure in the face of IT security and prevention of ransomware in an 81-page report.

ZDNet ransom
This wasn’t even a revelation in December for anyone with half of an ass in the field of assessing root cause.

To be fair, the task farce rightfully highlighted the rise of cryptocurrency as a motivational force behind ransomware attacks and further dubbed ransomware to be a threat against our national security, this is nothing new; even my stupid ass has been talking about this for 6 months now. Many of their suggestions are relevant too and might help to some degree, but they’re reactionary and ancillary at best in comparison to an architectural shift away from Microsoft solutions; the single best preventative measure that a company can take to defend itself against various attacks plaguing industry throughout the world, ransomware or otherwise. Hell, their whole article only mentioned prevention 3 times.

Safety Detectives
Source: https://www.safetydetectives.com/blog/ransomware-statistics/

With the exception of Hafnium, most attacks are rudimentary at best and exploit well-known vulnerabilities throughout the Microsoft ecosystem and the ignorant companies refusing to mitigate these vulnerabilities in favor of convenience. More often than not, ransomware infections are a direct consequence of phishing campaigns, poor password complexity, poor lockout policies that embolden brute force attacks, poorly trained users, no MFA, no VPN, and admins ignorantly exposing RDP to the WAN, etc. All of which are fundamental no-no’s in the world of IT security that are amazingly easy to prevent and almost all of which are targeted exclusively at Microsoft cloud and server solutions hosted on-premise by their clientele. And a task force of supposed experts would have acknowledged this if they were actually experts in ransomware or IT security.

Given all of this, it seems as if Microsoft is just as much of a threat to our national security as ransomware itself; you can’t have one without the other. Although many of these attacks are preventable and much can be done to supplement Microsoft architecture to harden against said attacks, it’s becoming increasingly evident that it’s impossible for most teams to account Microsoft’s entire threat surface, ransomware or otherwise, and that it’s simply too complex, costly, and cumbersome for most IT staff to manage. As such migrating away from the Microsoft ecosystem entirely is the single most viable way to reduce your threat surface against ransomware and pretty much every other form of attack; the drastic reductions in IT ownership costs and improved employee morale are nice too I hear.

This is not easy though. On top of being notorious for ransomware, Microsoft is notorious for optimizing their solutions for lock-in, addiction if you will, which makes them incredibly difficult and costly to migrate away from. The benefits are immediate to those with the grit to migrate though.

But instead of highlighting any of this, the task farce appears to be operating under a false pretense that ransomware is somehow a platform-agnostic affair and that architecture is irrelevant while further ignoring the important role that architecture plays in preventing ransomware and neglecting to showcase Microsoft for being a common denominator that it is; bungling it massively if you will. This is so much the case that they only mentioned the word architecture once in their entire report. If anything, they appear to be adopting Microsoft’s “assume breach” approach which is just their way of shifting blame to the people who support and manage their unsupportable and unmanageable solutions. All of which forces me to question the degree of their expertise and their intentions.

As harsh as this may seem at first, questioning their expertise is fair when there seems to be no focus on preventative measures and devoid of even the most obvious architectural recommendations; no acknowledgment that most ransomware attacks are preventable, no acknowledgment that not all architectures are equal, and no acknowledgment that they often occur when fundamentals are abandoned or forbidden. More often than not, there’s an IT nerd saying, “I told you so.”, to their change-averse management post-mortem with emails to back it up and this just isn’t something that experts can simply ignore when trying to prevent ransomware.

 Katie Nickels with context
Recommendations given, no response as expected.

Katie Nickels

To say the least, the IST report would look markedly different if boots on the ground were at least consulted with beforehand, hence why I began to question it so flagrantly as someone that has dealt with ransomware and its prevention for half a decade now. In an effort to clarify their expertise, I reached out to Katie Nickels, one of the task farce members, and she didn’t argue or lambast me with credentials proving otherwise and merely asked for my recommendations; a low-key admission of my expertise concern having merit if you’re into that whole social engineering thing.

Unsurprisingly and rather than supplying ransomware experts that could provide action items for people that actually work against ransomware on a daily basis which Microsoft has an abundance of, Microsoft instead supplied their digital diplomacy team comprised of Kemba Walden, Ginny Badanes, Kaja Ciglic, and Ping Look, which is curious because none of these people get wake-up calls when ransomware is dominating the infrastructure of their clientele. So far as I can tell, none of them seem to have even gone on the record about ransomware prior to this task farce being formed and it’s hard to see their role in the task farce and the absence of Microsoft’s complicity in their report as a coincidence.

Katie Nickels' reply

When combining these oversights, the dominant presence of Microsoft spin artists within their task farce, and the high likelihood of a sizable donation from Microsoft to the Institute for Security and Technology though, none of this should come as a shock to you. As shown with fraud of dolphin-safe labeling/oversight, we live in a world where industry has a penchant for hijacking its own watchdogs with massive donations and further installing people throughout their ranks that are sympathetic to the plight of starving investors; all of which Microsoft has been accused of before which appears to be the case with the #ransomwaretaskforce. Roy Schestowitz refers to this approach as entryism and it may be time to pay more attention to these nefarious approaches in the tech space.

In summary, trying to cull ransomware via decree alone is only viable in comparison to throwing virgins into a volcano. Given Microsoft’s monopoly on ransomware attacks, the single best thing that any organization can do to prevent ransomware from ravaging your IT infrastructure is to migrate far, far away from Microsoft architecture entirely. Once that is accomplished, companies can implement multi-factor authentication, complex password requirements with password managers, and spare no expense on user training to further reduce their exposure to ransomware and other attacks that leverage these very same threat vectors. And companies can do this while reducing their ownership costs by a factor of 3 conservatively as showcased by IBM when they standardized on the Apple ecosystem; those less efficient at managing PCs at scale than IBM stand to see greater reductions.

You’re welcome to disagree and stay on Microsoft architecture or believe that approaching ransomware via bureaucracy- laden decrees is viable. It’s your funeral. But if you find yourself in this precarious position of deferring to lawyers and people that have never been on the hook to remove ransomware before, it may be a sign that you should do more reading and less talking about the matter instead.

03.29.21

Microsoft’s Death in Web Servers Accelerates Further (10% of Sites Lost in Just One Month!)

Posted in Free/Libre Software, GNU/Linux, Microsoft, Security, Servers at 12:32 pm by Dr. Roy Schestowitz

It’s a bloodbath!

Free software RMS server

Video download link

Summary: The corporate ‘tech’ media never mentions it, but Microsoft is becoming a dying breed in Web servers (watch the video above) and it will have to quit that sector altogether some time soon

OVER the past few months we’ve closely observed the collapse of IIS and Windows in Web servers [1, 2, 3]. Today, or just over an hour ago, this latest report was published and said “Microsoft lost 9.6% (-7.5M) of its sites this month and ceded third place to OpenResty which in turn gained 1.2 million (+1.6%).”

“Shouldn’t that be all over the corporate ‘tech’ media?”Losing 10% in just one month is huge. Maybe people need to focus on that instead of some phony scandal over an E-mail sent 2 years ago (not the E-mails that really matter). IIS might be a dead product in 1-2 years from now, leaving Microsoft in the (Web) server space no better than it is in HPC/supercomputers. Shouldn’t that be all over the corporate ‘tech’ media? Well, when Microsoft pays the sites which claim to cover “tech” they’d rather defame RMS on political (non-tech) matters than cover actual tech news.

03.12.21

EPO Breaking the Law With Microsoft and Promoting Fake ‘Encryption’ That Violates Confidentiality on Many Levels

Posted in Deception, Europe, Microsoft, Security at 6:32 pm by Dr. Roy Schestowitz

Video download link

Summary: An explanation of how truly ridiculous the EPO has become, handing over to Microsoft (and to the US government) just about all of the EPO’s communications in direct violation of the law, as well, so the only question now is, will the law actually be enforced soon? Contact your local MP/MEP and report this to him/her.

THE EPO is breaking the law. The António Campinos regime is just as bad as Benoît Battistelli‘s, even when it comes to privacy and pressuring judges to allow unlawful patents, such as software patents.

Steve Rowan - Vice President DG1 - Patent Granting ProcessIn parts of the series prior to this one, including Part II, we explained what the EPO had done and why it’s illegal. I recorded a video (the one above) prior to the publication of Part II.

It’s a long video, we could add a lot of links to it (I thought of many that would be relevant while recording it, but failed to take notes throughout), though the ones that seem of most relevance are Microsoft and the NSA relations, the latest Exchange fiasco (as recently as hours ago they still try to distract from it), how end-to-end encryption (e2ee) really works and some background about Stephen Rowan. The full text of the communication is reproduced below:

04.02.2021

Home > Organisation > DG 1 > The Vice-President > Announcements > 2021

Outlook Migration to the Cloud

Data encryption requirements for sending highly confidential data via Outlook

As announced in previous intranet items published in May and December 2020, our Outlook mailboxes
are being transferred to the cloud.
The transfer will take place in phases and cover only emails since 1 January 2021.
As regards the patent grant process, only the following documents are classed as “EPO strictly
confidential” and must not be sent by email without encryption:
(i) application documents of unpublished applications (EP, PCT, national)
(ii) search reports, search opinions, communications and decisions relating to unpublished applications
(iii) search statements resulting in the disclosure of unpublished application documents (Guidelines B-III,
2.4; B-IV, 2.4)
(iv) documents excluded from file inspection (documents which are marked as non-public in DI+, such as
dissenting opinions, medical certificates, PACE requests, etc.)
Guidance for the storage of strictly confidential information in the cloud
The storage of strictly confidential documents in the cloud should be avoided, and data should not be
copied unnecessarily from the EPO’s specialised document management systems such as DI+. In
practice, this means that, instead of e.g. copying data into an email, you should send a link to the
document in the document management system (see also “How to send an email with document links or
zipped attachment via Outlook”).
Where sharing of strictly confidential data is necessary, the data must be encrypted before storing it in the
cloud or sending a link to it via email.
It is strongly recommended that you do not send the data directly in an email but instead encrypt the
document, store it in the cloud, e.g. on SharePoint or OneDrive, and then send the recipients a link to the
encrypted document by email. The password then needs to be shared via a separate channel, e.g. in a
Teams chat, via Skype or on the telephone. Sending encrypted attachments is strongly discouraged, as
they might not pass spam filters: using encrypted attachments is a very common way to infect user
computers, so our email gateways do not allow encrypted attachments to be sent from or to our Outlook
cloud instance.
The easiest and safest way of encrypting a document is to use the built-in capabilities of the Office
programs. Simply protect the document with a password, which also will encrypt the document with a
strong encryption algorithm. Obviously, this password should be safe. As a rule of thumb, it should be
about as complex as our login passwords, but of course not identical to a password already used. Chat is
a good way to send the password, as a long random password can be easily copied and pasted from the
chat into the password prompt in the Office program. Examples of how to apply encryption in popular
Office programs are in the document annexed here.

Reasons and background

The level of security provided by Microsoft’s cloud services is very high and will even mean an
improvement in information security for our email system. In the cloud, our mailboxes will be protected by
the most sophisticated systems.
Email in Microsoft’s datacentres is stored with a high standard of encryption, both in transit and at rest.
With the help of contract terms, a data protection agreement and technical implementation, the EPO has
ensured the best possible protection for the data stored using Microsoft’s cloud services. Microsoft
guarantees that the data itself is stored on EU servers within the jurisdiction of the European data
protection rules (GDPR).
Under the US Foreign Intelligence and Surveillance Act (FISA) and the US Clarifying Lawful Overseas
Use of Data Act (CLOUD Act), Microsoft is obliged to grant security and intelligence agencies access to
data stored in its cloud, even when stored on EU servers.
However, the protection level offered by Microsoft is still sufficiently high for DG 1 processes in place for
confidential data exchange not to need encryption.
By contrast, to comply with the highest standards, which of course include the requirements imposed
under the GDPR, encryption is needed for strictly confidential data.
The guidance on the use of cloud tools therefore states that it is only strictly confidential data that must
not be stored in plain form in the cloud, whereas merely confidential information can be stored there
without limitations. The EPO defines “strictly confidential” in its “policy for information classification”
(document attached) as:
EPO strictly confidential: Information unauthorised disclosure of which could compromise or
cause severe damage to the EPO or could cause damage to an identifiable individual or his
or her reputation. Access control cannot be delegated by the information owner, and is restricted to
registered named persons only. See here for more information.
The vast majority of DG 1 documents do not fall into this category, and this is true for typical performance related
data too, since even poor performance must be regarded as “normal” working behaviour and
cannot be considered to actually cause damage to an individual. For strictly confidential data, additional
access control measures, such as registering people with access, are already implemented where
required.

04.02.21 | Author: Steve Rowan – Vice President DG1 – Patent Granting Process

In Part III, which we will publish tomorrow, lots more will be shown.

EPO and Microsoft Collude to Break the Law — Part II: Steve Rowan Announces Microsoft “Outlook Migration”

Posted in Deception, Europe, Microsoft, Security at 4:10 pm by Dr. Roy Schestowitz

Previous parts:

Steve Rowan - Vice President DG1 - Patent Granting Process
Steve Rowan – passionate about “talking the talk”.

Summary: Steve Rowan on the implementation of illegal surveillance by Microsoft and the United States, covering all EPO operations including strictly confidential communications

Steve Rowan moved to the EPO in 2019 (warning: epo.org link). Prior to that he had held the position Director of Patents, Trade Marks, Designs and Tribunals at the UKIPO.

Steve was recruited by Campinos as part of a drive to give the EPO’s senior management team a “new look” and as part of a carefully orchestrated attempt to create a “perception of independence” from Team Battistelli which had fallen into public disrepute.

Since then this affable and garrulous Welshman has been busy doing the rounds, “talking the talk” and pressing the flesh in an effort to convince EPO staff that everything has changed for the better.

When listening to him you could be forgiven for coming away with the impression that it’s all one big happy family now and that the unpleasantness of the Battistelli era has been consigned once and for all to the dustbin of history – even if Elodie Bergot is still running the show at the HR Department.

Steve has taken to his new role like a duck to water and he seems to enjoy playing the EPO’s “Prince of Woke”, sponsoring events such as the “Women in the Lead” programme – a mentoring initiative for women at the EPO aspiring to managerial roles – and various other worthy “diversity & inclusion” causes.

More recently, at the start of February, Steve issued a communiqué to EPO staff on the subject of “Outlook Migration to the Cloud”. This communiqué is noteworthy because it confirms the EPO’s increasing reliance on cloud computing services hosted by Microsoft.

In his communiqué Steve informed EPO staff that “as announced in previous intranet items published in May and December 2020, our Outlook mailboxes are being transferred to the cloud.”

But when reading the full text of the communiqué it’s impossible not to wonder whether Steve fully understands the P’s and Q’s of data protection and the potential risks associated with putting all of the EPO’s precious data eggs into the Microsoft basket:

“With the help of contract terms, a data protection agreement and technical implementation, the EPO has ensured the best possible protection for the data stored using Microsoft’s cloud services. Microsoft guarantees that the data itself is stored on EU servers within the jurisdiction of the European data protection rules (GDPR).

Under the US Foreign Intelligence and Surveillance Act (FISA) and the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act), Microsoft is obliged to grant security and intelligence agencies access to data stored in its cloud, even when stored on EU servers.

However, the protection level offered by Microsoft is still sufficiently high for DG 1 processes in place for confidential data exchange not to need encryption.

By contrast, to comply with the highest standards, which of course include the requirements imposed under the GDPR, encryption is needed for strictly confidential data.

The guidance on the use of cloud tools therefore states that it is only strictly confidential data that must not be stored in plain form in the cloud, whereas merely confidential information can be stored there without limitations.”

Cloud fantasy
Is EPO Vice-President Steve Rowan living in a data protection “cloud-cuckoo land”?

Steve’s blind faith in Microsoft and its assurances is very touching but one wonders whether he realises the full ramifications of handing over the EPO’s internal e-mail and video-conference communications to a US-based electronic communications services provider.

Quite bizarrely, he doesn’t seem to bat an eyelid over the fact that “Microsoft is obliged to grant security and intelligence agencies access to data stored in its cloud, even when stored on EU servers”.

Despite the gushing optimism of the EPO Vice-President, there remains a nagging suspicion in some quarters that the EPO’s increasing reliance on Microsoft – in particular its cloud computing services – is a legitimate source of public concern.

Before looking into this in more detail we will make a detour into the subject of mass surveillance and “digital sovereignty”.

This planned intermezzo is intended to assist the reader in making a fully informed judgment as to whether everything is really as fine and dandy as Steve would have us believe or whether – as some suspect – he is living in a data protection “cloud-cuckoo land”…

03.11.21

Fake Security From Linux Foundation and the Monopolies It’s Fronting for

Posted in Deception, Free/Libre Software, GNU/Linux, Google, IBM, Microsoft, Red Hat, Security at 12:17 pm by Dr. Roy Schestowitz

Video download link

Summary: Linux Foundation as a front group (of IBM and others) is once again falsely marketing as ‘security’ something which in practice gives more control to a handful of monopolies that spy on people and steal people’s personal data (that in itself is a security breach)

THE above video turned out to be a lot longer than expected. It started by dealing with fake security like this latest monopolisation and centralisation stunt, sheltered by the Linux Foundation for the impression of being vendor-neutral.

At the end the video ended up mentioning UEFI ‘secure’ boot (outsourcing control to monopolies; letting foreign corporations decide what you can and cannot boot on your computer), Flathub (the binary/blob/proprietary “repo” or “app/s store” mentality), TPM, and even Let's Encrypt, which turns Web access into a monopoly (one authority getting to decide what sites you can and cannot access). Of course none of those things are truly about security; they’re about control (not yours, not by you) and centralisation/monopolisation that will definitely beget censorship and collective social control.

IBM logoIt’s 2021 already and the corporate media participates in a campaign of deception around what constitutes real security and good practices around real security. Boosted by FUD, Microsoft is trying to buy the major supply chains (GitHub and then NPM), in turn serving malware to GNU/Linux and then blaming “Linux” or the companies using it (never even mentioning that malware was in fact being delivered by Microsoft from its very own servers). This is not security. This is monopoly imposed on us in the name of “security”, just as back doors inside encryption get marketed as “national security” (as if only terrorists need secure communication channels).

03.03.21

Microsoft Weaponises (and Further Spreads) Racism to Distract From Its Own Incompetence (and ‘Five Eyes’ Collusion for Back Door Access)

Posted in Deception, Microsoft, Security at 11:48 am by Dr. Roy Schestowitz

Video download link

Summary: Racist Microsoft is at it again; we’re meant to think that China is evil for doing exactly what the United States has been doing but more importantly we’re told not to blame Microsoft for shoddy code and back doors (classic blame-shifting tactics and overt distortion of facts, as we saw in the wake of SolarWinds backdoors)

THE companies that dominate the media (and let’s face it, tech oligarchs literally buy more and more of the media over time) think they can get away with collusions for back doors if only they keep saying “privacy” and pay publishers to print misleading puff pieces. They do this time after time, hoping people will forget programs such as PRISM [1], wherein Microsoft (the first company in the program) gave the NSA access to all E-mail [2-5].

“Apparently, to Microsoft, it’s perfectly fine when ‘Five Eyes’ agencies read all the mail; when (allegedly) China does it, in effect taking over Windows machines with back doors in them, all blame should be shifted to China.”Microsoft-connected sites are now being cited [6], telling us that “UNIX” and “Linux” (or some companies that compete viciously against Microsoft) are to blame for Microsoft sending malware their way [7], but more outrageously the media is today (or this week) helping Microsoft deflect/spin a major blunder/scandal [8,9]. Instead of blaming back doors (insecurity by design and intention) or technical incompetence they want us all to blame supposedly Chinese actors (no proof provided for such an attribution), who are merely unauthorised parties taking advantage either of back doors or bad quality code. Apparently, to Microsoft, it’s perfectly fine when ‘Five Eyes’ agencies read all the mail; when (allegedly) China does it, in effect taking over Windows machines with back doors in them, all blame should be shifted to China.

Trump MicrosoftThese xenophobic if not racist tactics from Microsoft jibe very well with the company’s special relationship with Donald Trump, who helped enrich Bill Gates, gave Microsoft US taxpayers' money, rigged a procurement process (Pentagon/JEDI) in Microsoft’s favour, and wanted to give TikTok (a Chinese company) as a gift to Microsoft by blackmail tactics which are likely illegal (an abuse of authority). He did this while Microsoft was laying off lots of workers (because it's a failing company).

News items from the video:

  1. PRISM (surveillance program)
  2. Microsoft handed the NSA access to encrypted messages
  3. Microsoft helped NSA access private emails and Skype video calls, says new report
  4. Report: Microsoft collaborated closely with NSA – CNN
  5. A new report from the Guardian newspaper claims Microsoft willingly collaborated with the NSA on users’ data.
  6. Malicious NPM Packages Steal Linux and Unix Password Files of Amazon, Slack, and More
  7. Malicious NPM packages target Amazon, Slack with new dependency attacks
  8. Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
  9. Microsoft Says Chinese Hackers Responsible for Exchange Attacks

03.01.21

ZDNet Really Hates Golang (Maybe Because Microsoft Does)

Posted in Deception, Free/Libre Software, FUD, Microsoft, Security at 5:05 pm by Dr. Roy Schestowitz

Video download link

Summary: The Golang programming language seems to be the target of intense FUD campaigns from sites connected to Microsoft, so it’s likely a bit of a Nemesis/endgame to Microsoft monoculture (unlike Rust, which Microsoft has already pocketed and is actively besieging to promote Microsoft monopoly and hardware monoculture)

THE Microsoft FUD machine known as ZDNet is at it again. “ZD” stands for Zero & Dreck.

Anyway, this Microsoft propaganda site is constantly spreading FUD against Golang just because more and more people, both developers and non-developers, use it. It has enjoyed fast adoption/growth, unlike the failing frameworks from Microsoft (which are barely adopted after decades out there). It’s envy. It’s fear. It’s FUD. The core of the FUD has (more so lately) been something like this: people can write malware using Golang. So that means Golang itself is “malware” or “for malware” or “helps malware” (something along those lines; anything to tarnish Golang’s name by association).

“Fake reporting and fake security are a growing problem online.”Shame on Brittany Day for amplifying all this ZDNet trash and FUD. It’s not the first time LinuxSecurity.com does this; the site not always anti-Linux, but too often it relays anti-Linux pieces without some basic “Sanity Check” or fact-checking. So the FUD gets added to the mix and perpetuated for anti-Linux elements’ benefit.

Golang logoThe latest FUD says: “There’s been a 2,000% increase of new malware written in Go over the past few years. Many of these malware families are botnets targeting Linux and IoT devices to either install crypto miners or enroll the infected machine into DDoS botnets.”

We would rather not link to either site and send traffic in this stuff’s direction/way. But for those who are interested the video gives enough of a starting point (such as headline or URL).

Fake reporting and fake security are a growing problem online. Faking stuff is the business model.

02.02.21

Raspberry Pi (at Least Raspbian GNU/Linux and/or Raspberry Pi Foundation) Appears to Have Been Infiltrated by Microsoft and There Are Severe Consequences

Posted in GNU/Linux, Microsoft, Security at 9:11 am by Dr. Roy Schestowitz

Video download link

Summary: Microsoft entryism (using fake ‘love’ and openwashing tactics) seems to have yielded the worst possible outcome; it now has root-level access, without user consent, into millions of Raspberry Pi devices

SEVERAL years ago the thugs from Microsoft marked the Raspberry Pi Foundation for death or defection, as they had done OLPC a decade earlier.

Raspberry PiMicrosoft is a cult that does not tolerate anything that’s not Microsoft. Those who seriously think that Microsoft “loves Linux” are deeply deluded or bribed/misled by (or like) the Linux Foundation. Microsoft has long faked “love” just to get closer to what it’s trying to destroy (or take over, then destroy).

“Microsoft has, via the package repository, defacto root access.”
      –Anonymous
The video above provides technical and objective truth about claims I received last night. Microsoft is now spying on a lot of Raspberry Pi devices and these devices are happy to push proprietary software for Microsoft.

How did that happen? Why was there no disclosure or warning?

Are you already ‘infected’? Here’s how to check. We’ve reproduced this on two devices so far. The operating system (this might be applicable to more):

$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"

How to know if you’re affected/infected already:

$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main

We don’t know yet if this affects only Buster-based devices. We need to highlight the issue before this becomes widespread.

Raspberry Pi logo“Just in case the implications were not obvious,” our source noted, “Microsoft servers get pinged with every update. That tells them the quantities and locations of all the world’s networked Raspberry Pi computers running Raspberry Pi OS.”

Here in Techrights we’ve long warned about adding Microsoft to sources (e.g. to install proprietary software like Edge). This isn’t just another company; it’s the company looking to undermine GNU/Linux and it’s also blackmailing the platform using patent lawsuits (yes, still). It loves Windows, not “Linux”.

A poor work-around or fix (to the above):

sudo rm /etc/apt/sources.list.d/vscode.list
sudo touch /etc/apt/sources.list.d/vscode.list
sudo chattr +i /etc/apt/sources.list.d/vscode.list

But why was this added in the first place? “A far as I can tell,” the source said, “the file was injected during an update this weekend, but no package fesses up to having created it.”

sudo dpkg -S /etc/apt/sources.list.d/vscode.list
dpkg-query: no path found matching pattern /etc/apt/sources.list.d/vscode.list

We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.

“We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.”“Conclusion,” according to our source, is that “Raspberry Pi Foundation has a quisling somewhere inside.”

“Result,” the source added: “Microsoft has, via the package repository, defacto root access.”

“This is almost certainly a direct reaction to the Raspberry Pi having entered the desktop market with very, very serious models.”

“We need to slaughter Novell before they get stronger….If you’re going to kill someone, there isn’t much reason to get all worked up about it and angry. You just pull the trigger. Any discussions beforehand are a waste of time. We need to smile at Novell while we pull the trigger.”

Former Microsoft VP James Allchin

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts