06.04.14
Gemini version available ♊︎Focusing on the Lesser Dangerous Security Problems
Summary: The obsession with security flaws that are immediately addressed by FOSS developers helps distract from deliberate flaws in proprietary software (back doors)
FOSS-hostile sites/tabloids like ZDNet happily cover security issues when they are already fixed and briefly affected Free software. The latest GnuTLS flaw (flaws in it are nothing new and they get addressed quickly [1, 2]) is starting to receive coverage in expected places (other than Microsoft-connected [1, 2, 3]). It is not just CBS sites but also Condé Nasty, another neighbour of Wall Street (where all those large media companies are based). There are provocative photos as usual from Dan Goodin, not to mention the Linuxwashing of this cross-platform issue. IDG does this, but IDG [1] also alludes to back doors in Windows without naming them as such.
Why don’t they spend more time covering deliberate back doors from Microsoft/NSA or even Apple? It does not seem to serve their sponsors as much as FOSS FUD. Ever since the NSA leaks came out (it started a year ago) it seems like much of the technology/corporate media looks the other way and tries to turn every little bug in FOSS into headlines, claiming that FOSS is less secure. Perhaps there is fear that many people will walk away from software with back doors, necessitating alternatives (spooks cracking in more clever ways, trying hard to put back doors without being noticed in freely-available source code). █
Related/contextual items from the news:
-
Beware the next circle of hell: Unpatchable systems
Microsoft’s decision to end support for Windows XP in April was met with a collective gulp by the IT community. For good reason: Approximately 30 percent of all desktop systems continue to run XP despite Microsoft’s decision to stop offering security updates. Furthermore, a critical security flaw in Internet Explorer 8 disclosed recently by HP’s TippingPoint Division opens the door to remote attacks on XP systems that use IE8.