EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.07.14

Lots of Coverage About FOSS Bugs, No Coverage About Intentional ‘Bugs’ (Back Doors) in Proprietary Software

Posted in Free/Libre Software, Microsoft, Security at 7:37 am by Dr. Roy Schestowitz

Bugs inside blobs are also serious bugs, and sometimes there by design

Bug

Summary: The increased media coverage of bugs in security-sensitive FOSS projects reveals lack of desire to cover much bigger threats, including back doors in proprietary software such as Windows

OpenSSL has been somewhat of a whipping boy of the technology press. One reason is, OpenSSL is widely used, but another is that it’s known what the issues are (transparency) and the corporate media sure has agenda. We already gave the example of Dan Goodin, to whom security bugs are only news is they affect FOSS (here is his latest go at it) and now that GnuTLS bugs become public knowledge (after a public release with full source code) there is some more coverage that resembles what we found amid “Heartbleed” hype [1, 2, 3] (in both cases a firm with Microsoft connections claimed credit for other people’s discoveries and trumpeted FUD in the press). One can expect the same from Microsoft-funded ‘news’ networks like IDG and ZDNet, which merely covers an already fixed bug. To quote the summary:

The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.

This is not an unusual thing. Why it this suddenly front page news?

Notice the pattern. In all cases the bugs are already fixed (users just need to apply updates, unless they have already been applied automatically). This shows a strength of FOSS, not a weakness. The latest OpenSSL patches that we covered a couple of days ago (in daily links) don’t relate to or amount to huge risk [1] and these are already patched [2]. The same goes for kernel bugs [3].

What we found highly disturbing here is that despite discoveries that companies like Apple and Microsoft facilitate the NSA with back doors (in secret code) we see an improportionate focus on every small bugfix in projects such as GnuTLS, OpenSSL, and Linux. Someone might be trying very hard to make the point that FOSS is the issue, not back doors which are very much included by design (and hidden in blobs). Reporters who cover bugs in FOSS but are never covering back doors in proprietary software ought to be challenged. Their bias (by omission) should be pointed out to them.

Related/contextual items from the news:

  1. New OpenSSL breech is no Heartbleed, but needs to be taken seriously
  2. OpenSSL Security Update now available for Fedora
  3. Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 20/4/2018: Atom 1.26, MySQL 8.0

    Links for the day

  2. Links 19/4/2018: Mesa 17.3.9 and 18.0.1, Trisquel 8.0 LTS Flidas, Elections for openSUSE Board

    Links for the day

  3. The Patent Microcosm, Patent Trolls and Their Pressure Groups Incite a USPTO Director Against the Patent Trial and Appeal Board (PTAB) and Section 101/Alice

    As one might expect, the patent extremists continue their witch-hunt and constant manipulation of USPTO officials, whom they hope to compel to become patent extremists themselves (otherwise those officials are defamed, typically until they're fired or decide to resign)

  4. Microsoft's Lobbying for FRAND Pays Off as Microsoft-Connected Patent Troll Conversant (Formerly MOSAID) Goes After Android OEMs in Europe

    The FRAND (or SEP) lobby seems to have caused a lot of monopolistic patent lawsuits; this mostly affects Linux-powered platforms such as Android, Tizen and webOS and there are new legal actions from Microsoft-connected patent trolls

  5. To Understand Why People Say That Lawyers are Liars Look No Further Than Misleading Promotion of Software Patents

    Some of the latest misleading claims from the patent microcosm, which is only interested in lots and lots of patents (its bread and butter is monopolies after all) irrespective of their merit, quality, and desirability

  6. When News About the EPO is Dominated by Sponsored 'Reports' and Press Releases Because Publishers Are Afraid of (or Bribed by) the EPO

    The lack of curiosity and genuine journalism in Europe may mean that serious abuses (if not corruption) will go unreported

  7. The Boards of Appeal at the European Patent Organisation (EPO) Complain That They Are Understaffed, Not Just Lacking the Independence They Depend on

    The Boards of Appeal have released a report and once again they openly complain that they're unable to do their job properly, i.e. patent quality cannot be assured

  8. Links 18/4/2018: New Fedora 27 ISOs, Nextcloud Wins German Government Contract

    Links for the day

  9. Guest Post: Responding to Your Recent Posting “The European Patent Office Will Never Hold Its Destroyers Accountable”

    In France, where Battistelli does not enjoy diplomatic immunity, he can be held accountable like his "padrone" recently was

  10. The EPO in 2018: Partnering With Saudi Arabia and Cambodia (With Zero European Patents)

    The EPO's status in the world has declined to the point where former French colonies and countries with zero European Patents are hailed as "success stories" for Battistelli

  11. For Samsung and Apple the Biggest Threat Has Become Patent Trolls and Aggressors in China and the Eastern District of Texas, Not Each Other

    The latest stories about two of the world's largest phone OEMs, both of which find themselves subjected to a heavy barrage of patent lawsuits and even embargoes; Samsung has meanwhile obtained an antisuit injunction against Huawei

  12. The EPO Continues to Lie About Patent Quality Whilst Openly Promoting Software Patents, Even Outside Europe

    EPO patent quality continues to sink while EPO management lies about it and software patents are openly being promoted/advocatedEPO patent quality continues to sink while EPO management lies about it (the article above is new) and software patents are openly being promoted/advocated

  13. SCOTUS on WesternGeco v Ion Geophysical Almost Done; Will Oil States Decision Affirm the PTAB's Quality Assurance (IPRs) Soon?

    Ahead of WesternGeco and Oil States, following oral proceedings, it's expected that the highest court in the United States will deliver more blows to patent maximalism

  14. Links 17/4/2018: Linux 5.x Plans and Microsoft's 'Embrace'

    Links for the day

  15. The European Patent Office (EPO) Grants Patents in Error, Insiders Are Complaining That It's the Management's Fault

    The EPO has languished to the point where patents are granted in error, examiners aren't happy, and the resultant chaos benefits no-one but lawyers and patent trolls

  16. The European Patent Office Will Never Hold Its Destroyers Accountable

    With only one in seven EPO stakeholders believing that Battistelli's pick (António Campinos) will turn things around for the better, it certainly does not seem like people are happy and there's no real hope that Battistelli will ever be held accountable for his abuses after his immunity expires

  17. With Liars Like These...

    The European Patent Office continues to lie about the Unified Patent Court (UPC) amongst other things, still revealing its reluctance to say anything which is truthful or work to repair the damage caused by Benoît Battistelli

  18. Links 16/4/2018: Linux 4.17 RC 1, Mesa 18.0.1 RC, GNOME 3.28.1

    Links for the day

  19. IAM, Patently-O and Watchtroll (the Patent Trolls' Lobby) Try to Stop Patent Oppositions/Petitions (PTAB)

    In spite of fee hikes, introduced by Iancu's interim predecessor, petitions (IPRs) at the PTAB continue to grow in number and the patent maximalists are losing their minds over it

  20. The Patent Trial and Appeal Board (PTAB) is Ending Software Patents One Patent at a Time

    At an accelerating pace and with growing determination, PTAB (part of AIA) crushes patent trolls and software patents; the statistics and latest stories speak for themselves

  21. Academics and Think Tanks for Patent Maximalism

    Right-wing think tanks and impressionable academics continue to lobby for patent maximalism, rarely revealing the funding sources and motivations; in reality, however, such maximalism mainly helps large (already-wealthy) corporations, monopolists, and law firms

  22. Killing Patent Quality and Encouraging 'Covert' Software Patents Using the Buzzwords Du Jour

    The epidemic of buzzwords and/or hype waves that are being exploited to dodge or bypass patent scope/limitations, as seen in Europe and the US these days

  23. Crisis of Quality at the EPO Extends to Staff (Notably Examiners) and Management as Institutional Integrity is Severely Compromised

    A rather pessimistic but likely realistic outlook for the European Patent Office (EPO), which seems unable to attract the sort of staff it attracted for a number of decades

  24. The 'Blockchaining' of Software Patents (to Dodge the Rules/Guidelines) Now Coming to Europe

    A lot of software patents are being declared invalid (or not granted in the first place); having said that, using all sorts of hype waves (like calling databases “blockchains”) firms and individuals manage to still be granted software patents and sometimes patent trolls hoard these

  25. Links 14/4/2018: Wine 3.6, KDE Elisa 0.1

    Links for the day

  26. East Asia Should Have Adopted the Patent Strategy of South Asia, Notably India

    China seems to be so interested in patent maximalism that it has lost sight of the effect on foreign investment, e.g. US/European/Taiwanese/Japanese/Korean firms operating/manufacturing in mainland China

  27. Samsung is the 'New IBM', Sans the Trolling With Patents

    The 'relic' company, IBM, loses its patent leadership (as measured using some yardstick) to Samsung, a company which is relatively calm when it comes to patent activity (unless/only when sued, as happens a lot nowadays)

  28. David Barcelou May or May Not be a Patent Troll, But He is Certainly a SLAPPing Bully and Watchtroll is Fine With It

    Like a thin-skinned person/entity (which many in the patent microcosm are), David Barcelou and Automated Transactions (“ATL”) SLAPP their critics and surprisingly enough it's Watchtroll, who has been threatened by WIPO, coming to the bully's rescue (double standards)

  29. Links 12/4/2018: Stable New Kernels, Neptune 5.1

    Links for the day

  30. The USPTO Has a Nepotism and Lobbying Problem That Jeopardises the Rationality of US Patent Law

    The influence games of Washington are spilling over to the US patent office and poisoning/harming its ability to conduct professional operations without corporate influence (from either side, both corporations and law firms)

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts