Bonum Certa Men Certa
Links 11/2/2015: First Ubuntu Phone on Sale Today, Tizen 2.3 Source Code Released | Microsoft's Mole Strategy Against Free Software Spreads OOXML, Surveillance, Other Malice to the Real, Potent Alternatives

Microsoft Back Door in Windows (All Versions) Intentionally Left Open For Over a Year, Existed for 15 Years

Summary: It has become more obvious that Windows back doors are there by design (or knowingly left there by intention) even after Snowden's NSA leaks

THERE ARE SOME corporate media reports about Microsoft patches, but few realise the significance of it. Microsoft tells the NSA about unpatched holes in Windows and other Microsoft software, which is the equivalent of giving the NSA back door access.



As we noted some weeks ago, evidence shows that Microsoft doesn't care about security and it is evidently the same with Apple. They both sat on known flaws that were critical for longer than 3 months, refusing to patch them. Both proprietary software companies, which together command the lion's share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).

"Both proprietary software companies, which together command the lion's share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known)."Dan Goodin, who typically spends his 'journalism' career bashing Free software over security, has finally decided to shift some focus and write about a massive Windows flaw. It's a major one, no doubt; But no name, no "branding"...

In Goodin's own words:

Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.

The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines.


The significant part is in the second paragraph above ("took Microsoft more than 12 months to fix"). We can interpret that as saying that the hole, which NSA used for over a year for back door access (because Mirosoft told the NSA about it), is finally being acknowledged to the public. Therein lies the 'magic' of proprietary software. Is the NSA now 'done' cracking all the world's networks that have Windows in them? Is it now 'safe' to finally close this back door?

Microsoft Windows is an utter joke when it comes to security, as Microsoft's own actions serve to show. Back doors surely look like the goal, not an error. Windows was recently used to crack Sony years after the NSA had cracked North Korea's network. Those who knowingly used an operating system with back doors can't blame anyone other than themselves and perhaps Microsoft/NSA. Misplaced blame these days typically names China, Russia, or North Korea.

Remember that Microsoft leaves security holes open/in fact anyway, no matter if versions of Windows are supported or not (upgrades are neither simple nor free). As Goodin's former employer puts it:

What happens six months from now, on 14 July? That's the date Microsoft issues its last security fix ever for Window Server 2003 – the end of extended support from the server operating system's maker.


The article states that many servers will basically be left with permanent back doors. Many of them contain customers' (or patients') data.

As Robert Pogson put it, "Server 2003, which is due to go without support this summer won’t be fixed for a recent Patch Tuesday revelation of a vulnerability built-in by design a decade ago and impossible to fix without breaking everything…"

He concludes correctly: "Maybe it’s time people switched to GNU/Linux, an operating system not designed by salesmen. It’s not perfect but at least the bugs are fixable."

Yes, even bugs with special names, logos, and "branding" -- those that the corporate media loves to hype up.
Links 11/2/2015: First Ubuntu Phone on Sale Today, Tizen 2.3 Source Code Released | Microsoft's Mole Strategy Against Free Software Spreads OOXML, Surveillance, Other Malice to the Real, Potent Alternatives

Recent Techrights' Posts

Is Ubuntu Compromised? Push Away From GNU and GPL Led by Army Officers.
Perhaps people should ask Canonical what the thinking behind it was...
Phoronix Seems to be Trying to Kill Discussion About "Asahi Lina" and the Anti-Torvalds Brigade
Our informed guess is that by reporting this news Phoronix got caught up in flamewars that divide and fracture the community
Facts on the Case Already Disclosed by US Authorities
NGOs in the UK (several keep abreast of this, judging every recent move) are truly unimpressed
The Times Group (and The Times of India) Basically Died Again
This time a death by LLM slop/plagiarism
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 19, 2025
IRC logs for Wednesday, March 19, 2025
Debian Pregnancy Cluster, when I stopped using IRC
Reprinted with permission from Daniel Pocock
Mass Layoffs at IBM Confirmed
Thousands believed to have been laid off
Slopwatch: linuxsecurity.com, cybersecuritynews.com, gbhackers.com, and techmonitor.ai (Fake 'Articles' About "Linux")
Almost all of them (75%) show up in Google News
Gemini Links 19/03/2025: go-gopherproxy and 'Small Web' as Self-expression
Links for the day
Links 19/03/2025: Attention's Cost and Media Still Besieged by Dictatorships
Links for the day
Claiming to Love What You Reject or Seek to Totally Own, Control
The Russia analogy is political
LinuxTechLab Became Just LLM Slop and SPAM
Another dead (former "Linux") site
The Rust Song
It's about control
The Death of The Economic Times (India Times): LLM Slop Presented as 'Articles', Containing Errors and Revisionism
They'd be better off shutting down operations with some dignity than resort to bots giving the false impression (illusion) of authorship
In Belgium, Android is Finally Measured as Bigger Than Windows
In Belgium, the lobbying capital of Microsoft, it wasn't easy to get there
"Rust People" Are a Threat to BSD Too (the Licence Isn't the Main Issue, Nor is the Proprietary Microsoft Hosting)
BSDs aren't written in Rust, so BSD developers should buckle up
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 18, 2025
IRC logs for Tuesday, March 18, 2025
Sami Tikkanen Explains Rust Language and Its Goals
"Sompi" (the nickname of Sami Tikkanen) has weighed in
Links 19/03/2025: Gardening Season and the Web Without an Audience
Links for the day
Mauritius: Windows at All-Time Low, Down From 96% to 17%
Put in simple terms, people choose to connect from the "phone" (running Linux), not some laptop running Windows
Many IBM Layoffs Reported Today in Europe and North America
there's definitely a lot going on today
The GNU Manifesto is 40. Here's the Original Print (1985).
Some unpleasant people want to replace GNU with Microsoft-controlled (GitHub) Rust copycats
Unixmen Seems to Have Died After Turning Into a Slopfarm and Spamfarm, Is LinuxSecurity.com Next?
Better to not publish anything at all than to resort to fake garbage.
What Happened to the Open Source Initiative (OSI) Elections: More People Begin to Speak Out
Kuhn set another bonfire ablaze
Links 18/03/2025: ‘Meritless’ Defamation Suit Thrown Out, InterDigital Software Patents Headed for the Bin Too
Links for the day
These Strange Web Statistics From The Bahamas Show Windows Falling From 93% to Less Than 5%
There are about half a million there
Gemini Links 18/03/2025: Weather and Resisting "MAGA"
Links for the day
Links 18/03/2025: New Apple Blunders and Windows Disliked by Users
Links for the day
Once Again 'Losing Track' of Who the Clients Are, The Serial Harasser and Strangler from Microsoft
Timing is everything
2025 Rumours of IBM Layoffs in Marketing Likely True, Online Powwow Drops More Clues
Expect over 10,000 layoffs this year (at IBM alone)
Android (With Linux) Rises to Record Highs in Hong Kong and in Macao
Looking quite bad for Microsoft
Distractions. Distractions Everywhere.
distracting from the real solution
EPO Concerns About the Education and Childcare Allowance Reform (ECAR) and School Liaison Officer (SLO)
The public deserves to know as it impacts thousands of families
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 17, 2025
IRC logs for Monday, March 17, 2025