EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.29.14

The Latest FOSS FUD Revolves Around Fakes and Bogus Arguments

Posted in Free/Libre Software, Security at 2:07 pm by Dr. Roy Schestowitz

Summary: How Free/Open Source Software (FOSS) gets discredited over “security”, based on something which has nothing to do with FOSS and more to with human error or social engineering

THE reports from IDG make it sound as though FileZilla is a security threat [1,2] when it fact it is fakes that are a threat, as Sean pointed out to counter these allegations [3].

Yesterday we took note of the trend and two days ago we gave some examples of security-flavoured FUD against Android, of which there is plenty these days (and even today). Some of it is correctly being characterised as platform-agnostic [4]. This sometimes requires user intervention [5] or social engineering [6], so there’s a lot more to be taken into account. When the OpenSSL project got compromised some weeks ago it was actually the fault of a weak password [7,8], but some of the media spread FUD about OpenSSL itself. Weak passwords are a common human error [9] and those who don’t encrypt E-mails that contain passwords (they should!) only have themselves to blame [10,11]. To get an example of real vulnerability, consider Apple’s Safari storing passwords in plain text [12]!!! GNU/Linux, by contrast, facilitates strong encryption and has protection against all sorts of attacks [13-14].

Blaming FOSS for issues that relate to social engineering is a common FUD pattern these days (like blaming Android for users installing malware they download outside repositories), but the real security issues are back doors like Microsoft’s, security flukes like Apple’s, and data leakage through so-called ‘clouds’ (which are typically promoted by proprietary software players, tightly connected to the crack-leaning NSA).

Related/contextual items from the news:

  1. FileZilla warns of large malware campaign
  2. FileZilla warns of large malware campaign
  3. FileZilla, Other Open-Source Software From ‘Right’ Sources Is Safe

    A basic tenant of open-source software security has long been the idea that since the code is open, anyone can look inside to see if there is something that shouldn’t be there.

  4. Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices

    The cross-platform HEUR:Backdoor.Java.Agent.a, as reported in a blog post published Tuesday by Kaspersky Lab, takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.

  5. Yahoo users exposed to malware attack

    Users clicking on some ads are redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.

  6. Password Security Requires Multiple Layers of Protection

    The gist of the story is that “123456″ is now the most commonly used weak password—surpassing the use of the word “password.”

  7. No hypervisor vulnerability exploited in OpenSSL site breach

    The OpenSSL Project confirmed that weak passwords used on the hosting infrastructure led to the compromise of its website, dispelling concerns…

  8. OpenSSL site defacement involving hypervisor hack rattles nerves (updated)

    Code repositories remained untouched in the December 29 hack, and the only outward sign of a breach was a defacement left on the OpenSSL.org home page. The compromise is nonetheless rattling some nerves. In a brief advisory last updated on New Year’s Day, officials said “the attack was made via hypervisor through the hosting provider and not via any vulnerability in the OS configuration.” The lack of additional details raised the question of whether the same weakness may have been exploited to target other sites that use the same service. After all, saying a compromise was achieved through a hypervisor vulnerability in the Web host of one of the Internet’s most important sites isn’t necessarily comforting news if the service or hypervisor platform is widely used by others.

  9. 7 sneak attacks used by today’s most devious hackers
  10. 10,000 Top Passwords

    Back when I wrote Perfect Passwords, I generated a list of the top 500 worst (aka most common) passwords which seems to have propagated quite a bit across the internet, including being mentioned on Gizomodo, Boing Boing, Symantec, Laughing Squid and many other sites. Since then I have collected a large number of new passwords bringing my current list to about 6,000,000 unique username/password combos, including many of those that have been recently made public*.

  11. All Your Internet Are Belong To Iceland*

    All that being said, and given that the Luddite solution of forsaking the Internet may not be terribly practical, this is another reason to encrypt technical data that you are sending by email even if the recipient is a U.S. person firmly planted on U.S. soil. No, the encryption isn’t a defense to the violation, but it is at least a mitigating factor. Remember, as I posted last May, that the U.S. military thinks it can put ITAR-controlled technical data on a Chinese satellite if it’s encrypted; so if you don’t have anything else to say in your defense when an email with export controlled data accidentally wanders through Lithuania, you will at least have that. And maybe one day in the distant future, BIS and DDTC will admit that the Internet exists and that encryption works.

  12. Older Versions of Safari Store Login Info in Plain Text

    Older versions of Safari for Mac store unencrypted user login credentials in a plain text file, according to security firm Kaspersky (via ZDNet). Safari saves the information in order to restore a previous browsing session, reopening all sites, even those that require authentication using the browser’s “Reopen All Windows from Last Session” functionality.

  13. Quantum crypto pitches for data centre links
  14. Linux Is the Only Way to Protect Against Potential Sound-Transmitted Malware
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 1/9/2014: Poettering on systemd, ITNews on DBMSs

    Links for the day



  2. Moving Away From Windows to GNU/Linux and the Abandonment of Windows as the Modest Proposal These Days

    Morale of GNU/Linux and an embrace of GNU/Linux is very high, despite recent propaganda from Microsoft MVPs and boosters (primarily security-themed and Munich-themed FUD)



  3. Korean Press Slams Microsoft Over Patent Extortion Against Linux/Android as New Abuses Resurface

    Harsh words from the national press of South Korea as Nokia's role in Microsoft's anti-Linux tactics becomes more apparent



  4. More Good News About Patents and Their Demise in the United States

    A roundup of news about software patents and patent trolls in the land where these thrive



  5. Links 31/8/2014: Linux 3.12.27, Akademy 2014

    Links for the day



  6. Links 30/8/2014: Jailhouse 0.1, *buntu 14.10 Beta

    Links for the day



  7. Links 28/8/2014: Many New Games, CTO of Red Hat Steps Down

    Links for the day



  8. We Are Gradually Winning the Battle Against Software Patents

    The once-elusive war on software patents is finally leading to some breakthrough and even the Federal Circuit reinforces the trend of software patents' demise



  9. Free/Open Source Software (FOSS) Companies Versus FOSS Moles (VMware, Sonatype, Xamarin)

    A look at three entities which pretend to be pro-FOSS but are actually FOSS-hostile and very much determined to replace FOSS with proprietary software



  10. Links 27/8/2014: GNU/Linux in Space, China, LinuxCon

    Links for the day



  11. FUD Against Google and FOSS Security Amid Microsoft Windows Security Blunders

    In the age of widespread fraud due to Microsoft Windows with its back doors there is an attempt to shift focus to already-fixed flaws/deficiencies in competitors of Microsoft



  12. Microsoft Spin Watch: IDG Turns to More Microsoft Propaganda, Hires Microsoft Boosters

    Media in Microsoft's pocket is telling Microsoft's lies and deceives the public for Microsoft's bottom line



  13. Microsoft's Massive Tax Evasion Becomes Better Known

    A new report about Microsoft's admission that it plays dirty tricks with tax (sometimes using moles in government) is increasing awareness of Microsoft's criminal aspects



  14. Links 25/8/2014: China's Linux Revolution Imminent

    Links for the day



  15. Links 24/8/2014: GNU/Linux Specialisation and Benchmarks

    Links for the day



  16. Links 23/8/2014: GNU/Linux Growth

    Links for the day



  17. Microsoft-Funded Attacks on Android Security and Patent/Copyright

    A look back at examples of people who smear Android and are receiving (or received) money from Microsoft



  18. Blowback in Chile and Munich After Microsoft Intervention

    Microsoft's attacks on the digital sovereignty of countries involves lobbying, corruption, an attack on standards (e.g. ODF), an attack on FOSS policies, and even an attack on accurate reporting (truth itself)



  19. The End of Microsoft is Nigh

    A look back at a tough year for Microsoft and a not-so-promising future



  20. Links 22/8/2014: Linux Foundation LFCS, LFCE

    Links for the day



  21. UPS Burned by Microsoft Windows, Gives Away Massive Number of Credit Card Details

    UPS is the latest victim of Microsoft's shoddy back door with software on top of it (Windows); attempts to blame FOSS for data compromise actually divert attention from the real culprit, which is proprietary software



  22. Microsoft's Funding of ALEC and Other Systemic Corruption

    Microsoft role in writing of laws by proxy, via groups such as ALEC



  23. Microsoft is Still Preying on British Taxpayers, Playing Politics

    Some news from the UK showing how Microsoft uses politics to extract money out of taxpayers, irrespective of their preferences



  24. Microsoft's Patent Troll Intellectual Ventures is Collapsing as 20% of Staff Laid Off

    More good news regarding the demise of patents as Microsoft's leading patent proxy is collapsing more rapidly than anyone ever imagined and software patents too are collectively doubted



  25. Links 21/8/2014: Conferences of Linux Foundation, Elephone Emerges

    Links for the day



  26. Links 20/8/2014: Linux Event, GNOME Milestone

    Links for the day



  27. Corruption Watch: Microsoft Lobbying Designed to Kill Chile's Free Software Policy and Promote Microsoft With Subsidies, More Dirty Tricks Emerge in Munich

    icrosoft is systematically attacking migrations to GNU, Linux and Free software, using dirty tricks, as always



  28. Vista 8 Such a Disaster That Even Microsoft Cannot Cope With It, Vapourware Tactics Start Early

    Microsoft's Windows-powered services are failing and Windows gets bricked by Microsoft patches, whereupon we are seeing yet more of Microsoft's vapourware tactics (focusing in imaginary, non-existent versions of Windows)



  29. On BlackBerry and Other Patent Trolls

    A roundup regarding patent trolls, starting with the bigger and latest joiner, BlackBerry's new patents apparatus



  30. Links 19/8/2014: Humble Jumbo Bundle 2 Betrayal, Mercedes-Benz Runs GNU/Linux

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts