Bonum Certa Men Certa

Binary 'Security' Vastly Inferior to Free Software Patching

Summary: The PHP-based WordPress is reported as the cause for ISC's woes, but it was not kept up to date (a very simple and risk-free task) and the victims are actually Microsoft Windows PCs

I could personally relate to this report about a high-profile WordPress site getting cracked as it very closely relates to my job. What's interesting about it is that the victim (or the target) is really Windows, not GNU/Linux.



"So, it looks like the chances are that ISC's problem is limited to Windows PC malware and it hasn't effected BIND or ISC's DNS site," wrote Steven J. Vaughan-Nichols. Microsoft Windows is targeted via the browser. It's just so easy.

"Bind is outdated anyway," told us a reader. "Better replacements have been available for a long time."

According to the first report, "ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems." This might not help protect from out-of-date or vulnerable extensions to WordPress. It's not an easy task. I have worked with WordPress for over 10 years and with Drupal for close to 5 years (including involvement in the development community), so I can confess that some flaws are inevitable. When it comes to Free software, however, the patching process is vastly superior to that of proprietary software, where many of the flaws are never patched or are silently patched without even informing users.

The whole notion of protecting from bugs at a binary level is ludicrous. Someone who is a programmer from Microsoft spoke to me for hours some days ago and told me that Windows system updates can take a vast amount of time because of lack of modularity. Large blobs that have unknown changes in them are not the way to patch flaws, let alone inform those affected of what is being patched and why.

It is with that in mind that we also approach the binary-level checks for 'security' by UEFI 'secure' boot. It's complete nonsense. It doesn't work and it does not improve security, it just restricts the function of general-purpose computing. Bottomley from Novell continues to support this nonsense based on a Phoronix report that says:

James Bottomley has updated the open-source UEFI Secure Boot Tools for Linux distributions to build against the UEFI 2.4 specification.

UEFI 2.4 has been out for the past year and a half while finally now the UEFI Secure Boot Tools have been updated against the latest spec.


UEFI 'secure' boot is how Microsoft and Intel (Wintel) have complicated Free software use, as we're reminded by a new article where Jamie is nagging about UEFI 'secure' boot when installing a new good flavour of GNU/Linux:

"Any computer that comes with UEFI should now be avoided.""[I]f you are installing PCLinuxOS to a UEFI-firmware system," he writes, "the best thing to do (and the most common and sensible by far, I'm sure) is to simply leave it in Legacy/MBR boot enabled, don't try to switch back to UEFI boot."

Any computer that comes with UEFI should now be avoided. It is possible to avoid such computers and voting with one's wallet can be very effective.

Recent Techrights' Posts

Ubuntu Desktop Director of Engineering Has Only One Blog Post. It Promotes Microsoft Windows.
Remember that even 15 years ago (more or less, maybe 16 years ago) Canonical appointed a a 'former' Microsoft manager (Spencer) to lead Ubuntu on the desktop
IBM Red Hat on "era of cloud computing", pushing "hey hi" (AI) hype in Microsoft Azure
LLM slop might actually be more benign than Microsoft promotion
Corruption and Rule-Breaking Prevail at the European Patent Office (EPO), Europe's Second-Largest Institution
The law does not really exist at the EPO; it can be perceived as merely a "recommendation"
404 Media Says "Workers at NASA Told to Drop Everything to Scrub Mentions of Indigenous People, Women from Its Websites" But There's Also Accessibility in the Firing Line
In the case of abandoning accessibility, everyone stands to be hurt and proprietary software can be brought in to replace standards
 
Tons of Anti-Linux 'Articles' Published by Bots (LLMs), Maybe Microsoft's
Upon closer inspection, all this FUD turned out to be LLM garbage
Gemini Links 06/02/2025: Voicemail Sucks and Night of Lights
Links for the day
Links 06/02/2025: YouTube Takedowns Out of Control, 'DOGE' Breaking Laws
Links for the day
statCounter: More Countries Where Windows is Around 1% "Market Share" (People Have Moved to Android/Linux)
in some nations Windows is already 1% or less
When BetaNews Writes Real Articles About "Linux" They Promote Windows
The Web is in a bad state. We need to at least try to correct this.
Gemini Links 06/02/2025: Cynicism and "Real Magic on the C64"
Links for the day
Links 06/02/2025: New Sanctions, Layoffs, and Executive Orders
Links for the day
Distros and Desktop Environments, Devices
GNU/Linux focused
New Rumours of IBM Layoffs in 2025, IBM Consulting Still Struggles, Based on Management
"Hey hi" (AI) has been a common excuse for business failure
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 05, 2025
IRC logs for Wednesday, February 05, 2025
Links 05/02/2025: Kessler Syndrome and News Online
Links for the day
statCounter: Monaco Now 7% GNU/Linux ("Proper")
GNU/Linux, not counting Chromebooks, is on the rise
Many Parts of Google Lose Money
It's quite apparent that many parts of Google - even some that rely on ad revenue or push ads - aren't profiting
European Internet Forum (EIF) is Dominated by American Corporations and Microsoft Lobbyists, Staff Take the Lead
Should the officials over here or the European Parliament pay attention to these people?
Links 05/02/2025: Connection without Connectivity and Unionised Grocery Workers
Links for the day
Just Because People on Top of the Microsoft Pyramid Made a Lot of Money Doesn't Mean Microsoft is Wealthy
The bigger they are the harder they fall
Gemini Links 05/02/2025: Learning, Madman Ruling a Mad Country, Back in Geminispace
Links for the day
statCounter Shows "WIntel" Chasing a Dying Market
Microsoft acts as if it's running out of money
Free Software Foundation, Inc. (FSF) Still Raising Money, Richard Stallman Contributes
total exceeding $430k
A Lot of Stuff About "Linux" in Google News is LLM Slop, Fake 'Articles'
It seems to be getting worse
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 04, 2025
IRC logs for Tuesday, February 04, 2025
'Official' Debian Sites That Sell Proprietary and Surveillance
"Azure API throttling strikes back"
statCounter: Only 1 in ~40 Web Users in Ireland Uses Microsoft Browser, One in Six Uses Windows
When/if Windows market share goes down, so will Edge
Links 04/02/2025: Social Control Media Bans and US Fighting Its Allies, Not Russia
Links for the day
Links 04/02/2025: Birth of a Calf, FOSDEM, and More
Links for the day
Anti-Linux FUD Sites cybersecuritynews.com and gbhackers.com Turn Out to be LLM Slop, Even Plagiarism That Spreads Lies
Beware false headlines and fake text from cybersecuritynews.com and gbhackers.com
BetaNews Began Removing LLM Slop About "Linux", But More of It Keeps Coming From Guardian Digital, Inc (at linuxsecurity.com)
the other Serial Slopper, Guardian Digital, Inc
Mollamby, Suicide Cluster, not trademark, the real reasons for Debian legal expenses, evidence
Reprinted with permission from Daniel Pocock
Links 04/02/2025: Mass Layoffs at Salesforce, Economic Pressures, Trade Wars
Links for the day
The Latest Microsoft Layoffs Are a Wake-up Call: The Company is Running Low on Money
in most areas it is not even profitable
[Video] Richard Stallman Auctioning a GNU (Gnu) at Surathkal, India
clip is only a minute-long
Software Freedom Month at NITK Surathkal and Yesterday's Talk by Richard Stallman
the message being spread by the person who started it all
Richard Stallman Has Another Talk in India Tomorrow, at Least Fourth India Talk in Recent Days
In the past month he has given at least half a dozen talks
statCounter: GNU/Linux and ChromeOS Now Measured at 2.78% in Japan (It Used to be Less Than 0.5%)
really 'took off' half a decade ago
GNU/Linux Reaches All-Time High in the United States, Based on statCounter
Windows is the loser; GNU/Linux grows at its expense
LLM Hype (Chatbots Hyped and Wrongly Characterised as "Artificial Intelligence") Cause Net Inflation
Net as in Internet, not limited to the Web
It Looks Like BetaNews' Managing Editor Wayne Williams is Taking Over From Fagioli After Repeat Pattern of LLM Slop (State-of-the-Art Plagiarism) About "Linux"
The most plausible explanation is, Fagioli got caught or his conduct could no longer be ignored
statCounter Reckons Less Than 10% in Mexico Still Use Windows to Access to Web and GNU/Linux Surges to All-Time High (Plus, Microsoft's Latest Debt Crisis)
Looking at Mexico in isolation
From India to Italy: Richard Stallman's Next Talk is Next Week in Torino
Announced less than a day ago
Corporate Media is Intentionally Lying for Microsoft, There's Now a Hiring Freeze, No Replacements for Workers Laid Off in Two Mass Layoffs Last Month
Maybe the media - at least some of it - actually deserves doom. If it covers up for the powerful to muzzle and gaslight the oppressed, then what sort of media is that anyway?
Gemini Links 04/02/2025: Tolkien and New Job
Links for the day
Covering EPO Scandals in an Age of Mass Censorship (and Europe Being Afraid to Introspect, for It Might "Help Putin")
It was all along expected that "external enemies" would be invoked to suppress discussion about EPO crimes
Facebook Finally Admits That It Censored Linux and Banned People for Mentioning It; statCounter Shows Rapid Growth for GNU/Linux in Southeast Asia
So GAFAM is losing its power
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 03, 2025
IRC logs for Monday, February 03, 2025