Bonum Certa Men Certa

The Microsoft Botnet Goes Bonkers and ATMs Running Windows Spew Out Cash

"Mission-critical" and "Windows" are not possible to mention in the same sentence

Manchester Airport



Summary: The terrible security (by design) of Microsoft Windows is causing all sorts of very serious and collectively expensive issues

NOW that Rianne and I are back from vacation (Manchester Airport is shown above) we are amused to see even Dan Goodin, a selective basher of Free software, covering this latest blunder from Microsoft (affecting Vista 7). Sosumi dropped this pointer last night in the #techrights IRC channel and since then the word has been spreading rather quickly. Dan Goodin finally writes about the Microsoft Windows botnet (Windows Update, for a change) and Microsoft rushes to do 'damage control' by going after journalists. To quote Goodin:



"Microsoft said a highly suspicious Windows update that was delivered to customers around the world was the result of a test that wasn't correctly implemented.

"We incorrectly published a test update and are in the process of removing it," a Microsoft spokesperson wrote in an e-mail to Ars. The message included no other information."

Yeah, whatever. It's hard to refute something like that, but it may as well be a lie. It would be hard to prove what actually happened unless someone from the inside (like a whistleblower) got contacted. It's all secretive and proprietary. Here is what the British media (Goodin's former employer) wrote: "The Register poked Microsoft about the issue, and a spokesman told us: "We incorrectly published a test update and are in the process of removing it."

"How that sort of thing happens, though, we're not totally clear on. The bizarre update has certainly confused a load of Windows users, who hit the support forums in search of answers.

"Beginning with Windows 10, Microsoft has begun touting a new strategy of "Windows as a service," where updates are continuous and automatic, and only enterprise customers are given the option of refusing them."

When the Microsoft botnet (commandeered by the NSA and not just Microsoft, which grants the NSA access) goes awry we should all be reminded of the importance of software freedom. Windows Update, with automatic invocation in particular, is a truly terrible thing (even in Free software). Not only state-sanction spies but crackers too can exploit it, through back doors for example.

The monopolist knows that people are increasingly worried about all this remote control-like functionality. Microsoft Peter now comments [1] on mass surveillance (even on keystrokes) in Vista 10 after Microsoft admitted that mass surveillance is very much intentional, not a glitch. People inside Microsoft told me that it's only getting worse (at development stages) and bound to get worse by the next release of Windows.

In other news, proprietary Windows and proprietary RAR now facilitate remote access by secret agencies (see this discussion). To quote Net Security: "A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed."

The press hardly covered this. Instead it got obsessed with "XOR DDOS". Weak passwords are to blame, not GNU/Linux, but all the headlines name "Linux". There are finally some decent articles about it, not FUD from Microsoft boosters and insecurity firms (looking to sell their services).

Another bit of FUD came from The Inquirer last week (mentioned in our daily links). The Inquirer changed the headline after falsely accusing/blaming Linux, merely because the acronym XFS was mentioned (purely Windows in this case, not related to the Linux file system). Here are some articles about it [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14]. In short, lots of ATMs are being exploited not because of Linux but because they don't use Linux. This is because of Windows. What kind of company STILL uses Windows in ATMs and banking in general? This is a platform of botnets and back doors, it's simply unfit for purpose. Guess who pays the price for clueless technologists who put Windows in banks (which can receive bailout from taxpayers)? Just imagine where we would be if airplanes ran Windows...

Related/contextual items from the news:


  1. Microsoft reaffirms privacy commitment, but Windows will keep collecting data
    The second category is personalization data, the things Windows—and especially Cortana—knows regarding what your handwriting looks like, what your voice sounds like, which sports teams you follow, and so on. Nothing is changing here. Microsoft says that users are in control, but our own testing suggests that the situation is murkier. Even when set to use the most private settings, there is unexpected communication between Windows 10 and Microsoft. We continue to advocate settings that are both clearer and stricter in their effect.




Comments

Recent Techrights' Posts

Techrights in 0.036 Seconds
Combining Gemini and HTTP/S, yesterday we served an impressive number of requests
BetaNews Run by Plagiarism Bots That Googlebomb (for SEO) "Linux"
Google rewards and thus encourages plagiarism
IBM Titles Considered Worthless and Many IBM 'Fellows' Are Vanishing (Also: IBM Staff Inside Linux Attacks the Rights of Computer Users for Recognition or Rewards Like "Distinguished Engineer")
James Bottomley is still "a Distinguished Engineer at IBM"
CDN Giant: Microsoft Bing and Skype Collapsed Since the LLM Hype, Same as Other Metrics Show
No wonder Microsoft managers suffer anxiety and there are several waves of layoffs even on the same month
Links 23/01/2025: More Overt Constitutional Violations and "TikTok Executive Order" (White Flag to CCP)
Links for the day
 
Robbery at the European Patent Office (EPO), Office Staff as 'Prisoners'
publication from the Central Staff Committee, dated yesterday
Microsoft, IBM, and Front Groups That Advance Racism for Profit
IBM has profited a lot from racism and it still does
FOSDEM and 'No Nazis'
the issue isn't wealth but principles
Gemini Links 24/01/2025: "Social" Control Media is Unsatisfying; An Old Call for a Gemini Without TLS
Links for the day
[Meme] Levels of Outrage
Apparently it's hip for criminals to leverage "the law" to silence their exposers
Links 24/01/2025: Earthquake, Landslide, and Official Implicated in Airplane With Landing Gear Issues (Boeing Plane) "Found Dead"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 23, 2025
IRC logs for Thursday, January 23, 2025
Gemini Links 23/01/2025: Experience With Outer Wilds and Gifting a Site
Links for the day
Slopwatch: Fake 'Articles' About Linux by Brian Fagioli and by Brittany Day in BetaNews and linuxsecurity.com (LLM Slop Sites That Are Online Leeches or SEO Operations Working Against Free Software Journalism)
Two new examples for today
Status of New Year's Resolutions
3 weeks later
"The AI Bubble is Popping", Now It's Bailout Time
The hype will quietly fizzle, just like "blockchains"
[Meme] When the Government of the Netherlands Participates in Your Crimes It Lacks an Incentive to Hold You Accountable for Crimes
the EPO's corrupt management boasted (on television) that it would ignore rulings against it even if issued by the highest Dutch court
Links 23/01/2025: US Constitution Already Besieged (Impeachable Offences Pile Up), Arrest Warrant for Assad
Links for the day
Microsoft's Head of Business Development Quits (Days After Two Large Waves of Mass Layoffs)
We recently learned that people close to the management are very stressed this month
[Meme] Reliable Sources
Sooner or later LLMs swallow up their own lies (that they generated), which means that over time those things will only deteriorate further, exacerbating an already-large misinformation pandemic
BetaNews Plagiarising Work in the Linux Space
The originals won't even be listed
Gemini Links 23/01/2025: US Politics and DevOps Career
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 22, 2025
IRC logs for Wednesday, January 22, 2025
Links 22/01/2025: Jeju Air Blame-Shifting (Talk to the Wall), Copyright Maximalism Rebounds
Links for the day
[Meme] The 'Garbage in, Garbage Out' Patent Office
"law of the buzzword"
Clueless and Nontechnical EPO Management Uses the 'Great Scam' (Hey Hi Hype) to Justify Automation Where It's Both Detrimental and Illegal
The EPC has been practically set aflame; thus, the EPO has no legitimacy or reason to exist anymore
Links 22/01/2025: Democratising Tech Initiative and "Bye Bye Meta"
Links for the day
The Japanese translation of the term "free software"
by Akira Urushibata
Links 22/01/2025: "The AI Bubble Is Bursting" and Microsoft's Scam Altman is Already Looking for De Facto Bailout From the Insurrectionist
Links for the day
Dr. Andy Farnell's Latest Article About Software Freedom and Richard Stallman
why Dr. Stallman is being picked on
Geminispace (Gemini Protocol) Offers an Escape From Social Control Networks Owned by Oligarchs and Governments
Gemini capsules that promote fascism and retreat to feudalism are rare and scarce
The Free Software Foundation (FSF) Has Formally Added an Outreach and Communications Coordinator
Maybe the addition happened last year (we mentioned it in passing), but now it's in the "rota"
Electronic Frontier Foundation: Fighting 'for the Poor and Powerless' While Taking Home $336,000 in Annual Salary
nowadays works for or serves not the interests of the masses
Of Note: The Misguided, Infiltrated, Weakened Electronic Frontier Foundation (EFF) Now Operating at a Loss of Over a Million Dollars
Worst since the COVID-19 lockdowns
Free Software Foundation's Miriam Bastian: We Surpassed Our Year-end Goal of $400,000 USD Thanks to You!
Miriam Bastian: We surpassed our year-end goal of $400,000 USD!
[Meme] Omit Microsoft When It's a Scandal or a Breach, Whereupon It Becomes Just an 'IT Company'
Microsoft is like a cult. Members of this cult promote the opposite of security, expecting to be financially rewarded for it.
Calling Out Windows (TCO) is Apparently Impermissible in Some News Sites
The online news sites are failing us (and corporate sponsors play a role)
Richard Stallman's Remarks on His Pain
Published two days ago
Focusing on the Issues
we'll do our best to find the news and not talk about "Mr. T"
Only About 3.6% of Web Users in Pakistan Use Vista 11, According to statCounter
It's not hard to see why so far in 2025 Microsoft has already had several waves of mass layoffs - more than any other company
Rumour: In IBM, Impending "25% Reduction in Finance Roles"
25% to be laid off?
[Meme] Fake Articles From linuxsecurity.com (Just Googlebombing "Linux" With LLM Slop)
Google should really just entirely delist that site
RedHat.com Written by Microsoft Staff, Promoting Microsoft' Proprietary Software That Does Not Even Run on Linux!
This is RedHat.com this week...
Links 22/01/2025: Mass Layoffs at Stripe, Microsoft's Illegal Accounting Practices Under Scrutiny
Links for the day
Fake 'Article' by Brittany Day (Guardian Digital, Inc) About Linux Mint 22.1 'Xia'
Apparently they've convinced themselves that this is OK
Red Hat Dumps "Inclusive Language", Puts "Master" In Official Communications and Headlines
Red Hat: you CANNOT say "master" (because it is racist). Also Red Hat: we put in it our headlines.
Red Hat Offers DRM, TPM, and Backed Doored 'Confidential' Containers (CoCo) for Microsoft (Proprietary Spyware)
No kidding!
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 21, 2025
IRC logs for Tuesday, January 21, 2025