Bonum Certa Men Certa

The Latest FOSS FUD Revolves Around Fakes and Bogus Arguments

Summary: How Free/Open Source Software (FOSS) gets discredited over "security", based on something which has nothing to do with FOSS and more to with human error or social engineering

THE reports from IDG make it sound as though FileZilla is a security threat [1,2] when it fact it is fakes that are a threat, as Sean pointed out to counter these allegations [3].



Yesterday we took note of the trend and two days ago we gave some examples of security-flavoured FUD against Android, of which there is plenty these days (and even today). Some of it is correctly being characterised as platform-agnostic [4]. This sometimes requires user intervention [5] or social engineering [6], so there's a lot more to be taken into account. When the OpenSSL project got compromised some weeks ago it was actually the fault of a weak password [7,8], but some of the media spread FUD about OpenSSL itself. Weak passwords are a common human error [9] and those who don't encrypt E-mails that contain passwords (they should!) only have themselves to blame [10,11]. To get an example of real vulnerability, consider Apple's Safari storing passwords in plain text [12]!!! GNU/Linux, by contrast, facilitates strong encryption and has protection against all sorts of attacks [13-14].

Blaming FOSS for issues that relate to social engineering is a common FUD pattern these days (like blaming Android for users installing malware they download outside repositories), but the real security issues are back doors like Microsoft's, security flukes like Apple's, and data leakage through so-called 'clouds' (which are typically promoted by proprietary software players, tightly connected to the crack-leaning NSA).

Related/contextual items from the news:



  1. FileZilla warns of large malware campaign


  2. FileZilla warns of large malware campaign


  3. FileZilla, Other Open-Source Software From 'Right' Sources Is Safe
    A basic tenant of open-source software security has long been the idea that since the code is open, anyone can look inside to see if there is something that shouldn't be there.


  4. Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices
    The cross-platform HEUR:Backdoor.Java.Agent.a, as reported in a blog post published Tuesday by Kaspersky Lab, takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.


  5. Yahoo users exposed to malware attack
    Users clicking on some ads are redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.


  6. Password Security Requires Multiple Layers of Protection
    The gist of the story is that "123456" is now the most commonly used weak password—surpassing the use of the word "password."


  7. No hypervisor vulnerability exploited in OpenSSL site breach
    The OpenSSL Project confirmed that weak passwords used on the hosting infrastructure led to the compromise of its website, dispelling concerns...
  8. OpenSSL site defacement involving hypervisor hack rattles nerves (updated)
    Code repositories remained untouched in the December 29 hack, and the only outward sign of a breach was a defacement left on the OpenSSL.org home page. The compromise is nonetheless rattling some nerves. In a brief advisory last updated on New Year's Day, officials said "the attack was made via hypervisor through the hosting provider and not via any vulnerability in the OS configuration." The lack of additional details raised the question of whether the same weakness may have been exploited to target other sites that use the same service. After all, saying a compromise was achieved through a hypervisor vulnerability in the Web host of one of the Internet's most important sites isn't necessarily comforting news if the service or hypervisor platform is widely used by others.
  9. 7 sneak attacks used by today's most devious hackers


  10. 10,000 Top Passwords
    Back when I wrote Perfect Passwords, I generated a list of the top 500 worst (aka most common) passwords which seems to have propagated quite a bit across the internet, including being mentioned on Gizomodo, Boing Boing, Symantec, Laughing Squid and many other sites. Since then I have collected a large number of new passwords bringing my current list to about 6,000,000 unique username/password combos, including many of those that have been recently made public*.


  11. All Your Internet Are Belong To Iceland*
    All that being said, and given that the Luddite solution of forsaking the Internet may not be terribly practical, this is another reason to encrypt technical data that you are sending by email even if the recipient is a U.S. person firmly planted on U.S. soil. No, the encryption isn’t a defense to the violation, but it is at least a mitigating factor. Remember, as I posted last May, that the U.S. military thinks it can put ITAR-controlled technical data on a Chinese satellite if it’s encrypted; so if you don’t have anything else to say in your defense when an email with export controlled data accidentally wanders through Lithuania, you will at least have that. And maybe one day in the distant future, BIS and DDTC will admit that the Internet exists and that encryption works.


  12. Older Versions of Safari Store Login Info in Plain Text
    Older versions of Safari for Mac store unencrypted user login credentials in a plain text file, according to security firm Kaspersky (via ZDNet). Safari saves the information in order to restore a previous browsing session, reopening all sites, even those that require authentication using the browser's "Reopen All Windows from Last Session" functionality.


  13. Quantum crypto pitches for data centre links


  14. Linux Is the Only Way to Protect Against Potential Sound-Transmitted Malware


Recent Techrights' Posts

Our Case is a Very Easy Win, the SLAPPs From Microsofters Were a Grave Error, and Censoring Information Won't Work (It'll Only Ever Backfire)
Censoring is what people do when they lose the argument
 
Links 04/06/2025: WSL Backfiring on Microsoft and "Disney, Microsoft Announce Massive Layoffs"
Links for the day
Say the Truth, the Rest Will Follow
There's no guarantee that writing the truth will result in an audience (or readership), but over time - in the long run - people generally gravitate towards what they know or feel to be crude truth, not just what's comforting (albeit false or self-deluding, usually groupthink dictated from above)
How to Expose High-Level Corruption Without Getting in (Too Much) Trouble
Democracy depends on free press and freedom of the press depends on being able to safely publish (and keep available) material that bad people don't want to be known to anybody
In-Depth EPO Coverage at Techrights Turns Eleven
11 years is a very long time
Windows Measured Below 10% in Afghanistan, GNU/Linux Gaining a Lot
about 80% are Android (Linux) users, compared to only about 10% for Windows
Poland's Political Predicament and Social Control Media
Democracy and fake "tech" don't mix well; the latter tends to interfere with the former and that's why we get more "Putins" out there
EPO: Taking Away From the Staff to Give More to the Rich
The Central Staff Committee (CSC) wrote to EPO staff earlier this week
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 03, 2025
IRC logs for Tuesday, June 03, 2025
Abuse Inside the Polish Patent Office (UPRP) - Part I: It's a Lot Like the EPO
we can commence a series soon
Gemini Links 04/06/2025: Inescapable Questions and Quitting All "Oligarch Tech"
Links for the day
Slopwatch: Linux FUD From Slopfarms, Blaming Linux for Microsoft Issues; Even WebProNews Has Become a Slopfarm (Googlebombing "Linux" With Slop Images and Fake/Plagiarised Text)
The Web is really getting bad; it's also overwhelmed by fake material or plagiarised material, wherein the plagiarism gets disguised/hidden by LLM sausage factories
Links 03/06/2025: Tiananmen Square Massacre Censorship and Growing Military Activities Around Taiwan
Links for the day
Linux is Already Dominant (Android), Let's Make GNU/Linux Dominant in Desktops/Laptops as Well
"Dr. Stallman recently warned everybody about Microsoft."
The Loyalty to Microsoft and the Salaries From Microsoft (Funding SLAPPs Against Techrights and Tux Machines)
Garrett always knows better. He knows everything best.
Windows Falls in Italy as GNU/Linux Jumps to 5%
Italy knows a thing or two about digital autonomy
Nigeria is All Android and Google
Windows down to almost nothing in Africa's largest population
Mass Layoffs at Microsoft (Second Wave) Not Limited to Redmond
"More layoffs at Microsoft as axe falls in Washington and California"
Gemini Links 03/06/2025: Forth System and "Common Lisp is a Dumpster"
Links for the day
The Leaks Were Right: Mass Layoffs at Microsoft in May, Then Another Wave in June
Just as we've been saying for over a month
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 02, 2025
IRC logs for Monday, June 02, 2025
Last Article From Australia's Sam Varghese Was a Year Ago and It Covered the Release of Julian Assange, Who Will Apparently Come Back as 'Politician'
It'll soon be exactly 12 months
Hungary Seems Hungry for Linux
Windows down by a lot
Like in Europe, Bad News for Microsoft in US and Canada
If it loses those "regions", then what's left?
About 8 Waves of Mass Layoffs at Microsoft in 2025 (in Less Than 5 Months), Now Vista 11 "Market Share" Decreases
Really bad news for shareholders of Microsoft
statCounter Sees Bing "Share" Falling Over 0.5% in One Month, Now Lower Than Before the ChatGPT/Bing Chat Hype
Bing has been part of the mass layoffs for quite some time
After Microsoft's Bankruptcy in Russia Android (Linux) Will Dominate Asia Completely
Windows probably peaked in "XP" or "2000"
Microsoft's Demise is a Global Phenomenon
mass layoffs justified using mindless buzzwords
All-Time Highs for GNU/Linux in EU and the UK, All-Time Lows for Microsoft
Combining ChromeOS and GNU/Linux, it adds up to and almost reaches 6%
India: Windows Falls to 50% in Desktops/Laptops and 8% Overall
laptops/desktops fell to 16% of the whole
statCounter: GNU/Linux Up to 4.7% "Market Share" This Month
30,000 Microsoft jobs may be eliminated by year's end
Microsoft is in Trouble and Microsofters Know It
"I've been happy on Win 3.11 for years."
[Video] New Introduction to Richard Stallman's Contributions Including GNU Emacs, GNU/Linux, and Software Freedom
from the channel previously bullied for supporting RMS
Links 02/06/2025: South Korea to Vote, Russia Blitzed From Within
Links for the day
Links 02/06/2025: Political Leftovers, DRM, and Patents
Links for the day
Links 02/06/2025: Microsoft Spins Layoffs as "Slop", Frontier Settles Lawsuit
Links for the day
When You Publicly Boast About Wanting to Violently Attack People (Even Colleagues) Finding a Job Will Prove Difficult
there's a lesson to be learned here
The Web We Lost, the Information Lost Due to Microsoft's Attacks on Companies Like Yahoo! (Before the LLM Slop Frenzy)
When it comes to news sites, what can we say?
Covering Corruption in Poland, Including a War on Science (Due to Bad Politicians)
What we're about to show is that skilled and experienced scientists in Poland are besieged by bureaucrats
Gemini Links 02/06/2025: "Star Wars Day" and "Security Day"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 01, 2025
IRC logs for Sunday, June 01, 2025