EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.29.14

The Latest FOSS FUD Revolves Around Fakes and Bogus Arguments

Posted in Free/Libre Software, Security at 2:07 pm by Dr. Roy Schestowitz

Summary: How Free/Open Source Software (FOSS) gets discredited over “security”, based on something which has nothing to do with FOSS and more to with human error or social engineering

THE reports from IDG make it sound as though FileZilla is a security threat [1,2] when it fact it is fakes that are a threat, as Sean pointed out to counter these allegations [3].

Yesterday we took note of the trend and two days ago we gave some examples of security-flavoured FUD against Android, of which there is plenty these days (and even today). Some of it is correctly being characterised as platform-agnostic [4]. This sometimes requires user intervention [5] or social engineering [6], so there’s a lot more to be taken into account. When the OpenSSL project got compromised some weeks ago it was actually the fault of a weak password [7,8], but some of the media spread FUD about OpenSSL itself. Weak passwords are a common human error [9] and those who don’t encrypt E-mails that contain passwords (they should!) only have themselves to blame [10,11]. To get an example of real vulnerability, consider Apple’s Safari storing passwords in plain text [12]!!! GNU/Linux, by contrast, facilitates strong encryption and has protection against all sorts of attacks [13-14].

Blaming FOSS for issues that relate to social engineering is a common FUD pattern these days (like blaming Android for users installing malware they download outside repositories), but the real security issues are back doors like Microsoft’s, security flukes like Apple’s, and data leakage through so-called ‘clouds’ (which are typically promoted by proprietary software players, tightly connected to the crack-leaning NSA).

Related/contextual items from the news:

  1. FileZilla warns of large malware campaign
  2. FileZilla warns of large malware campaign
  3. FileZilla, Other Open-Source Software From ‘Right’ Sources Is Safe

    A basic tenant of open-source software security has long been the idea that since the code is open, anyone can look inside to see if there is something that shouldn’t be there.

  4. Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices

    The cross-platform HEUR:Backdoor.Java.Agent.a, as reported in a blog post published Tuesday by Kaspersky Lab, takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.

  5. Yahoo users exposed to malware attack

    Users clicking on some ads are redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.

  6. Password Security Requires Multiple Layers of Protection

    The gist of the story is that “123456″ is now the most commonly used weak password—surpassing the use of the word “password.”

  7. No hypervisor vulnerability exploited in OpenSSL site breach

    The OpenSSL Project confirmed that weak passwords used on the hosting infrastructure led to the compromise of its website, dispelling concerns…

  8. OpenSSL site defacement involving hypervisor hack rattles nerves (updated)

    Code repositories remained untouched in the December 29 hack, and the only outward sign of a breach was a defacement left on the OpenSSL.org home page. The compromise is nonetheless rattling some nerves. In a brief advisory last updated on New Year’s Day, officials said “the attack was made via hypervisor through the hosting provider and not via any vulnerability in the OS configuration.” The lack of additional details raised the question of whether the same weakness may have been exploited to target other sites that use the same service. After all, saying a compromise was achieved through a hypervisor vulnerability in the Web host of one of the Internet’s most important sites isn’t necessarily comforting news if the service or hypervisor platform is widely used by others.

  9. 7 sneak attacks used by today’s most devious hackers
  10. 10,000 Top Passwords

    Back when I wrote Perfect Passwords, I generated a list of the top 500 worst (aka most common) passwords which seems to have propagated quite a bit across the internet, including being mentioned on Gizomodo, Boing Boing, Symantec, Laughing Squid and many other sites. Since then I have collected a large number of new passwords bringing my current list to about 6,000,000 unique username/password combos, including many of those that have been recently made public*.

  11. All Your Internet Are Belong To Iceland*

    All that being said, and given that the Luddite solution of forsaking the Internet may not be terribly practical, this is another reason to encrypt technical data that you are sending by email even if the recipient is a U.S. person firmly planted on U.S. soil. No, the encryption isn’t a defense to the violation, but it is at least a mitigating factor. Remember, as I posted last May, that the U.S. military thinks it can put ITAR-controlled technical data on a Chinese satellite if it’s encrypted; so if you don’t have anything else to say in your defense when an email with export controlled data accidentally wanders through Lithuania, you will at least have that. And maybe one day in the distant future, BIS and DDTC will admit that the Internet exists and that encryption works.

  12. Older Versions of Safari Store Login Info in Plain Text

    Older versions of Safari for Mac store unencrypted user login credentials in a plain text file, according to security firm Kaspersky (via ZDNet). Safari saves the information in order to restore a previous browsing session, reopening all sites, even those that require authentication using the browser’s “Reopen All Windows from Last Session” functionality.

  13. Quantum crypto pitches for data centre links
  14. Linux Is the Only Way to Protect Against Potential Sound-Transmitted Malware
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 20/5/2018: KDevelop 5.2.2 and 5.2.3, FreeBSD 11.2 Beta 2

    Links for the day



  2. Aurélien Pétiaud's ILO Case (EPO Appeal) an Early Sign That ILO Protects Abusers and Power, Not Workers

    A famous EPO ‘disciplinary’ case is recalled; it’s another one of those EPO-leaning rulings from AT-ILO, which not only praises Battistelli amid very serious abuses but also lies on his behalf, leaving workers with no real access to justice but a mere illusion thereof



  3. LOT Network is a Wolf in Sheep's Clothing

    Another reminder that the "LOT" is a whole lot more than it claims to be and in effect a reinforcer of the status quo



  4. 'Nokification' in Hong Kong and China (PRC)

    Chinese firms that are struggling resort to patent litigation, in effect repeating the same misguided trajectories which became so notorious in Western nations because they act as a form of taxation, discouraging actual innovation



  5. CIPU is Amplifying Misleading Propaganda From the Chamber of Commerce

    Another lobbying event is set up to alarm lawmakers and officials, telling them that the US dropped from first to twelfth using some dodgy yardstick which favours patent extremists



  6. Patent Law Firms That Profit From Software Patent Applications and Lawsuits Still 'Pull a Berkheimer' to Attract Business in Vain

    The Alice-inspired (Supreme Court) 35 U.S.C. § 101 remains unchanged, but the patent microcosm endlessly mentions a months-old decision from a lower court (than the Supreme Court) to 'sell' the impression that everything is changing and software patents have just found their 'teeth' again



  7. A Year After TC Heartland the Patent Microcosm is Trying to 'Dilute' This Supreme Court's Decision or Work Around It

    IAM, Patent Docs, Managing IP and Patently-O want more litigation (especially somewhere like the Eastern District of Texas), so in an effort to twist TC Heartland they latch onto ZTE and BigCommerce cases



  8. Microsoft Attacks the Vulnerable Using Software Patents in Order to Maintain Fear and Give the Perception of Microsoft 'Safety'

    The latest patent lawsuits from Microsoft and its patent trolls (which it financially backs); these are aimed at feeble and vulnerable rivals of Microsoft



  9. Links 19/5/2018: Mesa 18.0.4 and Vim 8.1

    Links for the day



  10. Système Battistelli (ENArque) at the EPO is Inspired by Système Lamy in Saint-Germain-en Laye

    Has the political culture of Battistelli's hometown in France contaminated the governance of the EPO?



  11. In Australia the Productivity Commission Decides/Guides Patent Law

    IP Australia, the patent office of Australia, considers abolishing "innovation patents" but has not done so yet (pending consultation)



  12. Fishy Things Noticed Ahead of the Passage of a Lot of EPO Budget (Applicants' Money) to Battistelli's Other (and Simultaneous) Employer

    Observations and odd facts regarding the affairs of the council in St Germain; it certainly looks like Battistelli as deputy mayor and the mayor (Arnaud Péricard) are attempting to hide something



  13. Links 18/5/2018: AsteroidOS 1.0 Released, More Snyk/Black Duck FUD

    Links for the day



  14. Today's EPO Financially Rewards Abuses and Violations of the Law

    Battistelli shredded the European Patent Convention (EPC) to pieces and he is being rewarded for it, perpetuating a pattern of abuses (and much worse) being rewarded by the European Patent Organisation



  15. So-Called 'System Battistelli' is Destroying the EPO, Warn Insiders

    Low-quality patent grants by the EPO are a road to nowhere but a litigious climate in Europe and an unattractive EPO



  16. Rise in Patent Trolls' Activity in Germany Noted Amid Declining Patent Quality at the EPO

    The UPC would turn Europe into some sort of litigation ‘super-state’ — one in which national patent laws are overridden by some central, immune-from-the-law bureaucracy like the EPO; but thankfully the UPC continues its slow collapse



  17. EPO's Battistelli Taking Days Off Work for Political 'Duties' (Parties) in His French Theatre Where He'll Bring Buckets of EPO Budget (EPO Stakeholders' Money)

    More tales from Saint-Germain-en-Laye...



  18. Links 16/5/2018: Cockpit 168, GCompris 0.91, DHCP Bug

    Links for the day



  19. The EPO's 'Inventor Award' Scam: Part III

    An addendum to the "inventor of the year" affair, namely the case of Remmal



  20. Apple and Microsoft Are Still Suing Companies -- Using Patents of Course -- Which 'Dare' Compete (by Leveraging GNU/Linux)

    The vanity of proprietary software giants — as the latest news serves to reveal — targeting companies with patent lawsuits, both directly and indirectly



  21. The Anti-PTAB (Patent Quality), Anti-§ 101 Lobby is Losing Its Mind and It Has Become Amusing to Observe

    The rants about the Patent Trial and Appeal Board (PTAB), the courts and even the law itself have reached laughable levels; this reveals that the real agenda of patent maximalists is endless litigation and their methods boil down to those of an angry mob, not legal professionals



  22. EPO Has Become Overzealous About Software Patents, Probably More So Than Almost Anywhere Else

    The promotion of an extreme patent regime in Europe continues unabated; whether it succeeds or not depends on what EPO examiners and citizens of Europe can do



  23. Links 15/5/2018: Black Duck's Latest FUD and the EFF's EFFail FUD Debunked Further

    Links for the day



  24. Xiaomi, Samsung, TCL and Others Demonstrate That in a World With an Abundance of Stupid Patents Like Design Patents Nobody is Safe

    The "Cult of Patents" (typically a cabal of law firms looking to have everything on the planet patented) has created a battlefield in the mobile world; every company, once it gets big enough, faces a lot of patent lawsuits and dying companies resort to using whatever is in their "portfolio" to destroy everyone else inside the courtroom (or demand 'protection' money to avert lawsuits)



  25. A Google-Centric and Google-Led Patent Pool Won't Protect GNU/Linux But Merely 'Normalise' Software Patents

    Patent pools, which are basically the wrong solution to a very clear problem, continue to expand and promote themselves; the real solution, however, is elimination of abstract patents, notably software patents



  26. The Patent Microcosm is Still Looking for Ways to Bypass CAFC/PTAB Invalidation of Many US Patents

    In pursuit of patent maximalism (i.e. a status quo wherein US patents — no matter their age — are presumed valid and beyond scrutiny) pundits resort to new angles or attack vectors, ranging from the bottom (IPRs) to the top (Supreme Court)



  27. Inter Partes Reviews (IPRs) Make the United States a Much Better Place for Innovation and Creation

    Jim Logan of Personal Audio LLC (a patent troll) suffers one final blow and other news of interest serves to show just how valuable IPRs have become in the US



  28. The EPO Has Become Extremely Corrupt and Dishonest

    Corruption at the EPO is becoming an easy-to-see epidemic/problem, even if much of the media turns a blind eye to it (partly because of the corruption that's aimed at controlling media coverage)



  29. Reader's Post: The Last Delusion of Benoît Battistelli Before His Departure on June 30th

    “The last delusion of Battistelli before his departure next June 30″ — an informal article contributed by a Techrights reader



  30. It Doesn't Take a Genius to See That Microsoft Still Attacks GNU/Linux With Patents to Make Billions of Dollars in 'Protection' Money

    Intellectual Ventures, Finjan, RPX, and other Microsoft-connected trolls cannot be countered by LOT Network and the likes of it (notably OIN); Microsoft continues to shrewdly distribute patents to trolls, offering 'protection' from them (for a fee) and pressuring OEMs to bundle Microsoft 'apps' or risk retaliatory patent lawsuitsIntellectual Ventures, Finjan, RPX, and other Microsoft-connected trolls cannot be countered by LOT Network and the likes of it (notably OIN); Microsoft continues to shrewdly distribute patents to trolls, offering 'protection' from them (for a fee) and pressuring OEMs to bundle Microsoft 'apps' or risk retaliatory patent lawsuits


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts