Bonum Certa Men Certa

MSBBC Cracked, Canadian Government Cracked, Microsoft Blames Users, and .NET-based Aviation System Crashes

When system crashes can lead to plane crashes

Aeroplane



Summary: Another atrocious week for Microsoft's security and reliability record

"Thanks to Windows’ built-in insecurity, its easy to create huge Windows botnets," wrote the honourable SJVN a few days ago. It is widely recognised that Microsoft is largely responsible for many of Windows' security failings, but Microsoft pressures journalists not to call out Windows using techniques that we covered here before.



MSBBC's music sites have just been cracked and they turned hostile towards site visitors who use Windows. As the report puts it, "other top name insecurity vendors like Sophos, McAfee and even Microsoft's anti-virus tools didn't register the hack at all. That is an appalling detection rate from both free and paid-for anti-virus kits and, as of yesterday, Websense reckoned the anti-virus toolkits were still vulnerable." This is just a Windows problem and someone who informed us that the Canadian government had just been cracked too says that 99% of the systems there run Windows (we cannot verify this claim, but if anyone can, please leave a comment).

It is unclear whether the attackers managed to compromise other departmental computer networks, including those that contain Canadians’ sensitive personal information such as tax and health records.

Once the attack was detected, government cybersecurity officials immediately shut down all internet access in both departments in an attempt to stop stolen information from being sent back to the hackers over the net.


It is obvious what's happening here. A suicidal dependence on poor systems (such as Windows) is a crucial factor that can easily affect national security or suspend emergency services like dispatch of ambulances. The latter new example speaks of Windows viruses leading to a likely loss of lives (although disruption to service is denied by the face-saving officials). What is Microsoft's response to all of this? As we noted yesterday, the company's lobbyist from the government [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13] is trying to blame the users and there are strong responses to it again, such as:

Microsoft Vice President Scott Charney, a longtime advocate of a coordinated approach to cybersecurity, describes a vision of Internet health:
"We broke Windows. It's your problem now."

At least, that's how I interpret his comments. Charney wants to have users pass a kind of "health test" for their computer before they can use web services.

"Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats," he said.

Charney uses a public health model to support his new idea. Basically, in order to access web services (say, your bank - or cloud services, maybe even social networking like Facebook) you first need to let the provider run their virus check on your computer. Intrusive? I think so. Would you let a web site run their code (virus scan) on your machine before you are allowed to use their web application? I think I smell more malware coming.


Charney's appalling remarks are also mentioned by Lia Timson at ITWire and Lia's colleague Sam Varghese, who writes:

Passing the buck is a game at which Microsoft is adept. In the computer security industry, one needs to have tons of chutzpah to hold others responsible for one's own security stuff-ups.

The good folk at Redmond possess this quality in spades.

Probably the best example of chutzpah that I can recall came from a young Bill Gates many years ago when the company was getting off the starting blocks. As Paul Allen, the other co-founder, had also taken up a job as head of software at MITs, the maker of the Altair, Gates argued that since he was working for Microsoft only and Allen was dividing his time, he (Gates) should have 64 percent of the founders' shares and Allen should only get 36 percent.

Shortly after the division was done this way, young Bill went to MITs founder Ed Roberts and got a job there as well, for $US10 an hour. Microsoft's culture has always been defined by Gates.

Scott Charney's comments at the ongoing RSA conference are a good example of the blithe manner in which Microsoft tries to force the rest of the world to carry the can for the abysmal security of its products.

The monoculture otherwise known as Windows is in the main responsible for the plethora of viruses, worms, malware, scumware and other such $wares that plague the internet. DDoS attacks come, more often than not, from armies of Windows machines grouped in a botnet.

Sure, there are other operating systems involved too but they are in a minority. A very small minority. Windows is the main problem and everyone, his/her dog, his/her cat and his/her goldfish is aware of that.


Dr. Glyn Moody links to the article "Microsoft has a change of heart on how to keep Internet safe" and he adds: "or how about if Microsoft just wrote some decent code?"

"Will Virgin do the same thing as LSE following this daunting incident?"Yes, journalists too recognise that this is Microsoft's fault, as stated at the beginning. The gullible, weak ones just bend to Microsoft PR agents and deceive the public about it. These are the sorts of people who do the scaremongering regarding "cyber war" so that companies like Microsoft and suppressive regimes can find good excuses for taking more control over people's computers, spying on PCs of Windows users for example.

There is another timely example of the failed design of Microsoft software. It's a major .NET failure just like the ones in LSE (a former Microsoft poster child). Not so long ago it turned out that a plane crash had been caused by Windows malware (with Microsoft boosters blaming IBM in vain [1, 2]) and amid other plane crashes and downtimes in airports [1, 2] it became evident that Microsoft belongs nowhere near aviation. Virgin made the mistake of going with Microsoft and watch what happens:

This latest computer crash, which looks to be as serious as the 2010 fiasco, will place more question marks around the integrity and robustness of the .NET based Navitaire New Skies system which claims to be able to handle load spikes and scale easily as passenger volumes increase.

The crash also raises questions about the level of redundancy built into Navitaire, which is supposed to provide back-up systems in the event of failure.


Will Virgin do the same thing as LSE following this daunting incident?

Comments

Recent Techrights' Posts

[Meme] Not About How Many Locks One Adds
Some people try to point their fingers in all the wrong directions now that a new patch is available for rsync
Total Lock-down Ambitions - Part I - DRM and TPM Need Not be the Future of Computing, There's Another Way
Who is being restricted? Us, the users.
New Upcoming Series About DRM and TPM
We'll do our best to name and explain some of the alternatives that are still available
More Microsoft Cuts and Layoffs (Microsoft Media Mole Jordan Novet Tries to Float "Hiring Freezes" Spin After the "Headcount" Spin Failed)
As one might expect...
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 15, 2025
IRC logs for Wednesday, January 15, 2025
If You See Many Microsoft Puff Pieces That All Say More or Less the Same, Consider the Possibility That Microsoft LLMs 'Wrote' Those
There are also many phantom fake 'reports' about Microsoft in relation to some "hey hi" (AI) things
[Meme] The Crybully
Crybullies shrug
IRC Logs Complete in Geminispace (Even in GemText Format!)
We still envision ourselves - a community of justice-seeking enthusiasts - as a multi-protocol platform, not just some ordinary Web site
It Was Only a Matter of Time
We're going to pursue justice
[Meme] "Well, He’s Dead So," Bill Gates Tells the Media (Which He Pays) About His Close Friend Jeffrey Epstein
Does the police in San Francisco cover up crimes instead of solving them?
The Rumour Was Right, Today is the Second Large Wave of Microsoft Layoffs in 2025
It has only been two weeks since the year began
The Free Software Foundation (FSF) Has Had a Good 2025 Already (Its "Year 40")
FSF will reach $400,000
Computer Users Aren't Zoo Animals
Animals don't belong inside cages in zoos, either
[Meme] His Existence is Proof It's Not Infeasible
We salute the FSF's original mission
Links 15/01/2025: Efforts to End Wars and 'Newsflation'
Links for the day
Gemini Links 15/01/2025: Abandoning Windows for GNU/Linux, SIS Progress Update
Links for the day
Links 15/01/2025: Social Control Media Spreading Lies, TikTok Banned in 4 Days
Links for the day
Microsoft Breaks Linux Again
Does it even care? It's selling Windows.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 14, 2025
IRC logs for Tuesday, January 14, 2025
Links 14/01/2025: Vaccination Hesitancy Problems and Kangaroo Courts (UPC)
Links for the day
Gemini Links 14/01/2025: Introduction to GrapheneOS and Small Internet
Links for the day
Dr. Miriam Bastian From the Free Software Foundation (FSF) Gives a Talk in a Couple of Weeks at FOSDEM (Brussels, Belgium)
It's good to see people from all around the world and with very different backgrounds united around digital philosophy
Andy Farnell on Eating Your Own Dog Food
focuses on security but goes beyond that
EPO Uses the Misnomer "AI" to Attack Software Developers in Europe
The EPO is nowadays a huge pile of crimes
The European Patent Office’s (EPO) Communication on "Reform" is "Incomplete and Misleading," Says the Central Staff Committee at the EPO
This puts Europe at risk and makes it more vulnerable
[Meme] How to Lose Social Life (While Pretending to Still Have It)
Talk to people, not to microphones
Android (or AOSP) is More Free Than iOS, Both in Practice (as OEM Bundles) Both Are User-Hostile
In a perfect world, people would choose and deploy software that is entirely made up of reciprocally-licensed bits
Neuroscience of Consciousness Paper: Why Social Control Media and Proprietary Spyware Harm Your Health
"Software Freedom turns out to be good for your health"
Access to the Source Code of the Programs You're Using Matters (Even If You're Not a Coder and Cannot Fix Bugs)
Companies like Microsoft tell us that full access to all the code isn't important
Guardian Digital (linuxsecurity.com) Publishes Fake Articles About Linux and About (for) 'Linux' Foundation Openwashing
Brittany Day is at it again
Links 14/01/2025: LA Crisis and EU, UK Respond to "X.com" Threat From South African Oligarch
Links for the day
The Word About the Upcoming Talk by Richard Stallman - Scheduled for Friday This Week - Has Spread ("The Cost of Freedom," Lausanne, Switzerland)
So the word is spreading
"AI Music" is Not Music and It's Hardly "AI" Either
Synthetic garbage is a solution in search of a problem
Webspam in BetaNews
Not only is it marketing SPAM
[Meme] 13 Years a Slave of Microsoft
Might makes right?
Gemini Links 14/01/2025: The Gemtext Print Hurdle and New Game: Fill!
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, January 13, 2025
IRC logs for Monday, January 13, 2025