Bonum Certa Men Certa

Microsoft's Insecure-by-Design (Sometimes With Back Doors) 'Contributions' to OpenSSH

Making a mockery out of the spirit of OpenBSD, having given money to OpenBSD

Manchester church Vulnerability (need for money) found in the Church of BSD



Summary: Microsoft is seemingly disrupting the high standards of the OpenSSH project (and by extension OpenBSD and Free/libre software), as its focus on security is ludicrous at best

LAST week, in our daily links, over a dozen links were included about a new revelations of flaws in a hugely popular encryption method. A paper presented by award-winning academics demonstrated a serious weakness. OpenSSH was among the alleged targets, potentially allowing spies to infiltrate, intercept and decrypt communications/data relayed over SSH. The philosophy and principles (UNIX) of OpenSSH had kept it strong for a very long time.



"Knowing the role that social engineering plays in weakening encryption, the last thing one needs right now is PRISM pioneer (first company) and a back doors proponent like Microsoft inside the OpenSSH community."Those who keep abreast of privacy news (including NSA leaks) will know that there is an aggressive effort to crack SSH. Some ciphers were recently phased out or deprecated as a result. Knowing the role that social engineering plays in weakening encryption, the last thing one needs right now is PRISM pioneer (first company) and a back doors proponent like Microsoft inside the OpenSSH community. As we pointed out earlier this year, OpenSSH is being subjected to E.E.E. (embrace, extend, extinguish) treatment from Microsoft [1, 2] because money talks. Microsoft has a lot of money (despite losses in the billions) and OpenBSD is underfunded, hence desperate for money.

Secure channels and Microsoft Windows are incompatible concepts. It cannot be done because Windows itself has back doors, allowing penetration at root (Administrator) level. Microsoft is now pushing its back-doored, insecure-by-design APIs into the SSH project and also puts people's keys on boxes with such inherent insecurities. How terrible a recipe is that? Is OpenBSD willing to compromise its credibility and reputation just because Microsoft gave it a 'generous' payment (some would call it a bribe)?

According to this update from Microsoft, they now intend to:

Leverage Windows crypto api’s instead of OpenSSL/LibreSSL and run as Windows Service...


People in the comments (not deleted, at least not yet) rightly post complaints. One said: "I don't think I like that your replacing an open source SSL with a closed source Windows crypto api."

Another commenter said: "Do I see a trap here?! If the Windows port uses the closed source crypto api is the whole OpenSource OpenSSH-idea then still intact?"

"Microsoft takes something that's not its own and then 'bastardises' it, making it an inferior 'Windows thing' which spreads only because of the network effect or illegal bundling."iophk told us: "How much key code can they replace with dodgy homebrew and still be allowed to use the same name? Without the crypto, it is not the same software and merely a derivative."

Well, that's just how E.E.E. has historically worked. Microsoft takes something that's not its own and then 'bastardises' it, making it an inferior 'Windows thing' which spreads only because of the network effect or illegal bundling.

iophk has also pointed out to us that Roger A. Grimes, who works for Microsoft and IDG (news publisher) at the same time (clearly a conflict of interests), presents a false dichotomy, "freedom or security" (right there in the headline). Computer security is never the goal at Microsoft; they want back doors for so-called 'national security' (i.e. state power with remote access to citizens' PCs).

"The first rule of zero-days is no one talks about zero-days," reads this new headline (remember that Microsoft wilfully enables NSA access through zero-days).

"If Microsoft cannot honour Free software and respect the APIs of OpenBSD, OpenSSH, OpenSSL etc. then maybe it's time to tell Microsoft to take back its 'bribe' money and go away, leaving OpenSSH alone (and secure)."Microsoft's E.E.E. tactics are becoming a big threat not just to GNU/Linux but also to BSD and Free software as a whole. Microsoft now tries to become a GNU/Linux host, despite its known record of scanning every single file (claiming to do so because of child pornography) and colluding with the government for warrantless access to data stored on servers.

The E.E.E. against GNU/Linux is perhaps best demonstrated by this new article about how Microsoft tries to take over Big Data (a lot of data, sometimes incredibly sensitive) on GNU/Linux servers. "Last month Microsoft did something extraordinary," says the author, "something which demonstrates how completely the company has changed since its third CEO, Satya Nadella, took over."

Satya Nadella just turned the company into more of a surveillance company, as Vista 10 serves to remind us. He continues to attack GNU/Linux in many ways (including patent extortion) while saying that Microsoft "loves Linux' (a lie as big as a lie can get).

If Microsoft cannot honour Free software and respect the APIs of OpenBSD, OpenSSH, OpenSSL etc. then maybe it's time to tell Microsoft to take back its 'bribe' money and go away, leaving OpenSSH alone (and secure). Almost every distribution of GNU/Linux comes with OpenSSH. Microsoft is a wolf in sheep's clothing and it has no room inside FOSS until it quits attacking FOSS and collaborating with abusive espionage agencies like GCHQ and the NSA.

Recent Techrights' Posts

This Week Fedora Celebrates Diversity, But It is Pushing Proprietary Software and Censorship
IBM openwashing, perception management, and reputation laundering gone awry?
EU 'Chat Control' Law is Already Discrediting the Stated Goals of GDPR
Equip kids with always-on always-connected microphones and double-sided cameras, just to be safe...
 
Links 20/06/2024: Trying to Maintain Health and the Implosion of LLM Bubble/Hype
Links for the day
Microsoft's Bing Share in Canada Has Only Decreased Since the LLM Hype ("Bing Chat")
According to statCounter
Gemini Links 20/06/2024: Golden Ticket and Looking for Web 1.0 Communities
Links for the day
Not Even TRYING to Compete With Microsoft
CMA (UK) ought to step in and investigate why Canonical (UK) refuses to even compete
Poul-Henning Kamp: Why Freedom in 'FOSS' Matters
Openwashing is more widely recognised as a growing problem
[Meme] EU Chat Control: The Problem is Too Much Privacy???
So what's with GDPR then? The EU is contradicting itself!
Lithuania: GNU/Linux Usage Climbs to Highest Level in Years
consistent abandonment of Microsoft
"Remarkably Little Had Changed."
Black or African American not even mentioned
Rumours That Nat Friedman (CEO) Was 'Fired' by GitHub/Microsoft
"Microsoft Refused to Fix Flaw Years Before SolarWinds Hack"
linuxsecurity.com: A Step in a Positive Direction
We hope that Guardian Digital and linuxsecurity.com will rectify the matter and persist with real articles
Links 20/06/2024: Somali Piracy Surges, Juneteenth Discussed
Links for the day
Gemini Links 20/06/2024: Gemini is 5 Today (Still No Gemlog Entry From its Founder)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 19, 2024
IRC logs for Wednesday, June 19, 2024
Morocco: GNU/Linux Surges From 0.1% to 4.21%
Microsoft has mass layoffs in Africa these days
[Meme] EU Chat Control II
Stuff like "Chat Control" means that GDPR will lose credibility and the true motives be rightly scrutinised/questioned
You're Only Proving Our Point, Sir
clearly obsessed with what we write
Just Because It Happened Over 20 Years Ago Doesn't Mean It's "Old News" or Stopped Happening
This strategy merely evolved
Thanking Solderpunk for 5 Years of Gemini Protocol
Long live Gemini Protocol and long live Solderpunk!
[Meme] He Who Controls the Boot
And licks the Microsoft boot
[Meme] systemd-recovery
Imagine "Linux" (Poetterix) becoming so unreliable that it needs factory resets
Almost Every Day This Month the GNU/Linux "Market Share" Grows in statCounter
Advocates like to see progress
Dawg, I Herd You Like Freedom
In the context of Software Freedom, little is ever said about free speech
Links 19/06/2024: Microsoft Faces Big Backlash, Bytedance Referred to US Department of Justice
Links for the day
Gemini Protocol Turns 5 in 15 Hours
Geminispace is still very much alive
OSI's Blog is Still 100% "AI" Nonsense Sponsored by Microsoft (the Authors Are Also Salaried by Microsoft)
The founder of the OSI no longer supports the OSI
Poland is Another Country Where Bing Lost a Lot of Market Share Since the LLM Gimmicks
down from 3.24% to 2.4%
Jean-Pierre Giraud, Possible Forgeries & Debian: elections, judgments, trademark already canceled, archaeologist
Reprinted with permission from Daniel Pocock
It Took Microsoft More Than 3 Years to Get a Quarter of Windows Users to 'Upgrade' to Vista 11 (3 Out of 4 Windows Users Still Reject It)
That is exactly what's happening right now
[Meme] The Empire
Don't be like Putin
They Want 'Transparency' Only for the General Public (Every Bit of Communication Available to the Government, Usually Via Corporations)
The EU might decide to effectively ban SSH
Justices Jeremy Johnson and Victoria Sharp to Decide the Fate of Julian Assange in About Three Weeks
Will he be back home in Australia by year's end?
Free Software Won't Fix Equality, But It Helps
Let's examine Free software in the context of: 1) money. 2) justice.
Treating Them as Teammates, Not as Political Props, Trophies, or Objects
Most of the world's people are women
Links 19/06/2024: SFTP and Gopher Milestone
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 18, 2024
IRC logs for Tuesday, June 18, 2024
US Surgeon General's Advice on Social Control Media (and "Smart" Phones) Seems Reasonable
People forget what the real world is about
Quiet at Planet Debian
planet.debian.org has not had any updates since 5 days ago
Belarus: Bing Fell From 1.1% to 0.6% Since Microsoft Started the LLM Hype (Yandex is 50 Times Bigger Than Bing)
Now enter Belarus
Morale at Microsoft Sinks to New Lows
The annual 'Employee Signals' survey showed a drop from 69% to 62% in positive responses
Microsoft Windows is Being Abandoned in the UK, Relative to Other Platforms (New All-Time Lows)
Windows at new lows
Links 18/06/2024: More Executives Leave Microsoft, Attacks on the Press in Russia and 'Exile'
Links for the day
[Meme] Always Livecasting
Wait Till Systemd-Recall
Australia: Bing Lost Market Share Since the LLM Hype ("Bing Chat")
Google rose, Bing went down
Gemini Links 18/06/2024: Unconscious Consumption and Firewall Autoban
Links for the day
[Meme] Canonical Has Basically Become Novell II
Today's Canonical...
While Everyone is Furious at Vista 11 (Over TPM, Recall and Other Malicious 'Features') Canonical is Selling It to People
So the only thing Canonical says about Windows is that you should give it a try?
Links 18/06/2024: Adobe and Internet Archive in Trouble
Links for the day
Peter Duffy Explains SystemD
Ein Volk, Ein Reich, Ein Führer!
[Meme] The Doyen and the Colonel
EPO continues to prioritise lawbreaking over knowledge
EPO Union Action: Next Week SUEPO The Hague and SUEPO Munich Talk About New Pension Scheme (NPS) and Salary Savings Plan (SSP)
So there are basically 32 days left for more people to intervene
[Meme] Wait Till Systemd-Recall
The only thing Linux still needs is a forensics backdoor
GNU/Linux Up This Month in India (or Why Famous Criminal Bill Gates Keeps Visiting Modi)
truth tends to catch up with people
Microsoft Poetterix is Work in Progress
Linux's New DRM Panic 'Blue Screen of Death' In Action
24/7 Work Discipline
it's not so much about how much (or how long) one works, it's about how one works and whether one feels comfortable doing it
Adamant Conformism is an Enemy of Science
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 17, 2024
IRC logs for Monday, June 17, 2024
Links 18/06/2024: Further Mass Layoffs and Gemini Leftovers
Links for the day
At IBM, "Brownnosing is the Norm."
Many of these comments are from IBM insiders
Myanmar/Burma: Google Gains One Percent, Microsoft Loses One Percent Since the LLM Hype ('Bing Chat')
it's not hard to understand LLMs didn't replace real search and didn't replace Google, either
[Meme] KISS, not SAAS
Gemini Protocol turns 5 in exactly 2 days
Hostageware: The Threat of Clown Computing (or 'SaaS', Another Misnomer or Buzzword) to Computer Users Everywhere
This problem isn't limited to Free software adopters