Parasitical Firms Like Black Duck Exploit Bugs With Branding to Market Nonfree Services/Software

Dr. Roy Schestowitz

2015-02-07 21:53:44 UTC
Modified: 2015-02-07 21:53:44 UTC

Skulls

Summary: Parasites that take advantage of public panic and lack of comprehension are occupying paper space, as usual

LAST WEEK we wrote about the overblown threat called/dubbed "GHOST" (all capital letters) by the company seeking to make money from it despite being only the third to discover it and knowing it was not much of a big deal. We have not yet heard about any major exploit, which pretty much can be said about the OpenSSL bug as well (this one too was discovered by two entities before a Microsoft-connected firm irresponsibly publicised it, giving it a name and a logo to sell its own services and spread FOSS-hostile FUD for many months to come). What unifies the GLibC and OpenSSL bugs is that they got "brand recognition" very quickly. It was like a marketing campaign rather than a non-alarmist discussion about security -- something that non-technical/technically-illiterate journalists would surely fail at.

"As more stories are published in the media about big "hacks" (cracks) against large corporations we can't help but feel that the media neglects to mention that Microsoft Windows -- not OpenSSL or Bash, let alone GLibC -- is usually to blame."Days ago we saw the most FOSS-hostile IDG Web site becoming a platform of Black Duck, a Microsoft-connected firm that sells proprietary software by spreading and accentuating fear of FOSS. The article at hand uses bugs with "branding" to spook FOSS users while Black Duck, paying to publish this self-promotional press release on the same day, is still pretending to be an authority in FOSS.

The bugs with "branding" were also exploited by Veracode in this article (on the same day) and as Eric Lorenzo pointed out: "If businesses don't update legacy software, often they will will have bugs fixed in later versions! Shock!"

"I wonder what percentage of businesses are using obsolete Windows without updates," he added.

As more stories are published in the media about big "hacks" (cracks) against large corporations we can't help but feel that the media neglects to mention that Microsoft Windows -- not OpenSSL or Bash, let alone GLibC -- is usually to blame. It not only sports back doors but is also badly designed and won't patch known critical holes. It is basically designed to be not secure.

When it comes to reporting on computer security, the corporate press has almost zero legitimacy. All it knows is brands and it is eager to promote corporate partners that piggyback those brands (like "heartbleed") or stories (Anthem, Sony, etc.), claiming to be experts and offering remedies other than patches which were already issued and are free to apply by all. ⬆

Laptop Bricked After Microsoft Certificates Expiry: Is "Jim" dead?
Five Years After Its Formation Libera.Chat Has the Most Simultaneous Users in Internet Relay Chat (IRC): netsplit.de also measures the cross-network total at over 300k, probably for the first time in years
'Modern' Web: "Stop! You Are Browsing Too Fast!": Can the Web ever recover from this?
Pensions Tied to Ponzi Schemes Are Themselves Ponzi Schemes: Pensions are becoming more like that as well
Monoculture in Europe as National (or Continental) Security Threat: We need more browser diversity
Canada 5-0: GNU/Linux Rises to 5.0%, Windows Rapidly Falls to New Lows: Will we be seeing 6-0 (6%) by year's end and will Microsoft be shown two red cards?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, June 28, 2026: IRC logs for Sunday, June 28, 2026
Gemini Links 29/06/2026: Sansieviera, HiFi, and Self-Signed Certificates: Links for the day
Outsourcing is Not Security: Outsourcing to Microsoft is the opposite of security
Links 28/06/2026: Turkey's State Broadcaster Suspends Commentator, Journalists Under Attack: Links for the day
Debugpoint.com Turns to LLM Slop for 'Help': This is how sites die
Follow the Real Security Experts: Werner Koch
Assessing the Upcoming (July) Proprietary/GAFAM Cuts: The total (or %) matters to us because it can help shed light on what scale of layoffs to expect next week
Microsoft Lunduke Does Not Correct or Clarify Misinformation That He Posted (or Repeats It Instead): Not the first time [...] detracts and/or distracts from legitimate criticisms
How Not to Do Security: Asking Microsoft for permission
Gemini Links 28/06/2026: Simulation Theory and Pursuit of Novelty: Links for the day
The Slop 'Religion' is Dying: From Widespread (Paid-for) Hype to Widespread Hate: Wait till "sentiment" in Wall Street - not just general (public) "sentiment" - shifts strongly against slop
For Whistleblowers' Sake, Choose Hosting Platforms Wisely: Techrights is hard to 'sedate'
How to Discreetly Leak Important Information to Techrights: Some years ago we published multi-part series about how to contact us securely
Expect Many More Whistleblowers From Microsoft: We envision many pissed off workers from Microsoft will become whistleblowers after next week's giant wave
Efforts to Resume Progress on FreeJS, LibreJS, and Reduce Dependence on Microsoft: It's still in a relatively early development stage
Whistleblowers Improve the World: we should appreciate and respect whistleblowers
Microsoft Windows Plunges to All-Time Lows in Japan: Microsoft is disintegrating; many people no longer use (nor need) Windows
GNU/Linux Turns 43 in 3 Months From Now: The Manifesto of the Free software movement (GNU Manifesto, 1985) turned 40 last year
SLAPP Censorship - Part 121 Out of 200: One Day We'll Discover What Company or Rich Person/s Funded the Lawfare Against Us: Even if the law firm shoulders some of the losses, then it is in effect an investor in the lawfare, according to established caselaw
Working on "Linux", But on Microsoft's Payroll: Under the totally false guise of "security" those same people are now promoting TPMs and other horrible things
Links 28/06/2026: Energy Crunch, EEE by Microsoft, and John Bolton Pleads Guilty in Dictatorship of SLAPPs: Links for the day
Jim Not Dead Yet: Let's wait a few more days
Microsoft Layoffs So Big They Cannot Even Wait for 'D-Day' (July 1): "Layoffs at Xbox Appear to Have Already Begun, with Multiple Compulsion Games Employees Announcing Their Departures"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, June 27, 2026: IRC logs for Saturday, June 27, 2026
Links 28/06/2026: Heatwave in Europe and Media Failing to Actually Criticise Power: Links for the day
Gemini Links 28/06/2026: Poems, Photographs, and Neoliberalism as Religion: Links for the day
SLAPP Censorship - Part 120 Out of 200: Garrett Undermines His Own Application Because His Friend Graveley Failed to Accomplish What They Had Both Aimed For: Hold off the "popcorn"
Don't Settle for Slop: Slop is a bit of a symptom of where society is told to go
Gemini Links 27/06/2026: Photography From Interlaken to Shynige Platte, Slop 'Code', and Distro Hopping: Links for the day
TIGER COMPUTING LTD Sent Us Threats Half a Decade Ago (Because of Criticism of Their In-House Debian Developer), Now the Company's Debt is Deepening: So what is they're connected to the military?
GNU/Linux in Mexico Near All-Time High: With all the tourists packing the place (or hotels) we can imagine big changes to be seen next month (many portable devices)
Summer Plans in Tux Machines: July is nearly upon us
Gopher (Protocol) Turns 35, Gemini is 28 Years Younger: Bad technology comes and goes very fast
Be Like Stallman and Assange, Not Like MElon or Bill Epsteingate: these people treat women like worse than dirt
Exposure Leads to More Whistleblowing: In areas like IBM or European patent affairs we've always earned a lot of trust
European Patent Office (EPO) Series Will Run Well Into July: We still have a very significant chunk of EPO "trench" stories
Links 27/06/2026: Journalists Kicked Out of China, Torture in Iran and Turkey: Links for the day
How Microsoft is Preventing or Slowing Down Adoption of GNU/Linux (Fake 'GNU' Controlled by GitHub in Windows, WSL, Sabotage at Boot Level, Not Limited to Dual-Booting): Microsoft is still at it
Rising Computer Prices Good News for GNU/Linux and Free Software: This can greatly assist the adoption of BSDs and GNU/Linux
Links 27/06/2026: More Restrictions on Social Control Media and Russia is Leveraging Cellebrite/Back Doors: Links for the day
Saying "No" is Not a Bad Thing: Society benefits from people who say "No!" even when it seems impolite (and possibly inconvenient) to say so
Next Week's "Bloodbath" at Microsoft Includes "Silent Layoffs" (Which Microsoft Won't Count): The notion of "silent layoffs" is fast becoming the "new normal"
Akira Urushibata on the Likely False (Unverifiable) Claims Anthropic Makes About Defects for Marketing/Hype: Some pro-LLM person has managed to derail the discussion on this topic
European Patent Office (EPO) Series: "Team Campinos" in Split: The EPO team was of course headed by Campinos himself who delivered a "forward-looking" keynote speech to the assembled audience consisting mainly of Administrative Council delegates from the national IP offices
Supporting Women in the Free Software Community: The common theme here is abuse of women
Left IBM After Many Years, Came to Microsoft/XBox, Now Silent Layoffs at XBox: many inside XBox will have their last day next week
Gemini Links 27/06/2026: Homeworlds and Tarot Cards: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, June 26, 2026: IRC logs for Friday, June 26, 2026

Parasitical Firms Like Black Duck Exploit Bugs With Branding to Market Nonfree Services/Software

Recent Techrights' Posts