EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.08.15

Security FUD Against Free Software Resurfaces, Using Promotional Branding From a Microsoft-Linked Firm, So Red Hat Finally Responds

Posted in Free/Libre Software, FUD, Microsoft, Red Hat, Security at 5:52 pm by Dr. Roy Schestowitz

Bugs
Image courtesy of Red Hat

Summary: Old news is ‘new’ again, as Microsoft-friendly media decides to keep knocking hard on the reputation of Free software, using words rather than substance

A YEAR ago there was a curious (first of its kind for Free/Open Source software) “branding” of a 2-year-old FOSS bug by a Microsoft-linked firm that did not even find the bug. An engineer from Google had found it and sought to responsibly disclose it so as to patch it properly before the Microsoft-linked opportunists blew off the lid and called it “Heartbleed”, set up a Web site to ‘celebrate’ the bug, and even made a professionally-prepared logo for it. This whole “Heartbleed” nonsense — however serious it may have been for a day — was blown out of all proportions in the media and tarnished the name of Free software because it was so ‘successfully’ marketed, even to non-technical people. It was a branding ‘success’ which many firms would later attempt to emulate, though never with the same degree of ‘success’ (where success means bamboozling the public, especially non-technical decision-making people).

“Microsoft must be laughing quite hard seeing all that media manipulation.”“Dear journalists,” I said earlier today in social media (Diapora), “bugs don’t have birthdays. Stop finding excuses to bring “Heartbleed” BS (MS name for old bug) to headlines.” I spoke to one author about it and challenged him for floating these “Heartbleed” logos and brands yet again. To us it seems quite evident that Microsoft keeps attacking Free software and GNU/Linux like no time before; it’s just more subtle and hidden in more sophisticated ways. The person who heads the incognito firm that’s known only for the “Heartbleed” brand (they control the brand) came from Microsoft (he was head of security there) and also from the FBI, whose stance on encryption is widely known by now; they actively seek to break security of software, so knowing about the 2-year-old OpenSSL bug would make sense. Some reputable media reports said that the NSA had known about this bug for about a year before it was known to the public and the NSA cooperates with the FBI on breaking software security, sharing personal (illegally intercepted) data, etc.

Anyway, the same publication (as above) also floated the “Heartbleed” nonsense in another article today. Would they do just about anything to keep it in headlines? Even a year later? They are now citing some firm called Venafi (never heard of it before), which basically relies on misleading misuse of statistics. It’s FUD from a company that tries to make money from perceived dangers and accentuates these dangers in an effort to acquire clients. What kind of ‘journalism’ is this? incidentally, Black Duck is now joining the list of such parasitic companies, with new hires and multiple press releases, so clearly it’s a growth area and the Microsoft link is easy to see. It is FUD season again this spring as more publications now float this whole nonsense. This is hardly journalism, it’s just throwback.

Thankfully enough, Red Hat demonstrates what “branding” of FOSS bugs practically means, even using the image above. There is no correlation between the naming of bugs and their severity, but press coverage sure loves a good brand. This is an important (albeit belated) response from Red Hat to “branding” of a FOSS bug by Microsoft-linked firms like the one behind “Heartbleed”.

“It’s been almost a year since the OpenSSL Heartbleed vulnerability,” says Red Hat, “a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the time, and just because a vulnerability gets a name and a fancy logo doesn’t mean it is of real risk to users.”

Well, Microsoft folks sure squeezed everything they could from this bug, seeking to discredit not just OpenSSL but the whole development process of Free software (due to just one small bug, or a few lines of code). And Microsoft still pretends that it is warming up to Open Source? Who are these frauds kidding?

There’s a lot of companies which continue to use platforms with back doors, such as Windows, but the Wintel-oriented media would rather we just obsess over this one bug from one year ago (which was patched as soon as it became publicly-known).

We are rather disappointed to see a decent journalist like Sean Michael Kerner, along with colleagues at eWEEK, swallowing the bait and serving to promote the misleading claims to advertise this company that controls the “Heartbleed” brand, among other opportunists (like fish swimming around a shark for some leftovers). Microsoft must be laughing quite hard seeing all that media manipulation.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 30/9/2020: Nitrux 1.3.3, Tracker 3.0

    Links for the day



  2. [Meme] Is IBM's Proprietary Software Surveillance in the 2020 Election a Form of Corporate 'Meddling'?

    Called after an infamous recipient of a Nazi medal (Mr. Watson), an “app” with secret code and remote logging/recording will be used to determine whether the Orange One gets re-elected



  3. Learning to Say “No!” to Tyrants

    IBM continues with its old and oppressive/repressive agenda, even if this time around it's thinly disguised as "tolerance" and "ethics"



  4. Links 29/9/2020: Fedora 33 Beta, Krita 4.4.0 Beta 2, Stellarium 0.20.3 and Mesa 20.2 Released; 20 Million Downloads From the LVFS

    Links for the day



  5. Another Day of ZDNet Being ZDNet, Calling Windows “Linux” (to Confuse People and Help Microsoft Sell Vista 10)

    Microsoft propaganda site ZDNet is keeping up with the tradition of presenting Windows as "Linux" and promoting Windows even in the "Linux" section of the site



  6. [Meme] It's Crazy Not to Eliminate Lame Words That Might Offend Somebody

    If the word “stupid” offends you, then maybe programming isn’t for you, in the same sense that submitting patches with Git over E-mail shouldn't be hard if/when you can develop decent code with sanity checks



  7. IBM Fought for 'Master Race' and Now It's Banning the Word 'Master'

    A lot of the current push to ban the word "master" came from Red Hat (soon IBM, helped by Intel and Microsoft for the most part); we take a hard look at IBM's history to better understand the incredible double standards and what the real motivations might be



  8. IBM's Founder, Mr. Watson (Yes, That Watson), Had “Very Keen Sense of Public Relations”

    "Watson" is a lot more offensive than those supposedly offensive words IBM is working to purge; think about those hundreds of Red Hat workers who are black and were never told about ethnic purges of blacks facilitated by IBM (their new boss)



  9. Under IBM's Leadership Red Hat Becomes a SPAM Marketing Operation, Sending Mass Mails Without Authorisation and Making It Impossible to Unsubscribe

    Red Hat seems incapable of respecting people's inboxes; it subscribes people to things which they never ever subscribed to and makes it impossible to unsubscribe; what has Red Hat become or succumbed to?



  10. EFF: Sitting on a Massive Pile of Money and Members Are Less Than a Third of the Revenue

    As part of our series which explores non-profits turning against their goals (sometimes in pursuit of money, even if that means sellout) we take a good look at the EFF in this age of unprecedented consolidation of wealth and power



  11. IRC Proceedings: Monday, September 28, 2020

    IRC logs for Monday, September 28, 2020



  12. [Meme] Running Public (or Private) Interest Groups for Profit

    The Linux Foundation is picking up some more ‘surveillance capitalism’ money, in the name of… ‘helping’ Linux?



  13. The Concept of Martyrdom in Free Software and the Threat of Demonisation in the Media

    Leaders or figureheads of public interest advocacy are being dismissed as crazy and rude whilst corporations that maim and kill millions of people are spun as "professional" and even "altruistic"; don't fall for it



  14. More Money Does Not Necessarily Mean More Stable Organisations

    The corporate takeover of Free software (privatising the Commons) is a real problem that nobody in the media seems to be talking about, partly because this media is itself corporate and hence part of (participant in) the 'coup'



  15. EPO Management Looks for New and 'Innovative' Ways to Exploit Scientists and Distract From EPO Corruption

    EPO management is desperate for puff pieces, having just produced some greenwashing nonsense (about a dozen press items about this non-event) and now a bunch of self-promotional videos



  16. Before the New York Times Did a Number on Donald Trump It Changed Bill Gates' Tune

    When you speak strictly through a spokesperson it often means you're lying and/or hiding something; the Gates enigma remains unsolved more than a year later



  17. Links 28/9/2020: Linux 5.9 RC7, Review of Linuxfx 10.6, OpenSSH 8.4

    Links for the day



  18. Speaking Through Spokespeople is a Sign of Weakness, Such as Non-Denying and False Denials (or: Bill Gates Never Denied His Connections to MIT Through Jeffrey Epstein)

    Big liars lie shamelessly; the biggest liars lie through proxies and today we examine the evasive tactics of Bill Gates and his associates (who were closely connected to Jeffrey Epstein but refuse to even talk about that, except indirectly)



  19. IRC Proceedings: Sunday, September 27, 2020

    IRC logs for Sunday, September 27, 2020



  20. Accounting for Debconf 19 Travel... in 2020

    A deeper look or analysis of Debian expenditures, which grew more than twicefold for travel last year



  21. Don't Let Microsoft Make 'Open Source' Synonymous With Proprietary Monopoly GitHub

    Now that the OSI works for Microsoft instead of Open Source (no, GitHub isn’t Open Source; it’s inherently against Open Source) we need to understand the modus operandi and learn from old mistakes



  22. Links 27/9/2020: Puppy Linux 9.5, Nitrux 1.3.3

    Links for the day



  23. Public Relations and Tolerance Stunts Are Very, Very Cheap

    It's 2020 and people are asked to focus on superficial aspects of corporations rather than anything of substance (like the effects on society at large, notably exploitation and long-term harm)



  24. Open to Everything

    It always starts with good intentions...



  25. The OSI's President Apparently Does Not Know That His Own Employer (Salesforce) Works for ICE

    The hypocrisy (or double standard) of the OSI’s President is astounding; taking salaries paid in part by ICE budget (Salesforce works for ICE and similarly evil agencies) while protesting in a proprietary software platform of Microsoft (GitHub) about ICE (all this whilst actively participating in it regardless)



  26. [Meme] Communist Tactics

    To Microsoft, Linux is communism until Microsoft controls it (and then runs over it to crush it, the typical modus operandi)



  27. OSI President: Most or Half of the OSI's Money (Even Individual Donors' Money) Goes to a Microsoft-Led Initiative

    The OSI has turned from advocate of "Open Source" (a disingenuous attempt to set aside Free/libre software) to advocate of Microsoft and GitHub in just 3 years (since taking Microsoft's money/bribes)



  28. IRC Proceedings: Saturday, September 26, 2020

    IRC logs for Saturday, September 26, 2020



  29. The 24/7 'Tech' Worker (Babysitter of User-hostile Computing) and 'Expensive' Programmer

    The rights of workers are being reduced to nothing (many in their older years made redundant), even in an occupation that is indirectly responsible for automating and thus deprecating jobs in many other occupations



  30. Why Techrights is Totally Unexcited About the New Owner of Linux Journal

    Linux Journal might soon become an anti-Linux site (veiled hostility) if Slashdot's editorial preferences are anything to go by (Slashdot has just seized control of Linux Journal)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts