EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.07.10

Security Disinformation

Posted in Free/Libre Software, FUD, Microsoft, Security at 8:57 am by Dr. Roy Schestowitz

Measuring electricity

Summary: Latest OpenSSL FUD and Microsoft’s Howard Schmidt’s role informing the public about cyber-security risks

OUR complaints about The Register have intensified recently [1, 2, 3, 4] because of poor articles like this one (see the comments).

The Register spreads FUD about OpenSSL (not the first such smear, after comparisons to "communism" too) and Bradley M. Kuhn from the SFLC has responded as follows:

Ok, Be Afraid if Someone’s Got a Voltmeter Hooked to Your CPU

Boy, do I hate it when a FLOSS project is given a hard time unfairly. I was this morning greeted with news from many places that OpenSSL, one of the most common FLOSS software libraries used for cryptography, was somehow “severely vulnerable”.

I had a hunch what was going on. I quickly downloaded a copy of the academic paper that was cited as the sole source for the story and read it. As I feared, OpenSSL was getting some bad press unfairly. One must really read this academic computer science article in the context it was written; most commenting about this paper probably did not.

First of all, I don’t claim to be an expert on cryptography, and I think my knowledge level to opine on this subject remains limited to a little blog post like this and nothing more. Between college and graduate school, I worked as a system administrator focusing on network security. While a computer science graduate student, I did take two cryptography courses, two theory of computation courses, and one class on complexity theory. So, when compared to the general population I probably am an expert, but compared to people who actually work in cryptography regularly, I’m clearly a novice. However, I suspect many who have hitherto opined about this academic article to declare this “severe vulnerability” have even less knowledge than I do on the subject.

There are much bigger problems to worry about, such as the latest news about Windows botnets [1, 2, 3]. The authors of the Windows exploit might not even face a jail sentence, based on this report.

Three Spanish men were arrested last month for allegedly building an international network of more than 12 million hacked PCs that were used for everything from identity theft to spamming. But according to Spanish authorities and security experts who helped unravel the crime ring, the accused may very well never see the inside of a jail cell even if they are ultimately found guilty, due to insufficient cyber crime legislation in Spain.

Regarding this new article about Scott Charney’s outrageous remarks [1, 2] (he worked for the US government before Microsoft hired him), Groklaw wrote 3 days ago: “First Microsoft fills the world with security issues and problems, then it wants the public to be taxed to fix them? I think Microsoft needs to fix its own software itself.” Microsoft’s own negligence [1, 2, 3] ought to have Microsoft bear the bill.

Howard Schmidt, the US Cyber Czar who came directly from Microsoft [1, 2, 3, 4], claims/pretends that there is no problem, even though many firms that include Google were intruded due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] (there are more security patches coming shortly). Even Google source code got grabbed. [via]

Operation Aurora continues to be a hot topic inside and outside of security circles. At this week’s RSA Conference in San Francisco many conversations are on the topic of the attacks that hit Google and dozens of other companies in January.

These reports indicate that proprietary source code got nicked from Google. Microsoft also nicks proprietary source code from companies/projects like Plurk [1, 2, 3, 4], which probably puts the Redmond-based company at the same side as the crackers.

“Cyberwar Hype Intended to Destroy the Open Internet,” says this report from Wired. [via]

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net-neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering. He’s the nice-seeming guy who’s willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those who are not in the know.

And on the other hand, on the same occasion we find that “US urges ‘action’ needed to fight net attacks,” according to the BBC.

Homeland Security secretary Janet Napolitano has admitted there is an urgent need to step up efforts to protect Americans from cyber attacks.

They seem to contradict themselves. Now they claim to be looking for ideas:

Homeland Security wants to pick your brains

[...]

The lucky winners will be invited to an event in Washington DC in late May or early June. They’ll get to partner with the department to lead in the planning of the National Cybersecurity Awareness Campaign, due to launch in October.

Over at CNET, Dennis O’Reilly has this new article about “five ways to keep your [Windows] PC free of viruses and Trojans”. Here is one of his suggestions.

If you can’t give up Windows, you may still be able to install Linux on an old PC or in a partition of your Windows PC. Then you can use that system (or partition) whenever you engage in any sensitive computer activities. You’ll find instructions for dual-booting Windows and the Ubuntu version of Linux on the Ubuntu Community Documentation site.

Thumbs up to Dennis.

“Usually Microsoft doesn’t develop products, we buy products. It’s not a bad product, but bits and pieces are missing.”

Arno Edelmann, Microsoft’s European business security product manager

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Google Bookmarks

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    March 7, 2010 at 12:39 pm

    Gravatar

    Everyone should email the DHS and tell them what the message should be, not how to carry it. They message should be to Stop Using Windows and move to free software.

    cyberchallenge@dhs.gov

    It is doubtful DHS will publish such a message but it would be good to let them know what the real consensus opinion is. If you read BN without TOR, you are already on their list of trouble makers. Go ahead and let them know what you really think.

What Else is New


  1. Monopoly Abuse, Still: Microsoft Pays Projects to Embrace/Move to C#, GitHub and Visual Studio

    Microsoft's greatest of efforts to lull regulators into inaction and fool us all into thinking that things have changed are undone by actual behaviour, which is abusive, anti-competitive and just... typical Microsoft



  2. Links 4/7/2020: Grml 2020.06 and diffoscope 150 Released

    Links for the day



  3. [Humour/Meme] Don't Let a COVID Crisis Go to Waste When You're Eager to Find Excuses for Many Layoffs and Shutdowns

    Microsoft business units that were defunct (long-failing, well before COVID-19) are being thrown out and Microsoft exploits a virus to rationalise these decisions while spicing up media coverage with "Hey Hi" (AI) and "virtual" experience or Facebook (to give the false impression that nothing really goes away)



  4. Free Software Tackles Political Issues. Political Tactics Are Also Being Weaponised Against Free Software.

    Divide-and-rule tactics seem to have been exploited to weaken collaborative work on Free/libre software; the response to these tactics needs to start with realisation that this is going on (even if it's done in a somewhat clandestine nature)



  5. Offence and Racism

    o those in positions of power and privilege (financial) you are controllable by guilt; dividing us and causing us to feel guilt and fear (over potential offence) is a powerful social control mechanism and pretext for dismissal, censorship, humiliation



  6. Links 3/7/2020: TrueNAS 12 Beta 1, Librem 13 Product Line

    Links for the day



  7. [Humour] European Patents Only Useful Outside the Legal Framework?

    Patents that aren't valid in the eyes of courts would best serve patent trolls that settle out of courts, en masse



  8. Microsoft's Share in Web Servers Rapidly Falls to Just 4.5% (Falling More Than 5% in a Single Month)

    Microsoft's share as measured at Netcraft (de facto authority in this area) is rapidly declining; expect IIS to go the way of the dodo some time in the coming years



  9. The Lock-downs Are Over and Still Zero Media Coverage About EPO Scandals and Corruption

    The appalling state of journalism in Europe (and to some extent in the world at large) means that the EPO's management can get away with all sorts of horrible crimes and fraud; the silencing of the media is, in its own right, quite scandalous



  10. IRC Proceedings: Thursday, July 02, 2020

    IRC logs for Thursday, July 02, 2020



  11. “Microsoft's Deadly Love” by Alessandro Ebersol (Agent Smith)

    Full credit goes to PCLOS Magazine for publishing this good piece, which we’re reproducing



  12. Links 2/7/2020: Microsoft Partner Says GNU/Linux Share in Desktops/Laptops at 4% Even After Lock-downs, OpenSUSE Leap 15.2 and Mageia 8 Alpha 1 Released

    Links for the day



  13. Why People Should Never Ever Use DuckDuckGo

    DuckDuckGo is another privacy abuser in disguise; the above forum thread enumerates key reasons



  14. After 2 Years and 2 Days António Campinos is a Perfect Leader, Fostering EPO Abuses While Smiling

    EPO corruption persists, but this time the corruption enjoys better marketing/PR and complicit (or at best silent) media



  15. [Humour] As If Monopolies for Life Will Save People's Lives...

    The mentality of monopoly or the mindset of patent maximalism has been quick to exploit the deaths of half a million



  16. IRC Proceedings: Wednesday, July 01, 2020

    IRC logs for Wednesday, July 01, 2020



  17. IBM-Funded FSF Censors Itself on Software Patents

    Donald Robertson’s article bemoaning and openly condemning the U.S. Patent and Trademark Office (USPTO) over software patents, which it illegally grants in some cases, was modified a week later; and why? One can only guess… (but remember that the FSF’s foremost sponsor is lobbying against 35 U.S.C. § 101 and for software patents)



  18. [Humour/Meme] Remember That As Recently as Last Year Microsoft Was Still Shaking Down and Even Suing Companies Over 'Linux Patent Infringement'

    There's no 'new Microsoft' except a (better at) lying Microsoft; its covert actions tell us a lot about its ongoing hatred of GNU/Linux, which it is assaulting in new and more sophisticated ways



  19. Contrary to Common Misconceptions, Free Software is More 'Corporate' or More 'Enterprise-Grade' Than Proprietary Abandonware (All Proprietary Software Will Die)

    Free software can leverage the superficial and bland boardroom lingo/slang to promote itself; it would definitely harm or dilute/weaken the terms which proprietary software giants like to leverage against us



  20. Social Control Media Will Not Exist One Day

    Digital obsolescence and Internet bitrot — that’s what Social Control Media is really good for; as many Google+ ‘users’ (useds) found out, they’re just being ‘farmed’ for their ‘content’, which is neither valuable nor resilient (definitely of no value to Google)



  21. What Freedom of Software Actually Means to Us

    Liberty or libre (freedom) is about more than brands or personalities, as names or institutions or individuals can change or completely perish; but concepts outlast superficialities



  22. [Humour] Thinking Beyond Just the Linux Brand

    We're supposed to believe that because "Linux" is dominant we finally have freedom; but almost all the very big companies that are using GNU/Linux leverage it for freedom-hostile purposes and keep about 99% of their code secret from us, so the fight for software freedom must go on



  23. Corporate Media Blames 'China' and 'Open Source' for Back Doors in Microsoft's Intentionally Flawed Proprietary Software That's Causing Chaos

    'Red Scare' tactics are being used to divert attention away from Microsoft's incompetence and conspiracy with the NSA (to put back doors in everything, essentially making all software inherently vulnerable, by design)



  24. Microsoft Has Infiltrated Authorities and/or Their Consultation Processes

    In the European Union, the United States and just about everywhere else in the world one can find Microsoft officials replacing public officials, as if the decision-making too has been outsourced to the "Good Folks" from Microsoft



  25. Links 1/7/2020: Tails 4.8, Serpent OS

    Links for the day



  26. IRC Proceedings: Tuesday, June 30, 2020

    IRC logs for Tuesday, June 30, 2020



  27. EPO Management Celebrates the Lowering of Patent Quality While Granting Invalid Patents (IPs) Instead of European Patents (EPs)

    Europe's most autocratic institution continues to cheat and lie to everybody; even twice in one day, together with... the Communist Party of China (through CNIPA)



  28. Links 30/6/2020: OpenSUSE Leap 15.2, 4MLinux 34.0 Beta and IPFire 2.25 - Core Update 146

    Links for the day



  29. [Humour] There's Always a Way... (to Grant Patents on Almost Anything)

    The referral from European Patent Office (EPO) President António Campinos leaves the door open to patents on life, provided one paints those as uniquely clever, e.g. GMO (same tricks for software patents in Europe with “Hey Hi” — an overblown buzz wave)



  30. Crocodiles Can Only Ever Fake Empathy

    Greenwashing, pinkwashing, openwashing and abduction of various authentic civil rights movements (centered around gender, race, and sometimes economic issues) is very easy and cheap relative to the depths of corporate pockets; the problem is, those things help distract the 'masses' from objectively immoral and universally unacceptable acts


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts