Undermining That Other OS

“The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden.”
 
See Popular Security Software Came Under Relentless NSA and GCHQ Attacks
I’ve been writing for ages that governments should promote FLOSS and GNU/Linux. It’s the right way to do IT after all. However, governments tend not to do the right thing in straightforward ways. Take IT-security, for instance. It used to be that the NSA gave us Tor and Selinux to make the world a better place… Then came “9/11” and it all changed. The NSA became deeply paranoid and “out to get us”.

Given That Other OS is just about everywhere and is helpless without anti-malware software, the NSA and others have studied the anti-malware software to exploit it as a back door to TOOS… Ironic, isn’t it? M$ lobbies governments endlessly by fair means and foul to prevent being banned from global markets while those governments use TOOS to spy on friends and enemies… Europe is practically fleeing Wintel. The rest of the world is over ~1% utilization on the desktop with no need for salesmen. India uses GNU/Linux at work. Uruguay uses it widely in schools. M$ has had its client OS on a slippery slope for years. They didn’t need Big Brother giving them a push down the hill after greasing and warming the skids. Chuckle. It’s all good. I’ve been using GNU/Linux personally and professionally for years. I just upgraded to Linux 4.1 this morning after watering my weeds. They are doing well as are the corn, onions, trees, squash, etc. Life is good without TOOS and Big Brother is helping the world become Free a few million PCs at a time.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in Linux in Education, technology and tagged , , , , , , , , , , , . Bookmark the permalink.

9 Responses to Undermining That Other OS

  1. oiaohm says:

    http://www.computerworld.com/article/2941412/encryption/software-developers-arent-implementing-encryption-correctly.html

    Microsoft history with encryption is not great. Remember password protected .doc files for years anti-virus software could brute force the password because the encryption was defective. Yes an old world doc was a encrypted file.

    I am sorry without details of exactly what Microsoft is doing with the encryption you cannot be sure it secure. Microsoft did implement the NSA defective random number generator so the encryption might not be solid at all if that file is encrypted using that random number generator.
    http://www.bbc.com/news/technology-24048343

    Everything in between is encrypted — how successfully is a matter of debate, although at least it doesn’t rely on Debian SSL . The security issue therefore becomes:
    DrLoser maybe no better than defective Debian SSL if it used the NSA defective random number generator.

    First questions with encryption is you want detailed information how its implemented. It really simple to have a file appear encrypted but in reality offer no security at all.

    Its like AES encrypted hard-drives they require 77 char password to encrypt properly yet some AES encrypted drives will only take a 12 char password. So the drive can be brute forced.

    So its not just debian who as had major encryption failures. So has Microsoft and everyone else.

    It’s not a security hole. It’s simply a way of facilitating network sharing via an encrypted end-to-end protocol.
    You don’t know that it is properly encrypted end to end until it been properly validated. Until proper details about how it works are inspected it safer to presume it is a security hole.

    Its like many android applications claimed end to end encryption but then was not checking certificates so man in middle attack worked perfectly. There are 100’s of ways to screw this up.

    DrLoser only a idiot in the modern age walks around saying its encrypted so it fine. A wise person will say it encrypted by X secure method with all the required implementation features to be secure before thinking its not a security flaw.

    I have a good one is the file on the server encrypted with the same password required to log into the server to get the file. Single Sign On(SSO) is great except where it comes to encryption. If that is like a ADS password web based login points become a weakness to get it. Like Microsoft hosting your sharepoint. The reality is by the big picture for someone at Microsoft to open that file might be no problem at all.

  2. dougman says:

    Hmmmm…you cannot be serious, but then again you are from the land whereby statists want to ban encryption.

    So…lets see:

    Windows 10 “WiFi Sense” automatically leaks your wifi password to strangers.

    Even if you personally disable it on your own computer, anyone else connecting to your network will leak your password to all of their Facebook friends.

    The only way to opt out of this feature is to change the name of your SSID to include “opt out” at the end or force EVERY SINGLE PERSON connecting to your network to disable the feature on their PC before connecting.

    There is no other way to opt out.

    This is another one of those M$ marketing ploys, that later comes back and bites M$ in the ass.

    For those that have forgot, here is a history lesson: https://www.sans.org/security-resources/malwarefaq/win_upnp.php

  3. DrLoser says:

    Let me ‘splain how that works to you, Dougie.

    For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared

    Everything in between is encrypted — how successfully is a matter of debate, although at least it doesn’t rely on Debian SSL . The security issue therefore becomes:

    “Do you, person X, want to share access to network access Y with person Z?”

    In the old days, what person X did would be to phone person Z up on a rotary phone and yell something along the lines of “Delta Oscar Uniform Golf India Sierra Alpha Tango Uniform Romeo Delta.”

    Obviously person Z would have a problem with that. “When you say “Romeo,” do you mean “Roger?” 10-4 good buddy!”

    But, either way, person X gets to share network resource Y with person Z.

    It’s not a security hole. It’s simply a way of facilitating network sharing via an encrypted end-to-end protocol.

    Wow, those naughty Microsoft types.

  4. dougman says:

    No need to undermine Windows, M$ undermines itself.

    “For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,”

    http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/

  5. dougman says:

    M$ stated Win-Dohs 10 would be free, but Win-Dohs 10 is the “last” version of Win-Dohs. All the next versions of Win-dohs will just be labeled “Windows”

    See what they are doing here?

    Eh.

  6. dougman wrote, “As it turns out the “free” statement as read in their SEC filings, was just a marketing ploy.”

    The 10-Q said, “In January 2015, we announced Windows 10 will be free to all qualified existing users of Windows 7 and Windows 8. This offer differs from historical offers preceding the launch of new versions of Windows as it is being made available for free to existing users in addition to new customers after the offer announcement. We evaluated the nature and accounting treatment of the Windows 10 offer and determined that it represents a marketing and promotional activity, in part because the offer is being made available for free to existing users. As this is a marketing and promotional activity, revenue recognition of new sales of Windows 8 will continue to be recognized as delivered.”

    It does sound like they see giving “10” away as marketing for “8.*”… That’s really strange. I’ll give you a hammer so you’ll buy nails, eh? Maybe for “11.*” they’ll pay people to use their product. Either way revenue for client OS will plunge. Even if this makes sense for M$, consider an OEM trying to sell an OS that consumers can get for $0 using a product the OEMs previously sold. That’s a lot of pressure for OEMs to flee M$. How could a grocery store make any money selling eggs if chickens were everywhere, laying eggs all over consumers’ lawns? OEMs might as well sell PCs with GNU/Linux or no OS. Consider the consumer. Why would they buy “8” so they can get “10” if they can just convert an old PC with “7” into an old PC with “10” or GNU/Linux? Giving the consumer choice has got to hurt Wintel.

  7. dougman says:

    I do say, Linux has surpassed the 1% usage worldwide, quite some time ago.

    Everyone I have ever asked hates Win-Dohs 8 for obvious reasons.

    Now, we have people running around stating that Win-Dohs 10 will be free forever, whereby M$ had to interject and clarify itself for investors. As it turns out the “free” statement as read in their SEC filings, was just a marketing ploy.

    People are so ignorant these days.

  8. DrLoser chuckled at “~1%”.

    Let’s see… 1% of 7X109 is 7X107 people. That’s a serious number of people. More than enough to win a guerrilla war against USA in Viet Nam, or to build nukes, or to put something into orbit, etc. Then there’s Uruguay with just about every child being familiar with GNU/Linux (~15%) or India with a lot using it at work. GNU/Linux may be a thousand points of light but they aren’t uniformly distributed. The Good Word is spreading however.

  9. DrLoser says:

    “~1%?”
    Chuckle.

Leave a Reply