Bonum Certa Men Certa

More Back Doors Found in Microsoft's Entrapments (Proprietary Software)

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive



Urbis
Windows are famously easy to smash



Summary: Security flaws and even blatantly obvious loopholes for surveillance are identified in several of Microsoft's so-called 'products', which turn users (and their data) into the real product (to be sold to private companies or shared with spies)

THOSE who pay close attention to the news (as we typically do) have lost count of the number of Microsoft back doors, affecting a large number of products and vast number of people. The whole spectrum of application has a plethora of ways to take over PCs and intercept messages. That's not even an accident.



Neel Gupta wrote a month ago about Microsoft and the NSA, including the way this relates to UEFI (remote takeover at hardware level, aided by secret software and keys). Gupta wrote: "As Microsoft Windows has already lost this 'trust' through Spams, Blackmails, _NSAKEY, and not fixing critical bugs. So Microsoft changed it's definition of 'trust' in computing: devices with dedicated microprocessor designed to secure the hardware against consumers, and only allow software signed(authorized) by the device manufacturer to run on the device."

"There is not even a denial that there are back doors and wiretapping (without warrant). They just excuse themselves by saying "law enforcement"."Curiously enough, based on [1] (below), Microsoft continues to expose users on the Web, making its use of HTTPS a total sham, almost definitely by design (and intention). When users go to Outlook to read their E-mails things get even worse [2,3]. "Backdoor in Outlook Web Application operates inside target's firewall," to quote a Microsoft-friendly writer/publication.

Microsoft 'privacy' is a lie, as software like Skype serves to demonstrate. There is not even a denial that there are back doors and wiretapping (without warrant). They just excuse themselves by saying "law enforcement". The FBI never complains about encryption in Microsoft or Windows because there is none that's truly effective.

Don't believe what the media is saying right now about Vista 10 figures (e.g. number of devices or users) because these are lies, as we explained last week (many who tried Vista 10 moved away from it afterwards).

As Gupta's SAP blog concludes: "Note that Windows XP, Vista, 7, and 8 are all going down. With the exodus from Windows, if we as SAP don't create solutions on Linux and Mac/iOS, we will loose customers to those who do."

Related/contextual items from the news:



  1. Microsoft sites expose visitors’ profile info in plain text
    If you think using secure HTTP would be enough to protect your privacy when checking webmail, think again. When users connect to their Microsoft user account page, Outlook.com, or OneDrive.com even when using HTTPS, the connection leaks a unique identifier that can be used to retrieve their name and profile photo in plaintext.

    A unique identifier called a CID is exposed because it's sent as part of a Domain Name Service lookup for the address of the storage server containing profile data and as part of the initiation of an encrypted connection. As a result, it could be used to track users when they connect to services from both computers and mobile devices, possibly even identifying users as their requests leave the Tor anonymizing network.


  2. Microsoft OWA falls victim to password-pinching APT attack
    SECURITY RESEARCHERS FROM Cybereason have sounded a klaxon over a problem with the Microsoft Outlook Web Application (OWA) that could let attackers swoop in and tag and bag data and documents through the use of APT techniques.

    Cybereason discovered the bug when a customer with some 19,000 endpoints suspected that it was the victim of infection.


  3. New Outlook mailserver attack steals massive number of passwords
    Backdoor in Outlook Web Application operates inside target's firewall.




Recent Techrights' Posts

Promoting Microsoft Windows With LLM Slop
What is the policy at BetaNews regarding LLM slop?
Alex Oliva, the Potential 'Successor' of RMS, Has a New Web Site
More freedom for Alex Oliva
 
Links 17/02/2025: LLMs Failing and Patreon Support Becoming a Burden to Bloggers
Links for the day
Links 17/02/2025: Blogroll Conundrum; Research, Scientists Under Siege
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, February 16, 2025
IRC logs for Sunday, February 16, 2025
Links 16/02/2025: Nostalgia for Physical Media and the US Government Actively Promotes Pro-Kremlin Politicians in the EU
Links for the day
Gemini Links 16/02/2025:Life, Cynicism, and languages
Links for the day
Links 16/02/2025: Oligarchs "Collect Your Data and Control Your World", Global Temperatures Shoot Up
Links for the day
Links 16/02/2025: "Microsoft Is Laying Off Employees" and Internal Dissent Brewing at Facebook Over Regime Complicity
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, February 15, 2025
IRC logs for Saturday, February 15, 2025
Links 15/02/2025: Harms to Health, Public Domain, and More
Links for the day
Gemini Links 15/02/2025: On Autistic People, AuraGem Over HTTPS
Links for the day
The Cyber Show (C|S) Speaks of the "Rise of the Nerd Reich."
This 'Valentine Episode' is quite good
Azure is Turning 17 This Year, Still Losing Money and Staff
Hallmark of pyramid schemes, deriving "value" out of things that do not really exist?
Strong Momentum for the Free Software Foundation (FSF) as Winter Approaches Its End in Boston or in the Northern Hemisphere
FSF's founder, Richard Stallman, gives another talk in Italy in 9 days from now
The 'Drunken Plagiarists' Are Harming Journalism About GNU/Linux
They lessen the incentive to do real journalism abut GNU/Linux
Female Nazis and racist Swiss women
Reprinted with permission from Daniel Pocock
Richard Stallman on RISC-V and Free Hardware
Invidious is under attack by Google
Links 15/02/2025: Erasing of American Science and Tesla SLAPPing Critics
Links for the day
IDG 'Reviews' of GNU/Linux Now Contain LLM Slop
It's typically ads or commercials... or sometimes spin disguised as news
Gemini Links 15/02/2025: Spectacles and "Before Sunset", Moving Domains Out of the US
Links for the day
Microsoft Has Only $17,482 Million Left, "Cash on Hand" Sank 40 Billion Dollars in 2 Years
Microsoft runs low on money in the bank
YouTube Layoffs Mean That YouTube is Still Losing a Lot of Money (Net Income or Profit Almost Definitely Negative)
In more recent years Google defunded many vloggers
In Gopher and Gemini Protocol People Abandon Services Based in the United States
There's no resistance whatsoever
Python and Microsoft: Pandas Should Have Known OpenDocument Format (ODF) and Microsoft Excel Are Different and Competing Things
now we're meant to think that in order to open ODF files we need some functions with "Excel" in their name
Not Only Windows, Surface, and "Hey Hi" PCs; Microsoft's Hardware Ventures Are a Dumpster Fire; HoloLens Mixed Reality Hardware Now Axed Altogether and Staff is Miserable
Microsoft is in a terrible state
Certificate Authority (CA) Let's Encrypt Now Down to TEN (0.3% of the Whole) in Geminispace
The number of capsules that use Let's Encrypt is, according to Lupa, about to fall to single-digit figures
Links 15/02/2025: University Price Hikes and Copyright Action Against Slop Companies
Links for the day
Slopwatch: All Those New 'Articles' Are Fake and Crafted by Chatbots (LLM Slop)
Google News is promoting these as "Linux" news; they're not even made by humans
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 14, 2025
IRC logs for Friday, February 14, 2025