12.19.14

Gemini version available ♊︎

Another Microsoft Partner Markets Linux FUD Using Logo, Name, and Lies

Posted in FUD, Microsoft, Red Hat, Security at 12:14 pm by Dr. Roy Schestowitz

The great power of lies and gullible journalists

Christmas lights

Summary: Microsoft’s partner Alert Logic is trying to label a feature of Linux a security flaw and even makes marketing buzz for it

IF A reporter or two can be bamboozled into printing a lie (digitally distributing it), this can lend some credibility/legitimacy to the lie and then it is possible that the lie will spread and be echoed in other reports. Hence the importance of this matter.

“They are trying to change perceptions around Free software security.”Several journalists have already rebutted something that I debunked some days ago when I first saw some nonsense about “Grinch” with a suitable “marketing” image. Here is one rebuttal among a few:

The Grinch flaw was reported by Stephen Cody, chief security evangelist at Alert Logic. Cody alleges that the Grinch flaw enables users on a local machine to escalate privileges. Leading Linux vendor Red Hat, however, disagrees that the Grinch issue is even a bug and instead notes in a Red Hat knowledge base article that the Grinch report “incorrectly classifies expected behavior as a security issue.”

The original security researcher that reported the Grinch found that if a user logs into a Linux system as the local administrator, the user could run a certain command that would enable the user to install a package, explained Josh Bressers, lead of the Red Hat Product Security Team.

“Local administrators are trusted users,” Bressers told eWEEK. “This isn’t something you hand out to everybody.”

We believe it was Joab Jackson (IDG) who first gave a platform to the Microsoft partner (Alert Logic) that used marketing buzz and a lie against Linux, soon to be rebutted by Red Hat. I had contacted Mr. Jackson, who later told me that he posted a follow-up (or correction).

Jackson’s correction may have come too late as we saw the lie spreading to a few other news sites later on (thankfully not too many sites). Here is one example of garbage ‘reporting’ (FUD and lies), generated by the FUD firm with with a catchy name, sort of logo etc. (generated by a Microsoft partner we might add). Apart from Jackson’s piece we saw at least 3 more such articles (which came afterwards). How many are going to post a correction? How many articles will be withdrawn? How many follow-ups will be published? Tumbleweed. Silence.

It is usually Windows that has zero-days during Christmas, not GNU or Linux. There was recently other nonsense with a name, claiming to be a flaw when it was actually some other malware (potentially developed by the Russian government) that users actually have to install (not from repositories) to be infected by. It was akin to a phishing attack, but it was widely used in the press (even in IDG, Jackson’s employer) to characterise GNU/Linux as insecure.

Remember what the Microsoft-connected firm did with "Heartbleed" (the name it made up with a promotional logo). It’s all about marketing and hype. They are trying to change perceptions around Free software security. What matters is what people remember, not the truth. This is all about discouraging users or buyers.

A reader has alerted us about this article from Armenia . “Note the job title of the ‘softer,” he said. Here is the relevant portion:

Armenia’s Minister of Defense Seyran Ohanyan received Microsoft Corporation’s Regional Director for Public Safety/National Security/Defense Robert Kosla.

Joke or real? It sounds like a joke, but they are definitely not joking. Armenia talks to the NSA’s biggest partner and back doors-loving company about ‘security’, so seeing the job title from Microsoft is truly hilarious! Microsoft is good at insecurity and lies, not security.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. Michael said,

    December 21, 2014 at 5:54 pm

    Gravatar

    The company with the vulnerability denies it. If this was MS you would not accept their word.

    Others seem to see this as a real problem: http://www.pcworld.com/article/2860032/this-linux-grinch-could-put-a-hole-in-your-security-stocking.html

    So why give Red Hat a pass? If MS or Apple denied one of their security issues was a problem would you side with them? Of course not.

DecorWhat Else is New


  1. The ISO Delusion: Sirius Corporation Demonstrates a Lack of Understanding of Security and Privacy

    Sirius ‘Open Source’, emboldened by ISO ‘paperwork’ (certification), lost sight of what it truly takes to run a business securely, mistaking worthless gadgets for “advancement” while compelling staff to sign a new contract in a hurry (prior contract-signing scandals notwithstanding)



  2. Links 26/01/2023: LibreOffice 7.4.5 and Ubuntu Pro Offers

    Links for the day



  3. Links 26/01/2023: GNU poke 3.0 and PipeWire 0.3.65

    Links for the day



  4. IRC Proceedings: Wednesday, January 25, 2023

    IRC logs for Wednesday, January 25, 2023



  5. Companies Would Collapse Upon Abandoning Their Original Goals (That Attracted All the Productive Staff)

    Staff with technical skills won't stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself "Open Source"



  6. [Meme] Listen to Your Workers, Avert Disaster

    Companies that refuse to take input from staff are doomed to fail



  7. The ISO Delusion: When the Employer Doesn’t Understand the Company's Value Proposition (Building Systems) and Rejects Security

    Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything



  8. Links 25/01/2023: NuTyX 23.01.1 and GNU Guile 3.0.9 Released

    Links for the day



  9. Links 25/01/2023: Stratis 3.5.0 and Many Political Links

    Links for the day



  10. New Record Low: Only One 'Linux' Article in ZDNet in More Than Two Weeks

    Only a few years ago ZDNet published about 3 “Linux” stories per day (mostly FUD pieces); now it’s a ghost town, painted in ‘alien green’; considering ZDNet’s agenda (and sponsors) maybe it’s better this way



  11. Links 25/01/2023: Pale Moon 32.0 and DXVK 2.1

    Links for the day



  12. IRC Proceedings: Tuesday, January 24, 2023

    IRC logs for Tuesday, January 24, 2023



  13. ISO Certification Hardly Tackles Any of the Real Issues

    The real-world threats faced by private companies or non-profit organisations aren't covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples



  14. [Meme] Medical Data Sovereignty

    What happens when your medical records/data are accessible to a company based abroad after a mysterious NDA with the Gates Foundation? The International Organization for Standardization (ISO) does not mind.



  15. The ISO Delusion: Sirius Open Wash Ltd. and Medical Data/Projects at Risk/Peril

    Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)



  16. Links 24/01/2023: Wine 8.0 is Ready, FSF Bolsters Copyleft

    Links for the day



  17. Azure Has Layoffs Again, Microsoft Still Cutting

    Even supposed ‘growth’ areas at Microsoft are being culled (this growth is faked, it is a lie)



  18. Links 24/01/2023: Tails 5.9 and ArcoLinux v23.02

    Links for the day



  19. Links 24/01/2023: GStreamer 1.22 and Skrooge Gets New Site

    Links for the day



  20. IRC Proceedings: Monday, January 23, 2023

    IRC logs for Monday, January 23, 2023



  21. The Inside(r) Story of ISO 'Certification' Mills

    Based on my experiences inside Sirius ‘Open Source’ — as I was there for nearly 12 years — I finally tell what I’ve witnessed about ISO certification processes (see ISO wiki for prior experiences)



  22. [Meme] ISO Selling 'Reputation' to Small Businesses (for a Large Fee)

    As we’re hoping to demonstrate throughout the week, ISO certification is, in practice, worse than worthless (just a waste of small businesses’ resources, much like patents); call it the ‘ISO tax’, an artificial barrier to entry that boils down to money



  23. [Meme] ISO Certification for Paying for Certificates on Time

    ISO is a phony authority; it makes business by issuing mostly worthless paperwork that wastes people’s time and accomplishes nothing (except making ISO in rich Switzerland even richer)



  24. The ISO Train Wreck at Sirius 'Open Source'

    Before we proceed to showing how Sirius ‘Open Source’ blatantly ignored security and privacy we wish to show how ISO (see ISO wiki) basically ‘sold’ a certificate to Sirius — this is like a “diploma mill” but something that’s for businesses, not individuals



  25. Sirius Lying About ISO to Justify Giving the Technical Staff Some Classic 'Bullshit Jobs' While Censoring/Covering Up Incompetence

    Sirius ‘Open Source’ has long used “ISO” — and sometimes “GDPR” — as catch-all excuses for all sorts of nonsensical policies; does ISO realise the degree to which it is being misused by incompetent 'box tickers'?



  26. Links 23/01/2023: mozilla.org's 25th Anniversary and IceWM 3.3.1 Released

    Links for the day



  27. Report: The So-called 'Linux' Foundation is Reducing Focus on Linux

    The so-called ‘Linux’ Foundation is reducing its focus on Linux and is instead busy promoting Microsoft, Facebook, and other interests that GNU/Linux users strongly dislike



  28. Links 23/01/2023: Fwupd 1.8.10

    Links for the day



  29. IRC Proceedings: Sunday, January 22, 2023

    IRC logs for Sunday, January 22, 2023



  30. Links 23/01/2023: Many Pgpool-II Releases, risiOS 37 Reviewed

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts