Bonum Certa Men Certa

MSBBC Cracked, Canadian Government Cracked, Microsoft Blames Users, and .NET-based Aviation System Crashes

When system crashes can lead to plane crashes

Aeroplane



Summary: Another atrocious week for Microsoft's security and reliability record

"Thanks to Windows’ built-in insecurity, its easy to create huge Windows botnets," wrote the honourable SJVN a few days ago. It is widely recognised that Microsoft is largely responsible for many of Windows' security failings, but Microsoft pressures journalists not to call out Windows using techniques that we covered here before.



MSBBC's music sites have just been cracked and they turned hostile towards site visitors who use Windows. As the report puts it, "other top name insecurity vendors like Sophos, McAfee and even Microsoft's anti-virus tools didn't register the hack at all. That is an appalling detection rate from both free and paid-for anti-virus kits and, as of yesterday, Websense reckoned the anti-virus toolkits were still vulnerable." This is just a Windows problem and someone who informed us that the Canadian government had just been cracked too says that 99% of the systems there run Windows (we cannot verify this claim, but if anyone can, please leave a comment).

It is unclear whether the attackers managed to compromise other departmental computer networks, including those that contain Canadians’ sensitive personal information such as tax and health records.

Once the attack was detected, government cybersecurity officials immediately shut down all internet access in both departments in an attempt to stop stolen information from being sent back to the hackers over the net.


It is obvious what's happening here. A suicidal dependence on poor systems (such as Windows) is a crucial factor that can easily affect national security or suspend emergency services like dispatch of ambulances. The latter new example speaks of Windows viruses leading to a likely loss of lives (although disruption to service is denied by the face-saving officials). What is Microsoft's response to all of this? As we noted yesterday, the company's lobbyist from the government [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13] is trying to blame the users and there are strong responses to it again, such as:

Microsoft Vice President Scott Charney, a longtime advocate of a coordinated approach to cybersecurity, describes a vision of Internet health:
"We broke Windows. It's your problem now."

At least, that's how I interpret his comments. Charney wants to have users pass a kind of "health test" for their computer before they can use web services.

"Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats," he said.

Charney uses a public health model to support his new idea. Basically, in order to access web services (say, your bank - or cloud services, maybe even social networking like Facebook) you first need to let the provider run their virus check on your computer. Intrusive? I think so. Would you let a web site run their code (virus scan) on your machine before you are allowed to use their web application? I think I smell more malware coming.


Charney's appalling remarks are also mentioned by Lia Timson at ITWire and Lia's colleague Sam Varghese, who writes:

Passing the buck is a game at which Microsoft is adept. In the computer security industry, one needs to have tons of chutzpah to hold others responsible for one's own security stuff-ups.

The good folk at Redmond possess this quality in spades.

Probably the best example of chutzpah that I can recall came from a young Bill Gates many years ago when the company was getting off the starting blocks. As Paul Allen, the other co-founder, had also taken up a job as head of software at MITs, the maker of the Altair, Gates argued that since he was working for Microsoft only and Allen was dividing his time, he (Gates) should have 64 percent of the founders' shares and Allen should only get 36 percent.

Shortly after the division was done this way, young Bill went to MITs founder Ed Roberts and got a job there as well, for $US10 an hour. Microsoft's culture has always been defined by Gates.

Scott Charney's comments at the ongoing RSA conference are a good example of the blithe manner in which Microsoft tries to force the rest of the world to carry the can for the abysmal security of its products.

The monoculture otherwise known as Windows is in the main responsible for the plethora of viruses, worms, malware, scumware and other such $wares that plague the internet. DDoS attacks come, more often than not, from armies of Windows machines grouped in a botnet.

Sure, there are other operating systems involved too but they are in a minority. A very small minority. Windows is the main problem and everyone, his/her dog, his/her cat and his/her goldfish is aware of that.


Dr. Glyn Moody links to the article "Microsoft has a change of heart on how to keep Internet safe" and he adds: "or how about if Microsoft just wrote some decent code?"

"Will Virgin do the same thing as LSE following this daunting incident?"Yes, journalists too recognise that this is Microsoft's fault, as stated at the beginning. The gullible, weak ones just bend to Microsoft PR agents and deceive the public about it. These are the sorts of people who do the scaremongering regarding "cyber war" so that companies like Microsoft and suppressive regimes can find good excuses for taking more control over people's computers, spying on PCs of Windows users for example.

There is another timely example of the failed design of Microsoft software. It's a major .NET failure just like the ones in LSE (a former Microsoft poster child). Not so long ago it turned out that a plane crash had been caused by Windows malware (with Microsoft boosters blaming IBM in vain [1, 2]) and amid other plane crashes and downtimes in airports [1, 2] it became evident that Microsoft belongs nowhere near aviation. Virgin made the mistake of going with Microsoft and watch what happens:

This latest computer crash, which looks to be as serious as the 2010 fiasco, will place more question marks around the integrity and robustness of the .NET based Navitaire New Skies system which claims to be able to handle load spikes and scale easily as passenger volumes increase.

The crash also raises questions about the level of redundancy built into Navitaire, which is supposed to provide back-up systems in the event of failure.


Will Virgin do the same thing as LSE following this daunting incident?

Comments

Recent Techrights' Posts

Why We're Revealing the Ugly Story of What Happened at Libre-SOC
Aside from the fact that some details are public already
Why Virtually All the Wikileaks Copycats, Forks, and Rivals Basically Perished
Cryptome is like the "grandpa" of them all
 
Gemini Now 70 Capsules Short of 4,000 and Let's Encrypt Sinks Below 100 (Capsules) as Self-Signed Leaps to 91%
The "gopher with encryption" protocol is getting more widely used and more independent from GAFAM
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 24, 2024
IRC logs for Wednesday, July 24, 2024
Techrights Statement on YouTube
YouTube is a dying platform
[Video] Julian Assange on the Right to Know
Publishing facts is spun as "espionage" by the US government and "treason" by the Russian government, to give two notable examples
Links 25/07/2024: Tesla's 45% Profit Drop, Humble Games Employees All Laid Off
Links for the day
Gemini Links 25/07/2024: Losing Grip and collapseOS
Links for the day
LWN (Earlier This Week) is GAFAM Openwashing Amplified
Such propaganda and openwashing make one wonder...
Open Source Initiative (OSI) Blog: Microsoft Operatives Promoting Proprietary Software for Microsoft
This is corruption
Libre-SOC Insiders Explain How Libre-SOC and Funding for Libre-SOC (From NLNet) Got 'Hijacked' or Seized
One worked alongside my colleagues and I in 2011
Removing the Lid Off of 'Cancel Culture' (in Tech) and Shutting It Down by Illuminating the Tactics and Key Perpetrators
Corporate militants disguised as "good manners"
FSF, Which Pioneered GNU/Linux Development, Needs 32 More New Members in 2.5 Days
To meet the goal of a roughly month-long campaign
Lupa Statistics, Based on Crawling Geminispace, Will Soon Exceed Scope of 4,000 Capsules
Capsules or unique capsules or online capsules are in the thousands and growing
Links 24/07/2024: Many New Attacks on Journalists, "Private Companies Own The Law"
Links for the day
Gemini Links 24/07/2024: Face à Gaïa, Emacs Timers for Weekly Event, Chromebook Survives Water Torture
Links for the day
A Total Lack of Transparency: Open and Free Technology Community (OFTC) Fails to Explain Why Over 60% of Users Are Gone (Since a Week Ago)
IRC giants have fallen
In the United Kingdom Google Search Rises to All-Time High, Microsoft Fell Nearly 1.5% Since the LLM Hype Began
Microsoft is going to need actual products or it will gradually vanish from the market
Trying to Put Out the Fire at Microsoft
Microsoft is drowning in debt while laying off loads of staff, hoping it can turn things around
GNU/Linux Growing at Vista 11's Expense
it's tempting to deduce many people who got PCs with Vista 11 preinstalled are deleting it, only to replace it with GNU/Linux
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 23, 2024
IRC logs for Tuesday, July 23, 2024
[Meme] Was He So Productive He Had to be Expelled Somehow? (After He Was Elected and Had Given Many Years of Work to Earn a Board Seat)
Things like these seem to lessen the incentive to devote one's life to Free software projects
GNOME Foundation is Causing Itself More Embarrassment With Secrecy Than With Full Transparency
It also arouses suspicion and hostility towards Codes of Conduct, which gave rise to 'secret courts' governed by large corporations
Links 23/07/2024: NetherRealm Layoffs and Illegitimate Patent 'Courts' (Illegal)
Links for the day
Gemini Links 23/07/2024: AM Radio, ngIRCd, and Munin
Links for the day
A Lot of GNU/Linux Growth on the Client Side is Owing to India (Where GNU/Linux Has Reached 16%)
A lot of this happened in recent years
Insulting Free Software Users in Social Control Media (Proprietary, Bloated With Opaque JavaScript) is Like Insulting Amish on TV
Why bother? Don't take the bait.
When Wikileaks Sources Were Actually Murdered and Wikileaks Was Still a Wiki
when Wikileaks was a young site and still an actual wiki
statCounter: Dutch GNU/Linux Usage Surged 1% in Summer
Microsoft is running out of things to actually sell
Microsoft's "Results" Next Week Will be Ugly (But It'll Lie About Them, as Usual)
Where can Microsoft find income rather than losses as its debt continues to grow and layoffs accelerate?
Julian Assange is Still Being Dehumanised in Media Whose Owners Wikileaks Berated (With Underlying Facts or Leaks)
Wikileaks and Free software aren't the same thing. Nevertheless, the tactics used to infiltrate or discredit both ought to be understood.
A Month Later
We're optimistic on many fronts
Links 23/07/2024: Downsizing and Microsoft and Still Damage Control
Links for the day
Gemini Links 23/07/2024: Friends and Solitaire
Links for the day
Why the Media is Dying (It Sucks, No Mentally Healthy People Will Tolerate This for Long)
linking to actual news articles helps fuel the spam, too
Censorship in Eklektix's Linux Weekly News (LWN)
Medieval system of speech, where the monarchs (Linux Foundation) dictate what's permissible to say
10 Years of In-Depth EPO Coverage at Techrights (Many Others Have Abandoned the Topic)
Listen to staff
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 22, 2024
IRC logs for Monday, July 22, 2024