Lots of Coverage About FOSS Bugs, No Coverage About Intentional 'Bugs' (Back Doors) in Proprietary Software

Dr. Roy Schestowitz

2014-06-07 12:37:22 UTC
Modified: 2014-06-07 12:37:22 UTC

Bugs inside blobs are also serious bugs, and sometimes there by design

Bug

Summary: The increased media coverage of bugs in security-sensitive FOSS projects reveals lack of desire to cover much bigger threats, including back doors in proprietary software such as Windows

OpenSSL has been somewhat of a whipping boy of the technology press. One reason is, OpenSSL is widely used, but another is that it's known what the issues are (transparency) and the corporate media sure has agenda. We already gave the example of Dan Goodin, to whom security bugs are only news is they affect FOSS (here is his latest go at it) and now that GnuTLS bugs become public knowledge (after a public release with full source code) there is some more coverage that resembles what we found amid "Heartbleed" hype [1, 2, 3] (in both cases a firm with Microsoft connections claimed credit for other people's discoveries and trumpeted FUD in the press). One can expect the same from Microsoft-funded 'news' networks like IDG and ZDNet, which merely covers an already fixed bug. To quote the summary:

The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.

This is not an unusual thing. Why it this suddenly front page news?

Notice the pattern. In all cases the bugs are already fixed (users just need to apply updates, unless they have already been applied automatically). This shows a strength of FOSS, not a weakness. The latest OpenSSL patches that we covered a couple of days ago (in daily links) don't relate to or amount to huge risk [1] and these are already patched [2]. The same goes for kernel bugs [3].

What we found highly disturbing here is that despite discoveries that companies like Apple and Microsoft facilitate the NSA with back doors (in secret code) we see an improportionate focus on every small bugfix in projects such as GnuTLS, OpenSSL, and Linux. Someone might be trying very hard to make the point that FOSS is the issue, not back doors which are very much included by design (and hidden in blobs). Reporters who cover bugs in FOSS but are never covering back doors in proprietary software ought to be challenged. Their bias (by omission) should be pointed out to them. ⬆

Related/contextual items from the news:

New OpenSSL breech is no Heartbleed, but needs to be taken seriously

OpenSSL Security Update now available for Fedora

Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS

The European Patent Office Cannot Attract Proficient Patent Examiners Who Master Their Domain: They are enablers and facilitators of corruption
[Meme] 9AM Meeting at Brett Wilson LLP: Brett Wilson LLP in space
Debian Can Dump Blind Users Because I am Not Blind: the sort of mentality we're up against
Fascistic Policies Got 'Normalised' in 'Public Office'. Let's Not Let the Same Happen in 'Tech'.: Political discourse typically guides what's "normal" and what "good citizens" should believe/feel
Yes, Your Mastodon Instance Will Also Shut Down: Few people run a one-person instance in the Fediverse
The Demise of GAFAM Necessitates Greater and Broader Awareness: Morale at Microsoft is really bad
Free Software Foundation Reaches 75% of Funding Goal: Not bad for this "Fosschild"
Slopwatch: 7 New Examples of Fake 'Linux' Slop Pieces (Plagiarism With Misinformation): Serial Sloppers need to be shunned
Links 19/07/2025: Kapo-berg Settles, Software Patents Challenged: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, July 18, 2025: IRC logs for Friday, July 18, 2025
Links 18/07/2025: Peace With PKK and Connie Francis Dies: Links for the day
Gemini Links 18/07/2025: Alhena 5.1.8 and Bornhack 2025: Links for the day
How to Top Up a "Limited Liability" With Even More Limitations (Dodging Accountability in the UK): Some people call it a "shell game". Sometimes it's done for tax evasion purposes.
Free Software Foundation, Inc. (FSF) Inches Towards 75% of Fund-Raising Target: Will the cutoff date be extended again?
Gemini Space (or Geminispace) Grows, But Usage of Certificate Authority Let's Encrypt Drops Further: Ideally, all Gemini capsules should use self-signed certificates
Links 18/07/2025: More Microsoft Layoffs in Activision, The New Stack (Sponsored by Microsoft) Complains About Openwashing: Links for the day
Gemini Links 18/07/2025: OCC25 Gnus for Reading Usenet and RSS Feeds, Small Web Updates: Links for the day
Listing as Staff People Who Left the Company More Than Six Years Earlier: There are apparently no laws against that
Brian Fagioli Shovels Up LLM Slop (Plagiarism) Onto Slashdot, Then Uses Slashdot for Affirmation or as Badge of Honour: Notice how some of his latest slop is presented ("as featured on Slashdot")
Social Control Media Productivity: Snapping photos of the bone
The Law Firm SLAPPing Us For the Microsofters Lost 72% of Its Tangible Assets in the Past Year, According to Its Own Reports: That might help explain why they're willing to tolerate serial stranglers from Microsoft as clients
Slopwatch: LinuxSecurity.com Slopfarm and Slopfarms Propped Up by Google News: "As LLM slop is foisted onto the WWW in place of knowledge and real content, it now gets ingested and processed by other LLMs, creating a sort of ouroboros of crap."
Links 18/07/2025: Weather Events and Health Hazards: Links for the day
Microsoft's All-Time Low in Finland: Microsoft is in a freefall
Security: Shane Wegner & Debian statement of incompetence: Reprinted with permission from Daniel Pocock
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, July 17, 2025: IRC logs for Thursday, July 17, 2025
Gemini Links 17/07/2025: "Goodreads for Gemini" and Defence of "The Small Web": Links for the day
Links 17/07/2025: Anger and Morale Issues at Microsoft, Wars and Conflicts Get Digital: Links for the day
CALEA / CALEA2 is the Real Problem, Not Chinese Operatives Exploiting CALEA / CALEA2 (as Any Other Nation Can): CALEA / CALEA2 is more of a front door than a back door
99.99% Uptime in First Half of 2025: Since January there was only one noticeable outage
Nils Torvalds and Anna "Mikke" Torvalds (née Törnqvis) Hopefully Use GNU/Linux by Now: "Torvalds Family Uses Windows, Not Linus’ Linux"
Attack of the Slopfarms: FUD-amplifying bots with slop images, slop text (LLM slop)
When People Call a Best/Close Friend of Bill Gates a "Serial Rapist": Good thing that the Linux Foundation keeps the "Linux" trademark ("Linux Mark") clean
Not My Problem, I Don't Care: Context/inspiration: Martin Niemöller
Honest Journalism About the European Patent Office Ceased to Exist After SLAPPs and Bribes to the Media: The EPO is basically a Mafia
Microsoft Bankruptcy in Russia, Shutdown in Pakistan, What Next?: It seems possible that in 2025 alone Microsoft will have laid off over 50,000 workers
Life Became Simpler When I Stopped Driving and I Don't Miss Driving When I See "Modern" Cars: Gee, wonder why car sales have plummeted...
Why I Believe Brett Wilson LLP and Its Microsoft Clients Are All Toast: So far our legal strategy has worked perfectly
EPO Jobs Are Very Toxic and Bad for One's Health: Health first, not monopolies
Response to Ryo Suwito Regarding the Four Freedoms: the point of life isn't to make more money
Microsoft's Morale Circling Down the Drain: Or gutter, toilet etc.
What Matters More Than "Market Share": The goal is freedom, not "market share"
Tech Used to be Fun. To Many of Us It's Still Fun.: You can just watch it from afar and make fun of it all
Links 17/07/2025: "Blog Identity Crisis" and Openwashing by Nvidia: Links for the day
Greffiers and the US Attorney of the Serial Strangler From Microsoft: The lawsuit can help expose extensive corruption in the American court system as well
Credit Suisse collapse obfuscated Parreaux, Thiébaud & Partners scandal: Reprinted with permission from Daniel Pocock
The People Who Promoted systemd in Debian Also Promote Wayland: This is not politics
UK Media Under Threat: Cannot Report on Data Breach, Cannot Report on Microsoft Staff Strangling Women: The story of super injunction (in the British media this week, years late)
Victims of the Serial Strangler From Microsoft, Alex Balabhadra Graveley, Wanted to Sue Him But Lacked the Funds (He Attacked Their Finances): Having spoken to victims of the Serial Strangler From Microsoft
Links 17/07/2025: Science, Hardware, and Censorship: Links for the day
Gemini Links 17/07/2025: Staying in the "Small Web" and Back on ICQ: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 16, 2025: IRC logs for Wednesday, July 16, 2025

Lots of Coverage About FOSS Bugs, No Coverage About Intentional 'Bugs' (Back Doors) in Proprietary Software

New OpenSSL breech is no Heartbleed, but needs to be taken seriously

OpenSSL Security Update now available for Fedora

Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS

Recent Techrights' Posts