Microsoft
Microsoft Insecurity by Design
Submitted by Roy Schestowitz on Sunday 7th of March 2021 07:55:30 AM Filed under

-
Move over, SolarWinds: 30,000 orgs’ email [cracked] via Microsoft Exchange Server flaws
Four exploits found in Microsoft’s Exchange Server software have reportedly led to over 30,000 US governmental and commercial organizations having their emails [cracked], according to a report by KrebsOnSecurity. Wired is also reporting “tens of thousands of email servers” [cracked]. The exploits have been patched by Microsoft, but security experts talking to Krebs say that the detection and cleanup process will be a massive effort for the thousands of state and city governments, fire and police departments, school districts, financial institutions, and other organizations that were affected.
-
Microsoft [crack]: White House warns of 'active threat' of email attack
Microsoft executive Tom Burt revealed the breach in a blog post on Tuesday and announced updates to counter security flaws which he said had allowed [attackers] to gain access to Microsoft Exchange servers.
-
More than 20,000 U.S. organizations compromised through Microsoft flaw: source [iophk: Windows TCO]
Because installing the patch does not get rid of the back doors, U.S. officials are racing to figure out how to notify all the victims and guide them in their hunt.
All of those affected appear to run Web versions of email client Outlook and host them on their own machines, instead of relying on cloud providers. That may have spared many of the biggest companies and federal government agencies, the records suggest.
The federal Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.
-
Don't Breed Crows: How Big Techs Started Out As US Government Projects, And Today They Threaten Democracy
There is an old Spanish saying that goes like this: "don't breed Crows, they'll sting your eyes," and this saying fits perfectly with the class of American tech companies, the so-called Big Techs.
Yes, with a few exceptions, most Big Techs were born as projects of the US government, US Army, CIA or NSA. Or, they are entwined with the American government, in one way or another.
I stress that everything that has been written in this text is not secret. It is available on several websites on the internet, and, there is nothing new here. Just search, and anyone will find this information.
[...]
Microsoft The company that was born in 1975 in Albuquerque, New Mexico, as a creator of BASIC interpreters for microcomputers, and then, through a series of misadventures, became the largest software company in existence, also has very deep ties to intelligence agencies.
Microsoft has been working closely with U.S. intelligence services to allow users' communications to be intercepted, including helping the National Security Agency circumvent the company's own encryption, according to top-secret documents obtained and leaked by Edward Snowden in 2013. These documents show the complicity of several technology companies, in the so-called Prism project.
[...]
Now, I invite you to think a little. I've known Microsoft for many years, and this company amasses more flops than hits. Indeed, Microsoft, were it any other company, would have been bankrupt and closed for many years now. But no. It looks like they have a cash printer in Redmond, or does the American government not let the company break, to not lose its source of backdoors ? Something to think about.
Other than these companies, In-Q-Tel invests in other, little-known companies ranging from video games and virtual reality, to big data and data capture from social networks.
- Login or register to post comments
Printer-friendly version
- Read more
- 1248 reads
PDF version
Proprietary Software and Security Issues: Microsoft Serving Malware, Ransomware, and FUD
Submitted by Roy Schestowitz on Friday 5th of March 2021 08:52:48 AM Filed under

-
Development on Windows is Painful
Overall, I think I can at least tolerate this development experience. It's not really the most ideal setup, but it does work and I can get things done with it. It makes me miss NixOS though. NixOS really does ruin your expectations of what a desktop operating system should be. It leaves you with kind of impossible standards, and it can be a bit hard to unlearn them.
A lot of the software I use is closed source proprietary software. I've tried to fight that battle before. I've given up. When it works, Linux on the desktop is a fantastic experience. Everything works together there. The system is a lot more cohesive compared to the "download random programs and hope for the best" strategy that you end up taking with Windows systems. It's hard to do the "download random programs and hope for the best" strategy with Linux on the desktop because there really isn't one Linux platform to target. There's 20 or something. This is an advantage sometimes, but is a huge pain other times.
The conclusion here is that there is no conclusion.
-
Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information.
The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.
Internal developer projects typically use standard, trusted code dependencies that are housed in private repositories. Birsan decided to see what would happen if he created “copycat” packages to be housed instead in public repositories like npm, with the same names as the private legitimate code dependencies.
-
Ryuk ransomware develops worm-like capabilities, France warns
A new sample of Ryuk ransomware appears to have worm-like capabilities, according to an analysis from the French National Agency for the Security of Information Systems (ANSSI), France’s national cybersecurity agency.
-
FireEye finds evidence Chinese [crackers] exploited Microsoft email app flaw since January [iophk: Windows TCO]
Cybersecurity group FireEye on Thursday night announced it had found evidence that [crackers] had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors.
[...]
Since then, FireEye found evidence that the hackers had gone after an array of victims, including “US-based retailers, local governments, a university, and an engineering firm,” along with a Southeast Asian government and a Central Asian telecom.
-
Does Linux Need Antivirus? [Ed: Avast: Let's badmouth GNU/Linux to make proprietary software sales, with back doors in them, based on the supposition that crap on top of poor practices will somehow yield better results]
- Login or register to post comments
Printer-friendly version
- Read more
- 1694 reads
PDF version
Linux Foundation, Microsoft, and Linux
Submitted by Roy Schestowitz on Thursday 4th of March 2021 11:21:11 AM Filed under

-
The Linux Foundation Continues to Expand Japanese Language Training & Certification
Japan is one of the world’s biggest markets for open source software, which means there is a constant need for upskilling of existing talent and to bring new individuals into the community to meet hiring demand. The Linux Foundation is committed to expanding access to quality open source training and certification opportunities, which is why we have developed a number of Japanese language offerings.
[...]
While Hyperledger Fabric Administration is the newest Japanese course offered by Linux Foundation Training & Certification, it is far from alone. Our catalog of Japanese-language offerings includes:
-
ESET says more threat groups using Microsoft zero-days in attacks
Slovakian security firm ESET says it has detected at least three additional threat groups using a zero-day in Microsoft Exchange Server in attacks, even as the US Government issued an emergency directive telling all US federal bodies to patch Exchange and report on exploitation by noon on Friday.
-
Radeon R600 Gallium3D Flips On OpenGL 4.5 For NIR Backend - Phoronix
The experimental NIR back-end for the R600 Gallium3D driver as an alternative to the default TGSI code-path has now enabled OpenGL 4.5 support for capable GPUs.
With a number of OpenGL 4.5 conformance test suite fixes that were merged on Tuesday, OpenGL 4.5 is now ultimately enabled for the NIR code path.
This OpenGL 4.5 support is enabled for all Radeon HD 5000 "Cedar" GPUs through the Radeon HD 6000 series where the R600g driver support ends. Previously and for the non-NIR code-path this is at OpenGL 4.3 support.
-
Microsoft Sends Out Patches For Hyper-V "Isolation VMs" With Linux [Ed: Microsoft is interjecting shims for proprietary software with NSA back doors... into the Linux kernel]
With the forthcoming Linux 5.12 kernel there is a big Redmond victory with Linux being able to boot as the root partition on Microsoft's hypervisor while moving forward the company still has more in store for the ongoing years long effort of Linux on Hyper-V.
[...]
At the moment there are 12 patches from Microsoft engineers under a "request for comments" banner on implementing this Hyper-V support for Isolation VMs -- both with VBS and AMD SEV-SNP. It's obviously too late for seeing in the 5.12 kernel but we'll see when this latest Hyper-V driver initiative is buttoned up and ready for mainline.
- Login or register to post comments
Printer-friendly version
- Read more
- 1606 reads
PDF version
Microsoft Security Issues and Blame-Shifting
Submitted by Roy Schestowitz on Wednesday 3rd of March 2021 02:23:22 PM Filed under

-
Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.
-
Microsoft Says Chinese Hackers Responsible for Exchange Attacks [Ed: Microsoft puts back doors in its products but is now blaming China for taking advantage of those. Microsoft: our back doors aren't always exploited; when they are, we'll resort to xenophobia and blame the Chinese (not those who put the back doors there).]
-
Payroll/HR Giant PrismHR Hit by Ransomware?
PrismHR, a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services.
-
Malicious NPM Packages Steal Linux and Unix Password Files of Amazon, Slack, and More [Ed: Microsoft is delivering spyware and malware, but media doesn't name the real culprit (as if Microsoft doesn't exist when that does not suit Microsoft)]
- Login or register to post comments
Printer-friendly version
- Read more
- 1130 reads
PDF version
Refund of pre-installed Windows: Lenovo must pay 20,000 euros in damages
Submitted by Roy Schestowitz on Tuesday 2nd of March 2021 11:12:23 AM Filed under



In a historic judgment in Italy, in a case initiated by FSFE supporter Luca Bonissi, Lenovo was ordered to pay 20,000 euros in damages for abusive behaviour in denying to refund the price of a pre-installed Windows licence. In a motivating gesture for the Free Software cause, Luca donated 15,000 euros to the FSFE.
We all know how frustrating it is to buy a brand new computer and realise that it comes with a pre-installed proprietary operating system. Some companies have adapted their unfair behaviour and established clearer procedures for consumers to obtain the refund for paid licences of software they do not want to use. However, some computer manufacturers like Lenovo still make it very hard for consumers, forcing them to assert their rights in expensive and exhausting lawsuits. This is the successful story of Luca Bonissi, an Italian developer and long-term FSFE supporter and volunteer, in his relentless quest for getting a Windows licence refund, and how Lenovo was ordered to pay 20,000 euros for its unlawful behaviour during the court proceedings.
- 1 comment
Printer-friendly version
- Read more
- 1407 reads
PDF version
Microsoft Proprietary Software Disasters and Human Rights Abuses
Submitted by Roy Schestowitz on Thursday 18th of February 2021 02:37:16 PM Filed under
-
Unhappy with response, senators ask for a leader to head up cyber breach cleanup [iophk: Windows TCO]
In a Feb. 9 letter, Sens. Mark Warner, D-Virginia, and Marco Rubio, R-Florida ― the chairman and vice chairman of the Senate Intelligence Committee, respectively — expressed their concern with the federal response to date.
-
Microsoft Vaccine Scheduling Software Deal Ended By Iowa
In New Jersey, the system had yet to work correctly after five weeks, two administration officials who asked not to be identified said last week. That was a high-profile stumble for Redmond, Washington-based Microsoft, which is trying to build a big business by selling software to run hospitals and health care systems and has been touting its ability to aid the nationwide effort to inoculate residents against the coronavirus.
-
DNA testing source code
The maker of the software, Cybergenetics, has insisted in lower court proceedings that the program’s source code is a trade secret.
- Login or register to post comments
Printer-friendly version
- Read more
- 1368 reads
PDF version
A Post-Mortem in 5 Acts: How Microsoft Privatized Open Source And Killed JavaScript in the Process
Submitted by Rianne Schestowitz on Thursday 18th of February 2021 06:14:10 AM Filed under


Microsoft may not be able to innovate on products, and they usually fail miserably. But it is shockingly good at marketing, propaganda, and take-overs.
Microsoft has essentially deprecated JavaScript and the non-profit foundation, which governed it, by TypeScript, which is governed and controlled by the for-profit Microsoft Corporation. If Microsoft was truly interested in improving JavaScript it could have done that through the non-profit foundation. But instead, it took the ‘Evil Corp’ approach of making the foundation and JavaScript slowly irrelevant, so it could guarantee that it could monopolize and monetize the whole industry.
- Login or register to post comments
Printer-friendly version
- Read more
- 1095 reads
PDF version
Use this bootable USB drive on Linux to rescue Windows users
Submitted by Roy Schestowitz on Wednesday 17th of February 2021 10:08:45 AM Filed under


People regularly ask me to help them rescue Windows computers that have become locked or damaged. Sometimes, I can use a Linux USB boot drive to mount Windows partitions and then transfer and back up files from the damaged systems.
Other times, clients lose their passwords or otherwise lock their login account credentials. One way to unlock an account is to create a Windows boot disk to repair the computer. Microsoft allows you to download copies of Windows from its website and offers tools to create a USB boot device. But to use them, you need a Windows computer, which means, as a Linux user, I need another way to create a boot DVD or USB drive. I have found it difficult to create Windows USBs on Linux. My reliable tools, like Etcher.io, Popsicle (for Pop!_OS), and UNetbootin, or using dd from the command line to create bootable media, have not been very successful.
- Login or register to post comments
Printer-friendly version
- Read more
- 1144 reads
PDF version
Microsoft Azure and Canonical Ubuntu Linux have a user privacy problem
Submitted by Rianne Schestowitz on Monday 15th of February 2021 06:45:40 PM Filed under


It was just another day for Luca Bongiorni, a security advisor for Bentley Systems. He'd just spun up an Ubuntu Linux 18.04 instance on the Microsoft Azure cloud using a corporate sandbox for testing purposes. Three hours later, on Bongiorni's LinkedIn account he received a message from a Canonical sales representative saying, "I saw that you spun up an Ubuntu image in Azure," and telling him he'd be his "point of contact for anything Ubuntu-related in the enterprise." Say what??
Actually, Bongiorni was a little more "frank" about his annoyance and surprise that a Canonical salesperson had tracked him down on an entirely different service and knew that he had just used Ubuntu on Microsoft Azure. "What the f*** is happening here? WHY [did] MICROSOFT FORWARDED TO UBUNTU THAT I SPUN A NEW VM!?!" Customer privacy, what's that?
- 2 comments
Printer-friendly version
- Read more
- 1369 reads
PDF version
Proprietary Microsoft Stuff and Security Issues
Submitted by Roy Schestowitz on Monday 15th of February 2021 04:47:30 PM Filed under

-
What deserves firing? Asking for Excel, or ignoring the alternatives?
The Idaho Statesman (IS) is a USA local newspaper, that is owned by a company called McClatchy. A few years ago, McClatchy decided to cut costs by, among other things, “doing away with subscriptions to Microsoft Office for new employees”. Consequentely, in late January 2021 McClatchy denied a request by a new IS reporter to have “access to Microsoft Excel”. Faced with resistance to get a software program as basic as a spreadsheet for a member of her staff, the IS top editor, Mrs Christina Lords, complained about this on Twitter.
Eventually, it seems, the reporter was “granted access to Excel on her company laptop”. But Lords was fired, for violating McClatchy’s social media policy.
[...]
As far as I am concerned, I find nothing wrong in McClatchy’s decision to not pay anymore for Microsoft Office. What I find hard to accept is just their refusal to buy the most expensive variety of a software essential for daily tasks… without concretely encouraging all of their staff to use license-free alternatives, or at least allowing them. It is almost like saying “we won’t buy gold-plated Mont Blanc pens for new employees anymore, but even those employees must write only with gold-plated Mont Blanc pens”. Please tell me that there is more to this story.
-
Report: Microsoft recently sought to acquire Pinterest
Microsoft Corp. at one point considered acquiring the social network Pinterest Inc., according to a report today in the Financial Times.
Pinterest had a market capitalization of about $51 billion prior to the publication of the report. The company’s stock price jumped more than 5% following the Financial Times’ scoop, after previously rising more than 600% since the start of the coronavirus pandemic.
The paper, citing people familiar with the matter, said that Microsoft had approached Pinterest about an acquisition “in recent months.” One of the tipsters was citing as saying that the negotiations are currently not active. It’s unclear whether the talks were shelved completely or simply paused.
-
Arrests in Ukraine hit Windows Egregor ransomware gang
Law enforcement authorities in France and Ukraine have joined forces to arrest a number of people in Ukraine who were using the Windows Egregor ransomware to make money.
-
NVD - CVE-2020-24074
-
CVE - CVE-2020-24074
-
Singtel affected by cyber attack on Accellion file-sharing software
Singapore's multinational telecommunications conglomerate Singtel has been breached by an attack on a file-sharing system from Accellion that is nearing its end-of-life, with the breach ocurring on 20 January, the telco says.
-
Open-Source Kernel Security Technologies
Lockdown is a relatively new security feature designed specifically for the Linux kernel. Part of the Linux kernel 5.4 branch, it is a feature that must be activated. Its default mode is off, simply because it can negatively affect existing systems. However, the primary function of lockdown is to prevent root account interactions with kernel code. By strengthening this divide, Lockdown counters potentially dangerous interactions that have been possible since the launch of the Linux OS. Once lockdown has been activated, there will be limitations on kernel functionality, but these will make it significantly more difficult for root accounts that have been compromised to affect the rest of the OS.
-
Here’s why you should be wary of installing anything that sets SELinux to permissive
In the world of Android modding, people tend to regard root access as the cornerstone of all things. It allows users to take complete control of their devices and add features that aren’t always available in the stock configuration. But as they say — “with great power comes great responsibility” — it’s not wise to bypass Android’s security model unless you know what you’re getting into. For veteran Android enthusiasts on our forums, you are probably aware of the potential for backdoors to exist on your device, and you are more likely to be running a trusted root-enabled mod on top of the latest Android version with the latest security patches. Having said that, you might know a few people who don’t really care about what root tweaks they install so long as they seemingly work for them. This is why you can still find a truckload of mods that only work when SELinux is set to permissive, which, in turn, leave their users extremely susceptible to security threats.
[...]
For a user to get full root access on their own device running Android 10 (or higher) with SELinux set to permissive is shockingly easy to do: All you have to do is press install, and “Magica” will automatically gain root access in a service and install Magisk to the boot image. This is something far wider in scope than just tweaking your device. According to XDA Senior Recognized Developer and Magisk maintainer topjohnwu, any arbitrary app, including malware, can permanently root your device without your consent and permission by utilizing the PoC.
- Login or register to post comments
Printer-friendly version
- Read more
- 1151 reads
PDF version

More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Tor and Mozilla/Firefox
| Games: Assassin’s Greed, Yorg, Wanted Raccoon and More
|
10 Best Compression Tools for Linux
File compression is an integral part of system administration. Finding the best compression method requires significant determination. Luckily, there are many robust compression tools for Linux that make backing up system data easier. Here, we present ten of the best Linux compression tools that can be useful to enterprises and users in this regard.
[...]
A plethora of reliable Linux compression tools makes it easy to archive and back up essential data. You can choose from many lossless compressors with high compression ratios such as LZ4, lzop, and bzip2. On the other hand, tools like Zstandard and plzip allow for more advanced compression workflows.
| Security Leftovers
|
Recent comments
38 min 53 sec ago
7 hours 5 min ago
7 hours 35 min ago
7 hours 39 min ago
20 hours 47 min ago
21 hours 56 min ago
1 day 22 min ago
1 day 3 hours ago
1 day 4 hours ago
1 day 4 hours ago