EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.07.10

Security Disinformation

Posted in Free/Libre Software, FUD, Microsoft, Security at 8:57 am by Dr. Roy Schestowitz

Measuring electricity

Summary: Latest OpenSSL FUD and Microsoft’s Howard Schmidt’s role informing the public about cyber-security risks

OUR complaints about The Register have intensified recently [1, 2, 3, 4] because of poor articles like this one (see the comments).

The Register spreads FUD about OpenSSL (not the first such smear, after comparisons to "communism" too) and Bradley M. Kuhn from the SFLC has responded as follows:

Ok, Be Afraid if Someone’s Got a Voltmeter Hooked to Your CPU

Boy, do I hate it when a FLOSS project is given a hard time unfairly. I was this morning greeted with news from many places that OpenSSL, one of the most common FLOSS software libraries used for cryptography, was somehow “severely vulnerable”.

I had a hunch what was going on. I quickly downloaded a copy of the academic paper that was cited as the sole source for the story and read it. As I feared, OpenSSL was getting some bad press unfairly. One must really read this academic computer science article in the context it was written; most commenting about this paper probably did not.

First of all, I don’t claim to be an expert on cryptography, and I think my knowledge level to opine on this subject remains limited to a little blog post like this and nothing more. Between college and graduate school, I worked as a system administrator focusing on network security. While a computer science graduate student, I did take two cryptography courses, two theory of computation courses, and one class on complexity theory. So, when compared to the general population I probably am an expert, but compared to people who actually work in cryptography regularly, I’m clearly a novice. However, I suspect many who have hitherto opined about this academic article to declare this “severe vulnerability” have even less knowledge than I do on the subject.

There are much bigger problems to worry about, such as the latest news about Windows botnets [1, 2, 3]. The authors of the Windows exploit might not even face a jail sentence, based on this report.

Three Spanish men were arrested last month for allegedly building an international network of more than 12 million hacked PCs that were used for everything from identity theft to spamming. But according to Spanish authorities and security experts who helped unravel the crime ring, the accused may very well never see the inside of a jail cell even if they are ultimately found guilty, due to insufficient cyber crime legislation in Spain.

Regarding this new article about Scott Charney’s outrageous remarks [1, 2] (he worked for the US government before Microsoft hired him), Groklaw wrote 3 days ago: “First Microsoft fills the world with security issues and problems, then it wants the public to be taxed to fix them? I think Microsoft needs to fix its own software itself.” Microsoft’s own negligence [1, 2, 3] ought to have Microsoft bear the bill.

Howard Schmidt, the US Cyber Czar who came directly from Microsoft [1, 2, 3, 4], claims/pretends that there is no problem, even though many firms that include Google were intruded due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] (there are more security patches coming shortly). Even Google source code got grabbed. [via]

Operation Aurora continues to be a hot topic inside and outside of security circles. At this week’s RSA Conference in San Francisco many conversations are on the topic of the attacks that hit Google and dozens of other companies in January.

These reports indicate that proprietary source code got nicked from Google. Microsoft also nicks proprietary source code from companies/projects like Plurk [1, 2, 3, 4], which probably puts the Redmond-based company at the same side as the crackers.

“Cyberwar Hype Intended to Destroy the Open Internet,” says this report from Wired. [via]

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net-neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering. He’s the nice-seeming guy who’s willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those who are not in the know.

And on the other hand, on the same occasion we find that “US urges ‘action’ needed to fight net attacks,” according to the BBC.

Homeland Security secretary Janet Napolitano has admitted there is an urgent need to step up efforts to protect Americans from cyber attacks.

They seem to contradict themselves. Now they claim to be looking for ideas:

Homeland Security wants to pick your brains

[...]

The lucky winners will be invited to an event in Washington DC in late May or early June. They’ll get to partner with the department to lead in the planning of the National Cybersecurity Awareness Campaign, due to launch in October.

Over at CNET, Dennis O’Reilly has this new article about “five ways to keep your [Windows] PC free of viruses and Trojans”. Here is one of his suggestions.

If you can’t give up Windows, you may still be able to install Linux on an old PC or in a partition of your Windows PC. Then you can use that system (or partition) whenever you engage in any sensitive computer activities. You’ll find instructions for dual-booting Windows and the Ubuntu version of Linux on the Ubuntu Community Documentation site.

Thumbs up to Dennis.

“Usually Microsoft doesn’t develop products, we buy products. It’s not a bad product, but bits and pieces are missing.”

Arno Edelmann, Microsoft’s European business security product manager

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    March 7, 2010 at 12:39 pm

    Gravatar

    Everyone should email the DHS and tell them what the message should be, not how to carry it. They message should be to Stop Using Windows and move to free software.

    cyberchallenge@dhs.gov

    It is doubtful DHS will publish such a message but it would be good to let them know what the real consensus opinion is. If you read BN without TOR, you are already on their list of trouble makers. Go ahead and let them know what you really think.

What Else is New


  1. European Patents Losing Their Appeal, Lustre and Glamour

    Years of assaults on EPO staff — including EPO judges — have taken their toll and the quality of patents is nothing like it used to be



  2. Software Freedom and The U.S. Constitution

    “We need to stand for the freedom to not use the software — we need to enjoy that freedom without giving up the rest of the existing Free software ecosystem.”



  3. IRC Proceedings: Saturday, December 14, 2019

    IRC logs for Saturday, December 14, 2019



  4. Links 15/12/2019: Wine 5.0 RC1 Released, KDE Frameworks 5.65.0, Qubes OS 4.0.2 RC3

    Links for the day



  5. It Matters a Lot What You Call the System

    Why the best name for the best operating system would be "GNU", not "Linux" (media has twisted the words so as to marginalise GNU and its politics/philosophy)



  6. Only the EPO Goes as Far as Bribing Publishers (the Media) to Promote Software Patents and Publish Fictional Stories

    The world’s patent offices are growing tired of granting software patents which courts later toss out (because these patents are not valid); not only does the EPO advocate such patents — typically using a bundle of buzzwords — it’s also bribing the media to help



  7. EU Needs to Show That It Cares About SMEs and Not 'European Champions' That Are Actually Foreign Monopolies

    Judging by the EU’s nearly blind and unconditional support for the management of the EPO — no matter how abusive and corrupt it has gotten — one has to wonder if the ex-EU official in charge of the EPO reveals a profound democracy deficit as well as growing dangers to Europe’s businesses — the productive firms to which patent maximalism often represents far more risk than opportunity



  8. Guest Article: The Free Software Movement Should Come Out From the Box

    "From now onwards we have to think from a user’s rights perspective and mobilise users of Free software. They should know what rights they ought to get."



  9. IRC Proceedings: Friday, December 13, 2019

    IRC logs for Friday, December 13, 2019



  10. Links 13/12/2019: QEMU 4.2.0, GNU Guile 2.9.7

    Links for the day



  11. Links 13/12/2019: Zorin OS 15.1, Vim 8.2

    Links for the day



  12. Linux Foundation Has Outsourced All the Licence Compliance Stuff to Microsoft, a Serial GPL Violator

    OpenChain Specification/OpenChain Project and Automated Compliance Tooling (ACT) are yet more examples -- the latest of many -- of the Linux Foundation being outsourced to Microsoft, not only for code but also documentation and hosting



  13. IRC Proceedings: Thursday, December 12, 2019

    IRC logs for Thursday, December 12, 2019



  14. Copyleft: Keeping Code Free

    Now that news about "Linux" is dominated by promotion of proprietary software we ought to remember what perpetrators of such a strategy seek to eliminate



  15. Plans That Worked, Plans That Failed

    "I am still looking for good news, but the more good I try to find, the more nastiness I uncover. This is by far, Free software's worst year ever. 2019 Sucks!"



  16. Links 12/12/2019: KDE Applications 19.12, Qt Creator 4.11, New VirtualBox

    Links for the day



  17. Brand Dilution in Action

    Microsoft's proprietary software which spies on people and businesses is getting a "free ride" on the "Linux" brand; and nobody seems to care, nobody seems to notice how perverse that it



  18. At the EPO Money -- Not Quality -- is King

    Financiers are ruining quality



  19. The EPO's Strategic Failure 2023

    Potemkin social dialogue



  20. IRC Proceedings: Wednesday, December 11, 2019

    IRC logs for Wednesday, December 11, 2019



  21. EPO Promoting Software Patents in Countries Where These Are Illegal

    The EPO's vision of 'unitary' software patents (patents on algorithms in countries that disallow such patents, as per their national laws) won't materialise, but in the meantime a lot of Invalid Patents (IPs) are granted in the form of European Patents (EPs) and this is wrong



  22. We Support GNU and the FSF But Remain Sceptical and Occasionally Worry About an RMS-less FSF

    Richard Stallman (RMS) is not in charge of the FSF anymore (it's Stallman who created the FSF) and there's risk the decisions will be made by people who don't share Stallman's ethics or the FSF's spirit



  23. Links 11/12/2019: Huawei Lobbied by Microsoft (Because of GNU/Linux) and Microsoft Still Googlebombs Linux to Promote 'Teams'

    Links for the day



  24. Links 11/12/2019: Edge Native Working Group, CrossOver 19.0 Released

    Links for the day



  25. Instead of Fixing Bug #1 Canonical/Ubuntu Contributes to Making the Bug Even More Severe (WSL/EEE)

    Following one seminal report about Canonical financially contributing to Microsoft's EEE efforts — celebrated openly by GNU/Linux opponentsclosing bug #1 Ubuntu basically decided not that it was fixed but that it would no longer attempt to fix it (“wontfix”)



  26. IRC Proceedings: Tuesday, December 10, 2019

    IRC logs for Tuesday, December 10, 2019



  27. Today's Example of Microsoft's Faked 'Love'

    “On 7 September 2017, users began noticing a message that stated “Skype for Business is now Microsoft Teams”. This was confirmed on 25 September 2017, at Microsoft’s annual Ignite conference,” according to Wikipedia



  28. Links 10/12/2019: Kubernetes 1.17, Debian Init Systems GR

    Links for the day



  29. 'Cancel Culture' as 'Thoughtpolice' Creep

    Richard Stallman spoke about an important aspect of censorship more than 2 decades ago (before “Open Source” even existed); it was published in Datamation (“Censoring My Software”) 23 years before a campaign of defamation on the Internet was used to remove him from MIT and FSF (censoring or ‘canceling’ Stallman himself)



  30. Microsoft Still Hates GNU/Linux and Mark Shuttleworth Knows It (But He is Desperate for Money)

    We're supposed to believe that a PR or image management (reputation laundering) campaign alone can turn Microsoft from GNU/Linux foe into friend/ally


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts