Bonum Certa Men Certa
If Microsoft Loves Miguel and Novell, Then They Must be Good for GNU/Linux, Right? | IRC: #boycottnovell @ FreeNode: January 14th, 2010

Chinese Google 'Attack' Involves Microsoft Windows Flaws

China satellite image



Summary: It is not Google's fault but Microsoft's fault that China managed to compromise accounts not just of Google but of over 20 other companies, by Microsoft's own admission

YESTERDAY we mentioned Google's reaction to attacks from China, which are now confirmed to be targeting different companies. It was not something against Google as Google is one among several victims and some people doubt there will be an exit from the largest Internet market.



How would leaving the Chinese market actually prevent Chinese crackers from connecting to Google servers? It would not.

Hacking Risks Persist Even If Companies Withdraw From China



Google and other enterprises still face a bleak computer security landscape that makes their companies vulnerable to hackers, whether they do business in China or not, analysts say.


Perhaps the most interesting revelation, which was found buried deep inside reports, is the role of Windows in these attacks on Google. Check this one out for example: (the emphasis in red is ours)

More sources are now claiming the Chinese government is behind the recent cyberattacks against Google and 33 other Silicon Valley companies, reports security firm Verisign iDefense. The attacks, revealed yesterday via a posting on Google's official blog, were hacking attempts on the technology infrastructure of Google and other major corporations in sectors that included finance, technology, media and chemical, said Dave Girouard, president of Google Enterprise.

[...]

While July's attacks were detected early and were largely uneventful, December's attacks did find some success. In addition, these same sources claim that the files in both cases share similar characteristics. For example, both attacks used a backdoor Trojan in the form of a Windows DLL, and both share two similar hosts for the command-and-control (C&C) communication. In layman's terms, if the cyberattack was a ground assault during a war, the C&C would be the general barking out the orders. Also in both incidents, the IP addresses used for C&C are in the same subnet and only six addresses apart from each other. That means both attacks are likely to have been instigated by the same entity and may imply that the recent victims' technology infrastructure has been compromised since July.


When one in two Windows PCs is said to be a zombie PC, the above should not be surprising. This was a targeted attack which must have relied on China activists' use of Microsoft Windows.

As the name suggests, the carefully crafted assaults differ from the net-cast-wide malware most often seen. A targeted attack specifically selects its victim and generally sends an e-mail using that person's name and perhaps business title. The body of the message might reference an attached list of business contacts, or describe it as an invoice, or use any other hook that would allay suspicion and convince the victim to double-click the attachment.


Real activists do not use Windows and should use GNU/Linux. A few moments ago, our reader Jose added information that confirms the above. It's an AP article titled "Microsoft's browser flaw exposed Google to hackers" and it says (in the opening): "Microsoft says a security flaw in its Internet Explorer browser played a role in the recent computer attacks against Google and at least 20 other companies."

In other news, a bank server has just been compromised and Baidu got hit by the same group that exploited Windows botnets to take down Twitter [1, 2, 3, 4, 5, 6]. We mentioned this story here and there's more from The Register:

The same group that used a DNS attack to hijack Twitter last month has defaced the home page of Chinese search engine Baidu.

Surfers visiting Baidu site on Monday night were confronted by the message "This site has been hacked by Iranian Cyber Army", together with an image of the Iranian flag. Early speculation suggests the attack involved changing Baidu's DNS records rather than a direct attack on the site itself, but this remains unconfirmed.


Baidu -- unlike Google -- was not a victim of customers who use Windows. Google should tell customers that it's not Google that's vulnerable; it's Windows. Customers should therefore rethink their platform preferences. The same already goes for banks, for similar reasons.

Comments

If Microsoft Loves Miguel and Novell, Then They Must be Good for GNU/Linux, Right? | IRC: #boycottnovell @ FreeNode: January 14th, 2010

Recent Techrights' Posts

Those of Us Who Grew Up Playing Doom Must Remember What Microsoft Did to Its Creator
Doomed by Microsoft
At The Register MS, Fake 'Articles' Sponsored by WIntel (Windows+Intel)
We've meanwhile noticed that there's new sponsored spam in at The Register MS and it might be slop
In Addition to National Delegates, Contact the French or Portuguese Governments (Politicians) Regarding António Campinos
Someone needs to step into the EPO and open up all the closets
EPO People Power - Part IV - Sexism, Chauvinism, and Lines of Cocaine at Europe's Second-Largest Institution
Recently, one reader told us about Berenguer, who made the "mistake" of using cocaine in the open market
The Web Has Become Extremely Rude
If you cannot behave, go offline
Like Clickfraud Spamnil (Swapnil Bhartiya) But for Hate Mongering: What Twitter Has Become
If you still waste time in Social Control Media, consider changing course
 
Links 11/12/2025: Escalations Around Japan, Software Patents Found Invalid
Links for the day
Killing the IBM Cash Cow, Raising Massive Debt Instead
In a healthy company, the CEO and CFO would get sacked on the spot for doing so. But IBM is not a healthy company, it's just a sick cow being milked to death.
Links 11/12/2025: Dangerous Flukes by Slop and Bottled Water as 'Placebos'
Links for the day
Gemini Links 11/12/2025: Repairs, Wisdom of the Crowds, and AC Explorations
Links for the day
We Need Your EPO Insider Stories
To date, the EPO and any other company/institution hasn't managed to remove even a single public page that we published
Yes, IBM is Also Laying Off Indians (Even in India)
that goes against the popular/hot narrative of "jobs moving to India"
Microsoft-Sponsored Wikipedia Spam About "AI", Added by Microsoft Operatives
When it comes to Wikipedia, follow the money (sponsors)
Keep on Pushing, EPO Management is in a State of Panic This Week
Contact your representatives today
If You Want Freedom, Follow Richard M. Stallman (RMS)
To be clear, I like Linux, I like its founder
EPO People Power - Part III - Challenging Corruption
The media - as in the national press - isn't interested in writing about it
The Flawed Notion of Criticising for Criticism's Sake
People who are highly critical of things are not "toxic"
A Lot More Than Techrights
you probably also want to follow the RSS feed of the sister site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 10, 2025
IRC logs for Wednesday, December 10, 2025
Slopfarms Parrot Any Number That GAFAM Throws at Them, Even Totally Fictional Figures That Merit Fact-Checking
fake from Microsoft
Microsoft Lunduke Tailors His 'Content' for 4Chan
The latest from Lunduke "Journal"
Richard Stallman Was Also Right About Microsoft GitHub (It's Becoming a Botfarm)
trashing the platform
Democracy and Buzzwords
and hype
Five Years in Gemini Protocol
One might say we escaped to Geminispace 2 years before the deluge of slop on the Web
Keeping Up the Pressure on EPO Management
We want to thank our European readers who contacted their representatives
For New PCs and for Old (or Retro) PCs the Increased Cost of System Memory Benefits GNU/Linux and BSDs
GNU/Linux does not have this problem or barely has this problem
Gemini Links 10/12/2025: "Thousand Mile Journey" and The Art Of Chilling
Links for the day
Moving Away From Content Management Systems (CMSs) and Flocking to Static Site Generators (SSGs)
The SSG 'hype' is not based on marketing but a simple reality
IBM is Laying Off Workers in India (While Spending a Fortune Buying a Company for Buzzwords, a Box-Ticking Exercise)
So what is the overall strategy?
EPO People Power - Part II - Talking About Corruption
European media must "grow a pair" and start writing about EPO corruption
Just a Little Slop About "Linux"
Slop about Linux isn't that common anymore
Links 10/12/2025: McDonald’s Latest Slop Gaffe (After Dumping IBM's Slop) and "Scam Altman’s Panic Sweats"
Links for the day
Circular Funding
Passing around capital that does not exist (for PR's sake, but there are ramifications)
Links 10/12/2025: Ransomware (Windows TCO) Has Crippled Economies, Slop (Fake) "Videos Have Flooded Social (Control) Media"
Links for the day
Y Combinator (YC) Funds Scams, Run by Scammers
Including Scam Altman
EPO People Power - Part I - Identifying Corruption
The EPO, at this stage, is a boat full of holes
IBM Has Become a "Plantation"
IBM is basically being destroyed for some cash at this point
It's Not Too Late to Send an E-mail to Your European Representative Regarding European Patent Office Abuses
If you live in Europe and have not done so already, please contact your national delegates, whose job is (at least on paper) to represent you
Almost a Thousand EPO Workers Have Voted for Industrial Action
Mandate given to SUEPO for action plan to stop the salary erosion of EPO staff
Why So Many Software Projects Are Quitting Microsoft and GitHub
Be more like LibreWolf. Move away from Microsoft and GitHub.
Many of the Attacks on Us Apparently Boil Down to Jealousy
Envy is a negative trait that leads people to self harm
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 09, 2025
IRC logs for Tuesday, December 09, 2025
Valuing One's Work by the Effort or Budget Taken to Undermine It
As long as what we publish is factual, nothing prevents its publication
IBM Says It Buys Another Company for "AI", So Why Does IBM Fire Its Own "AI" Experts?
As people rightly point out, this has nothing to do with "AI"
The Boundaries of Criticism
The harder the EPO will push back, the better the job we must have done
New EPO Series: Mafia Culture, Mobbing, Nepotism, and Illegal Drugs
The series shall start later today
Richard Stallman Was Right About "AI"
"Considering Stallman worked in the MIT AI lab in the era of symbolic AI, and has written GCC (an optimizing compiler is a kind of symbolic reasoner imo), I think he has a deeper understanding of the question than most famous people in tech."
With 3 Weeks Left (Sans Extensions) the Free Software Foundation (FSF) Has Already Raised About Half of the Money Set as Fund-Raising Goal
“Idiots can be defeated but they never admit it.” — Richard Stallman
Gemini Links 10/12/2025: Cranberry Juice and Gramophones
Links for the day
IBM: We Lay Off Tens of Thousands of People the Very Same Week We Spend 11 Billion Dollars (Debt) on "AI" Fantasies, Hiring About 8,000 People at Cost of 1.3+ Million Dollars Per Employee
Seems like IBM is run by fools
Google Still Promotes Plagiarism From WebProNews and Prolific Slopfarms
Google News seems lost and hopeless sometimes
Links 09/12/2025: Tariffs Causing Great Harm and "How to Leave the U.S.A."
Links for the day
Links 09/12/2025: "After the Bubble" (of Slop), "The Internet Forgets"
Links for the day
Gemini Links 09/12/2025: Lunar Observations and Programming
Links for the day
Linux Foundation Has Found a New Business: Pyramid Schemes
Linus Torvalds should have known better
They Won't Tell You This ("Revolution Won't Be Televised"), But the Slop Bubble Already Burst
We already wrote about it twice this morning
UbuntuPIT Started Experimenting With LLM Slop and a Month Ago It 'Died'
This is the typical trajectory of slopfarms
LibreWolf Will Turn Six in March, It Already (Probably) Has Millions of Users
It's not possible to know the number of users LibreWolf has
The Year of the New Dark Age
Something isn't right
Slopwatch May be Doomed
Slop isn't changing the world, certainly not in a good way anyway
BetaNews Still a Dodgy Site, It Seems to be Partly Run by Chatbots
The company that took over apparently tries to "monetise" the domain with slop
Tomorrow the EPO Administrative Council is Meeting to Discuss the EPO, Contact Your National Representative Today
Final versions of the EPO Administrative Council photo gallery
IBM's Total Debt is About to Hit Almost 80 Billion Dollars, the Company Can Only Raise $14.8 Billion Within 3 Months
Route towards insolvency, not just irrelevancy
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 08, 2025
IRC logs for Monday, December 08, 2025