EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.07.14

Lots of Coverage About FOSS Bugs, No Coverage About Intentional ‘Bugs’ (Back Doors) in Proprietary Software

Posted in Free/Libre Software, Microsoft, Security at 7:37 am by Dr. Roy Schestowitz

Bugs inside blobs are also serious bugs, and sometimes there by design

Bug

Summary: The increased media coverage of bugs in security-sensitive FOSS projects reveals lack of desire to cover much bigger threats, including back doors in proprietary software such as Windows

OpenSSL has been somewhat of a whipping boy of the technology press. One reason is, OpenSSL is widely used, but another is that it’s known what the issues are (transparency) and the corporate media sure has agenda. We already gave the example of Dan Goodin, to whom security bugs are only news is they affect FOSS (here is his latest go at it) and now that GnuTLS bugs become public knowledge (after a public release with full source code) there is some more coverage that resembles what we found amid “Heartbleed” hype [1, 2, 3] (in both cases a firm with Microsoft connections claimed credit for other people’s discoveries and trumpeted FUD in the press). One can expect the same from Microsoft-funded ‘news’ networks like IDG and ZDNet, which merely covers an already fixed bug. To quote the summary:

The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.

This is not an unusual thing. Why it this suddenly front page news?

Notice the pattern. In all cases the bugs are already fixed (users just need to apply updates, unless they have already been applied automatically). This shows a strength of FOSS, not a weakness. The latest OpenSSL patches that we covered a couple of days ago (in daily links) don’t relate to or amount to huge risk [1] and these are already patched [2]. The same goes for kernel bugs [3].

What we found highly disturbing here is that despite discoveries that companies like Apple and Microsoft facilitate the NSA with back doors (in secret code) we see an improportionate focus on every small bugfix in projects such as GnuTLS, OpenSSL, and Linux. Someone might be trying very hard to make the point that FOSS is the issue, not back doors which are very much included by design (and hidden in blobs). Reporters who cover bugs in FOSS but are never covering back doors in proprietary software ought to be challenged. Their bias (by omission) should be pointed out to them.

Related/contextual items from the news:

  1. New OpenSSL breech is no Heartbleed, but needs to be taken seriously
  2. OpenSSL Security Update now available for Fedora
  3. Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 23/6/2017: Wine 2.11 Released, HPC Domination by GNU/Linux

    Links for the day

  2. Primer to the Crisis and Scandals at the European Patent Office (EPO)

    An introduction to the chaotic state of what used to be the world's leading patent office and quickly became Europe's biggest embarrassment

  3. Workers of the European Patent Office (EPO) Are Going on Strike Again, Almost 90% Voted in Favour

    Thousands of brave EPO employees chose to cast a vote and make it known that they are in favour of another strike

  4. Benoît Battistelli Has Lost the Election at the EPO

    FFPE candidates (or moles from the yellow union) failed to enter the Central Staff Committee in spite of Battistelli's attempt to help them get in

  5. Emerging Threat to Patent Reforms at the USPTO

    Our plan of returning to coverage of US patent affairs in the wake of powerful lobbies that pursue patent maximalism

  6. You Know That the Unitary Patent (UPC) is in Huge Peril When Its Biggest Fans Admit It's Unlikely to Happen Even Next Year

    The tactics of Team UPC turn ugly as they personally target anyone who stands in their way, even a professor/judge who is courageous enough to state the obvious

  7. More Than Six Human Casualties Under Battistelli at the EPO, But the Human Toll Can Become a Lot Worse

    The bigger or much broader picture detailing the high cost of autocracy and mental torture at the EPO, where lives are ruined not only when these are ended and some key buildings pose severe threat to a lot of workers

  8. EPO's Elodie Bergot Calls Staff Suicide Just 'Passing Away', Pretends to Care

    How the EPO continues to mislead if not lie to staff, even when staff commits suicide -- a growing problem for Team Battistelli, whom some insiders hold accountable for these deaths

  9. The Administrative Tribunal of ILO Will Deliver EPO Judgments in Six Days

    Despite its old age (nearly a century), ILO's tradition when it comes to enforcing the law is anything but sterling, yet one can hope that it will stop its unproductive cat-and-mouse game with the EPO, where compliance is rare and actual judgments (not deferrals/referrals) are even rarer

  10. Links 21/6/2017: Red Hat's Numbers Are Up, New Debian Being Studied

    Links for the day

  11. Another Suicide Reported at the EPO While the Paid-for Media Focuses on 'European Inventor Award' Charade

    Puff pieces for Benoît Battistelli published aplenty while the European media refuses to deal with the reality -- not paid-for illusions -- at the European Patent Office

  12. Links 20/6/2017: Chuwi Lapbook, Linux 4.12 RC6, Mesa 17.1.3

    Links for the day

  13. At the European Inventor Award Ceremony Benoît Battistelli Lied to a Lot of Scientists and “Media Partners” About the UPC

    The Liar in Chief, Benoît Battistelli, still lives in a fantasy world or simply lies intentionally, which would be worse

  14. Contact Details for the EPO's Administrative Council Delegations

    List of Heads of Delegation and their E-mail addresses (used to be public information before Benoît Battistelli's oppressive regime or coup)

  15. Don't Forget to Vote for EPO Strike This Week (Thursday)

    A reminder that there's a vote on a strike at the European Patent Office later this week, giving an opportunity to rebut the "vocal minority" myth which Benoît Battistelli likes to spread

  16. European Patent Office (EPO) Whistleblowing Guidelines: Motivation and Impact of Leaks

    Advice on when to leak and what to leak for the desired effect, which is reformatory (though transparency and accountability)

  17. Links 18/6/2017: New Debian Release, Catchup With a Lot of News

    Links for the day

  18. Appalling Press Coverage Regarding the Unitary Patent (UPC)

    How the media has lied (and keeps lying) about the UPC, which the European public neither needs nor wants, putting aside serious constitutional issues that are associated with the UPC

  19. The Writings on the Wall at the European Patent Office: Number of Directors May Soon Decline From 150 to Just 65-70

    Battistelli is seizing more direct and indirect control over the European Patent Office (EPO), which is supposed to eject him with a proposal for replacement already formally prepared for publication

  20. European Patent Office (EPO) Whistleblowing Guidelines

    The first part of a series which offers tips for sending us material/evidence, specifically from the European Patent Office (EPO)

  21. General Consultative Committee of the EPO Warns About Battistelli's Plans

    The General Consultative Committee (GCC) issues a long document (176 pages) which explains to the overseer of the Office how internal rule changes make things even worse

  22. Links 16/6/2017: New Atom Release, Firefox 55 Beta

    Links for the day

  23. Leaked: European Patent Office Still Uses Microsoft Windows XP... in 2017

    The EPO continues to rely on inherently insecure (by design) platforms and Mr. Kraft, Battistelli's CIO, bragged that the actions of the Office "prevented any damage to the EPO and its reputation"

  24. Unitary Patent (UPC) Will Start “Real Soon” Now... Said Team UPC For So Many Years

    The Unitary Patent or Unified Patent Court Agreement (UPCA) is going nowhere fast, but those who spent time and money promoting it for self gain continue to lie to the press with overly optimistic predictions, unrealistic timelines, and Kool-Aid about the supposed 'benefits' of the Unified Patent Court (UPC)

  25. EPO Management Wastes Millions of Euros on a Silly, Gratuitous, Self-Serving Festival While EPO Staff is Planning Another Strike

    Unrest at the European Patent Office (EPO) is growing again, with plans of a strike resulting in a formal vote for a strike next week

  26. Links 15/6/2017: Mir 0.26.3, FreeNAS 11.0

    Links for the day

  27. Software Patents in Europe Are Still Promoted by the EPO, Even in Defiance of the Ban

    The European Patent Office continues to ignore the directive on the patentability of computer-implemented inventions, which had software patents disallowed with an overwhelming majority of 648 to 14 votes at the European Parliament

  28. Leaked: Job Advertisement for Removing Battistelli From the European Patent Office

    In spite of rumours that Benoît Battistelli would pursue elongation of his term, in clear defiance of the rules (again), paperwork is being put forth to replace him

  29. Links 14/6/2017: New BlackArch Linux ISO and Q4OS 1.8.6, Orion

    Links for the day

  30. Even UPC Proponents, Paid by the EPO's PR Firm, Admit That UPC May Never Happen

    Speculations are being floated regarding the cause of the impasse, which is going to result in a very long period of uncertainty and possibly the collapse of the Unified Patent Court (UPC) as it was envisioned by Michel Barnier, Benoît Battistelli and other opportunists

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts