Bonum Certa Men Certa
Fake Numbers and Possible GPL Violations at Goldman Sachs | Microsoft Clarifies That Making Money in Mobile Market by Extorting Makers of Linux Phones is the Plan

Wikileaks/Cablegate Reveals That Microsoft Gave Windows Source Code to TOPSEC, Which Trains and Employs Chinese Cyberspies

Kevin Mitnick
Putting Windows source code in the hands
of the Kevin Mitnicks of China



Summary: Microsoft equips private companies -- not just governments -- with just what they need to intrude all Windows-running computers, namely a key to potential remote access without liability

NOT just incompetence and negligence [1, 2, 3] are the cause of Microsoft's security problems. Based on Cablegate leaks, it is possible that Microsoft's secret (and poorly audited) code is exploited so often in China because Microsoft gives them access to this source code (which security researchers in the West cannot see and scrutinise prior to release in binary form).



Several days ago we showed some Egypt cables (prior to Wikileaks being targeted by censors) and it helped show just how closely Microsoft works with governments on 'security'. The Guardian noticed this independently from us and highlighted the following block (filed under "US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears"):

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded "network attack scientific research projects." From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC's use of its "private sector" in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)


So, not just governments are getting access to source code. The "agreement with Microsoft... allowed select companies such as TOPSEC access to MICROSOFT source code in order to secure the Windows platform." Here it is in raw form. "TOPSEC that trains most of china cyberspys," Oiaohm quotes from it. "It's in that cable," he says. He then gives another direct quote from the cable: "TOPSEC provides services and training for the PLA and has recruited hackers in the past." On this one he remarks: "Then latter on in the cable to says they have been granted access to MS source code." The remainder can be read in our latest IRC logs, which make operation of this Web site entirely transparent, unlike governments. "Security by obscurity is that you don't give the source code to the people attacking your system," Oiaohm adds and "[i]If you are not using Security by obscurity you might as well publish the source code for everyone to see... At least then you have a better chance that truful ones will tell you where the flaws are." (typos corrected)

“Proper obscurity can be done with open source”
      --OiaohmHe continues: "that cable is a security research document in what the hell has gone wrong... That the USA was being breached so much... Also if you dig deeper the USA side is doing the same thing... Both are trying to use closed source to give them a cyberadvantage while both have access to the source code... Proper obscurity can be done with open source... Each system must be able to have many different combinations in its security system to attacker is not quite sure what he will be walking into... So attacks take longer to develop... MS Windows where most installs have basically the same security config... Basically have a obscurity level of nothing."

Another cable speaks of an "invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious". Microsoft is mostly mentioned negatively (for security reasons) in Cablegate, at least thus far. What will be revealed in the remaining 99% of Cablegate (the part which has not been published yet)?

In actual security news (not leaks of old confidential reports), Vista 7 is being bricked by software which claims to improve Windows security:

THOSE WHO ARE RUNNING 64-bit Windows 7 systems should not download the update for AVG Technologies' AV software.

AVG has withdrawn the update after complaints that the update completely bricked systems by forcing computers to go into an infinite crash loop.


Users of GNU/Linux and BSD never have such problems. Why won't the US government encourage adoption of Free software, whose transparency makes it secure? It's the same fallacy about secrecy which toppled both Windows security and now the US government. It arguably censors Wikileaks more zealously than other governments.

Comments

Fake Numbers and Possible GPL Violations at Goldman Sachs | Microsoft Clarifies That Making Money in Mobile Market by Extorting Makers of Linux Phones is the Plan

Recent Techrights' Posts

Over at Tux Machines...
GNU/Linux news for the past day
 
Microsoft Layoffs and Closures Now Reported in Africa
Microsoft Uninstalls Nigeria as it closes African Development Centre (ADC) in Lagos
Support for harassment and abuse victims
Reprinted with permission from Daniel Pocock
Gemini Links 09/05/2024: Being Sick Enough and End of “World of Ends“
Links for the day
Links 09/05/2024: 'Hey Hi' (AI) Bubble Implodes Some More, Microsoft Layoffs So Widespread It's Hard to Keep Track
Links for the day
Speaking of Enshittification and Freedom, We've Still Not Begun Tackling the UEFI 'Secure' Boot Mess (Preventing GNU/Linux From Even Booting!)
Microsoft continues to fly under the radar and commit competition crimes with impunity
Microsoft Has Just Confirmed Mass Layoffs in Nigeria, It Now Adds Insult to Injury With Price Hikes for Locals
It's not like Microsoft paid them good salaries
Software Enshittification or Freedom? It's not a hard choice!
Reprinted from Alexandre Oliva
Links 09/05/2024: More Microsoft Layoffs on the Way
Links for the day
Amid Microsoft Layoffs in Nigeria GNU/Linux Climbs Above 6% Market Share (Not Including ChromeOS)
Hundreds are being laid off by Microsoft in Nigeria, based on yesterday's reports
[Meme] Blame the Robots or the 'Hey Hi' (AI), It Always Works in Today's Media
Companies do not have financial troubles! They have "efficiencies"...
News Reports Say Many More Microsoft Layoffs on the Way, Rumours Say Red Hat Also Imminently a Target
Microsoft is slipping out of control
Links 09/05/2024: Diplomacy Efforts With China, AstraZeneca Stops Experimenting With COVID-19 Vaccines
Links for the day
IRC Proceedings: Wednesday, May 08, 2024
IRC logs for Wednesday, May 08, 2024
Gemini Links 09/05/2024: Registered Computer Professionals and TLS (The Long Slog)
Links for the day
Links 08/05/2024: Android Malware and "AI" Hype
Links for the day
[Meme] Technical Committee With People Who Are Not Technical
the computing/computer industry being occupied by people who lack suitable background
The Demise of Computer Science Education
Education is essential for the future; without it, whole nations will perish
[Video] Prisons for the Minds and for Tech Workers
Today's video talks about what happens to workforces (across disciplines) in recent years
[Meme] Struggling to Leave Its Nazi Past Behind
digital arson
Microsoft Declines to Talk About How Many People It Has Just Laid Off
Hours ago in IGN: "Microsoft did not say how many staff will lose their jobs, but significant layoffs are inevitable. IGN has asked Bethesda for comment. Microsoft declined to expand further when contacted by IGN."
Microsoft Windows in South America: From 99% to 87%
the latest from statCounter
It's Rather Obvious Why They Try to Silence Richard Stallman, Eben Moglen, and Daniel Pocock
Some of them already sent physically menacing messages to Daniel Pocock
IRC Network of Techrights Turns 3 (or 16 if We Count the Freenode Days)
In a few months IRC turns 36
Sedating Oneself (and Shareholders) With Fuzzy Buzzwords and Pointless Acquisitions
IBM trying to buy time
Clickfraud Spamnil Ran Out of Clickfraud Budget, Apparently
sooner or later charlatans and frauds run out of steam
Techrights Gets Under the Skin of Bad, Corrupt, Immoral People (That's a Good Thing)
Journalism is the lifeblood of democracy and free societies
Companies Do Not Shut Down Offices and Lay Off Staff en Masse (Morale and Reputation Issue) Unless They're in Deep Financial Trouble
Microsoft has been faking its financial performance for years
IRC Proceedings: Tuesday, May 07, 2024
IRC logs for Tuesday, May 07, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Video] Leaving Microsoft Behind for the Sake of National Security
Threats to "National Security" aren't some users with an Android phone but Microsoft at the root of things
GNU/Linux and ChromeOS Now at 6% in France, According to statCounter
numbers from statCounter
Gemini Links 07/05/2024: Music Spotlight and Network Knobs
Links for the day
Only Weeks After Microsoft Closed Offices and Studios It is Closing Several More (Many Layoffs, Still Deeply Debt-Saddled)
When the sad news writes itself
Bolivarian Republic Of Venezuela: GNU/Linux Reaches 9% (ChromeOS Included)
Venezuela must have lost interest in some American proprietary software when users were locked out of their own data (Adobe) and the costs could no longer be justified
[Video] Microsoft is Like Big Oil, Big Tobacco, and Other Perpetrators of Fear, Uncertainty, Doubt/Fear-mongering
openwashing, Microsoft lobbying, and Microsoft subsidies (e.g. bailouts in the form of 'defence' contracts)
Security & Debian: Urgent: New Feed URLs after another WIPO censorship
Reprinted with permission from Daniel Pocock
World Press Freedom Day: WIPO censors Debian suicide cluster
Reprinted with permission from Daniel Pocock
Gemini Links 07/05/2024: Smashing Windows (Moving to GNU/Linux) and Mastodon Time-wasting
Links for the day
Links 07/05/2024: Pulitzer for Supreme Court Expose, New Threats to Media Reported
Links for the day
Links 07/05/2024: Cheap EVs and Cloudflare Layoffs
Links for the day
Berlin police declined to investigate FSFE Nazi comparisons
Reprinted with permission from Daniel Pocock
[Meme] Communities Governed by Parasitic Elements and Girlfriends (Who Can't Understand Those Communities)
Karen Sandler and Molly de Blanc present at DebConf18
[Meme] You Can't Kill an Idea (or Facts)
Thankfully, in Western societies, there's still due process, rule of law etc. You don't just hire assassins or imprison critics
[Meme] Software in the Public Interest (SPI), Inc, Values Articles of Daniel Pocock at ~$5,000 Each (and Fails to Hide the Facts)
we are laughing, not grieving
IRC Proceedings: Monday, May 06, 2024
IRC logs for Monday, May 06, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] About 2,564 Internet Sites Now at Risk of Hostile Takeover by Microsoft-Sponsored Software in the Public Interest (SPI)
WIPO censors Debian suicide cluster
Links 07/05/2024: Burning Plastic Waste, Facebook Censoring Politicians
Links for the day
Gemini Links 07/05/2024: Smashing Windows (Microsoft Losing Users to GNU/Linux), Sixty Years of BASIC
Links for the day