EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

07.31.09

Security FUD Against GNU/Linux

Posted in Apple, FUD, GNU/Linux, Microsoft, Security, Windows at 1:59 pm by Dr. Roy Schestowitz

Mask

Summary: Sightings of security FUD against GNU/Linux in the news

MICROSOFT WINDOWS never had the reputation of a secure platform. In fact, just a short while ago a new kernel vulnerability was found in Windows. To give the gist of the issue:

A local user can invoke NtUserConsoleControl() in ‘win32k.sys’ to execute arbitrary code on the target system with elevated privileges.

There is also this new report from Heise and many more that we shared over the past few days (the last one came yesterday morning).

Microsoft has issued updates for Internet Explorer and Visual Studio “out of band”, between the regular monthly patch days, to mend the ActiveX support of Internet Explorer. Additionally, these updates plug another three critical security vulnerabilities in the browser. All versions, including Internet Explorer 8, are affected.

This brings us to the following new article from Forbes, which states:

Virtual machines, which perform like physical machines but are simulated with software, have fewer sources of entropy: Linux-based virtual machines, for instance, gather random numbers only from the exact millisecond time on their internal clocks. And that source isn’t enough to generate strong keys for encryption, Stamos argues. “Normally there’s enough variation that after a while your operating system can gather up the entropy it needs to provide you with secure random numbers,” he says. “The fundamental issue is that with virtualized hardware, many of those random variations don’t exist.”

[...]

If a malicious hacker were to set up his or her own Linux virtual machine in Amazon’s EC2 cloud service, for example, he or she could use that machine’s entropy pool to better guess at the entropy pools of other recently created Linux-based virtual servers in Amazon’s cloud, Stamos posits.

What does that have to do with GNU/Linux? Why does Forbes conveniently assume that only “Linux” can suffer from this co-allocation issue? If it is not intended to daemonise GNU/Linux, then it might be worth correcting.

Carla has just found another new example that she wrote about in length. She addresses the whole “obscurity” argument, noting that:

Linux permeates every possible segment of tech– routers and networking devices, home and business automation, security and surveillance systems, phones, netbooks and other consumer mobile devices, desktops, vehicles, media servers and settop boxes; it’s already a major player in the datacenter, server room, mainframes, clusters, and supercomputing. Linux runs on multiple CPU architectures. So a Windows-type Trojan horse or worm on Linux should have a much more catastrophic effect because of Linux’ much greater reach.

According to Roughly Drafted Magazine, Rupert Murdoch’s Fox is taking shots at Mac OS X as well.

Fox News reports new Mac virus that is neither Mac nor viral nor new

A report published by Fox News says that “online criminals are apparently so impressed with its scorching sales they are sending Macintosh computers an attack typically aimed at” Windows PCs. The story then falls apart in series of inept contradictions.

The press loves pretending that Windows is never the culprit, despite compelling evidence that these very same outlets/publications are most certainly aware of the culprit.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. The Court of Appeals for the Federal Circuit (CAFC) Gradually Champions Patent Quality, in a Spectacular Reversal on Its Past Ways

    Some of the latest actions and decisions from the Federal Circuit, which originally brought software patents to the United States and is now taking them away, gradually



  2. The Mohawk-PTAB Fiasco Threatens the Tribe's Reputation More Than It Threatens PTAB

    In an effort to dodge scrutiny from the Patent Trial and Appeal Board (PTAB), Allergan Plc offloaded a lot of negative publicity onto the Mohawk people, owing primarily to the Mowhawk Tribe's general counsel, Dale White



  3. Latest EPO Rumours Allege That Benoît Battistelli Rigged the Process of EPO President's Selection

    António Campinos is quite likely the next EPO President, as insiders suspect that many applications for the job got rejected politically



  4. Links 23/9/2017: Mesa 17.1.10 RC, Samba 4.7.0, KStars 2.8.4

    Links for the day



  5. Courts Are Losing Patience for Gilstrap's Unbridled Support of Patent Trolls

    The man whose court has become a trolling ‘factory’ is being refuted (but not reprimanded) by the CAFC, which certainly can see that something is amiss and serves to discredit the system as a whole



  6. Intellectual Ventures, GNU/Linux/Android/FOSS Patents, and the Ascent of European Patent Trolls

    The existing status of GNU/Linux in a world full of patent trolls, which not only target OEMs from Asia -- typically in the US -- but are also dragging them into Europe, aided by the EPO's 'patent bubble'



  7. Shelston IP Blames “Well-Organised and Appropriately-Connected Open Source Lobby” for Ban on Software Patents

    The activism is working and foes of programmers are feeling the pressure, for software patents are being more explicitly banned in some countries



  8. The EPO's Latest Lies About the UPC and SMEs Unraveled, Long-Term Plan Described as Daunting

    The vision of Battistelli and the latest lies (about SMEs) are being criticised anonymously -- for fear of retaliation -- as Europe braces for impact with patent trolls from all around the world



  9. In an Effort to Push the Unitary Patent (UPC), EPO and the Liar in Chief Spread the Famous Lie About SMEs

    The EPO wants people to hear just a bunch of lies rather than the simple truth, courtesy of the people whom the EPO proclaims it represents



  10. Links 21/9/2017: Red Hat's Open Source Patent Promise; Qt 5.6.3, Kali Linux 2017.2 Release

    Links for the day



  11. East Asia's Patent Peril and the Curse of Patent Trolls

    The high cost of China's new obsession with patents and the never-ending saga of Samsung (Korea), which gets dragged into courts not only in the US but also in China



  12. USPTO Starts Discriminating Against Poor People, and Does So Even When They Rightly Point Out Errors

    Even though the burden of proof ought to be on one who grants a monopoly, the legal costs are being offloaded onto those who challenge an erroneously-granted monopoly (even if the court sides with the challenger)



  13. Ambrose Chan Enters Document Security Systems (DSS), a Partly Patent Troll Entity

    The Board of Directors of DSS enlists a man from Singapore, whose lack of technical background suggests that the company is still more of a bully than an innovator



  14. UPC Threatens to Weaponise Software Patents in Countries That Forbade These

    The reality of software patents in Europe and what a Unified Patent Court (UPC) would mean for these if it ever became a reality



  15. The Latest Lies About the Unitary Patent (UPC) and CIPO's Participation in Those

    Team UPC continues to overplay its chances, conveniently ignoring simple facts as well as the Rule of Law



  16. The Patents Policy of Facebook is Causing an Exodus

    Yet another major player walks away from Facebook's code because of software patents



  17. Links 20/9/2017: Wine Staging 2.17, Randa 2017, Redox OS 0.3.3

    Links for the day



  18. When Google Used Alex Converse to Raid the Public Domain With Software Patents

    In its overzealous pursuit of software patents, Google is now turning public domain methods into private 'property' (in defiance of critics)



  19. Mark Kokes, the Man Behind BlackBerry's Patent Aggression, Leaves the Company

    The man behind the patent troll-like behaviour of BlackBerry is leaving



  20. WordPress Demonstrates That Facebook's Patent Strategy is Deterring/Alienating Developers

    React is being dumped following Facebook's attempt to restrict distribution/derivatives using software patents



  21. Links 19/9/2017: Pipewire, Mir Support for Wayland, DRM in W3C

    Links for the day



  22. Links 18/9/2017: Linux 4.14 RC1, Mesa 17.2.1, and GNOME 3.26 on Ubuntu Artful

    Links for the day



  23. Patent Trolls Update: Eolas, Conversant (MOSAID), Leigh Rothschild, and Electronic Communication Technologies

    Patent trolls are still being watched -- as they ought to be -- even though some of them shy away, hide from the media, engage in dirty tricks, and file more lawsuits



  24. Microsoft is Promoting Software Patents in India in Another Effort to Undermine Free/Open Source Software, Microsoft-Connected Trolls Are Still Suing

    The ongoing patent threat to Free/libre Open Source software (FLOSS) and the role played by Microsoft in at least much of this threat



  25. Patent Trial and Appeal Board (PTAB) Under Attack by IBM and Other Patent Parasites Who Undermine Patent Quality

    The PTAB, which has thus far invalidated thousands of abstract/software patents, is under a coordinated attack not by those who produce things but those who produce a lot of lawsuit



  26. Why the Mohawk Tribe Should Fire Its Lawyers and Dump the Patents Which Now Tarnish Its Name

    In order to dodge the Patent Trial and Appeal Board (PTAB) with its Inter Partes Reviews (IPRs), the Mohawk tribe is being exploited -- very much in direct detriment to its reputation and status



  27. Amazon and Google Have Both Become Part of the Software Patents Problem

    The transition from so-called 'defensive' patents to offensive patents (ones that are used to suppress competition) as seen in Amazon and in Google, which is already suing rivals and is pursuing additional patents by acquisition



  28. Unless Physical, Inventions Are No Longer Patent-Eligible in US Courts, But USPTO Ignores Precedence

    Even though the ability to enforce software patents against a rival (or many targets, especially in the case of patent trolls) is vastly diminished, the US patent office continues to grant these



  29. Citing the European Patent Convention, Spanish Court Tosses Lawsuit With EPO-Granted European Patent

    The quality of European Patents (EPs) -- a subject of growing levels of scrutiny -- as demonstrated in Barcelona this summer



  30. Links 16/9/2017: More of “Public Money, Public Code”, Equifax Failed to Patch for Months

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts