Qualys Admits That Its Scare Campaign (So-called 'GHOST') Somewhat Baseless

Dr. Roy Schestowitz

2015-01-30 11:14:06 UTC
Modified: 2015-01-30 11:14:06 UTC

Giving names to bugs to make them sound scary

Scare campaign

Summary: Even the company that bombarded the media with its "GHOST" nonsense admits that this bug, which was fixed two years ago, does not pose much of a threat

TWO days ago we wrote about the self-promotional FUD campaign from Qualys, noting that it had been blown out of proportion, as intended all along by Qualys (which even gave it the name "GHOST" and paid for expensive press releases in corporate news). A Red Hat employee reveals that even Qualys itself realised that its pet PR/marketing charade, "GHOST", is not much of a risk.

He said that "the people at Qualys that worked hard to hype GHOST into a doomsday bug had to admit that most software calling the gethostbyname function couldn't be forced to exploit the bug. As they say themselves (from "the Qualys Security Advisory team"):

"Here is a list of potential targets that we investigated (they all call gethostbyname, one way or another), but to the best of our knowledge, the buffer overflow cannot be triggered in any of them:

apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd."

"To put things in perspective see this [discussion]," he added. It's LWN refuting Dan Goodin, the anti-GNU/Linux 'security' rhetoric person from Condé Nast (we took note of his coverage the other day).

"But as always," added the guy from Red Hat, "the truth isn't that clickbaiting...

"It was a bug. It has been fixed. But it wasn't that simple to exploit. Patches are available and as it seems no one got hurt." ⬆

Brian Fagioli's Latest "Linux" Article Appears to be Fake: Another form of plagiarism/ripoff using bots?
[Meme] When the People Who Falsely Accuse You of Pedophilia Turn Out to be Projecting: When you attack something or someone using falsehoods, as happens a lot to Richard Stallman (RMS), there's risk that the attacks will backfire, badly
Why I Continue to Believe That at the End Software Freedom Will Win: a short and incomplete list of factors which I believe contribute to the sentiment that we can - and will - win the battles over hearts and minds in the "Tech" realm
Technology: rights or responsibilities? - Part X: By Dr. Andy Farnell
Saving What's Left of Decent and Independent Journalism on the Web: We increasingly (over time) try to make local copies (hosted on our server) of important documents; it's hard to rely on third parties
[Meme] Microsoft's Latest Marketing Pitch: "Stop Being Poor; buy a new PC with TPMs"
In South Africa, a Very Large Nation, Web Developers Can Already Ignore Microsoft Browsers (Edge Measured Below 3% in 55 Nations): The dumb assumption you must naively test with Microsoft browsers is no longer applicable in a lot of places
Open Source Initiative (OSI) is the Voice of Bill Gates and Satya Nadella: Not hard to see what they've done with the money
Microsoft Boasts That Its (Microsoft-Sponsored) "Open Source AI" Propaganda Got Cited in Media (That's Just What the Money Did): This is a grotesque openwashing campaign
In Many Places Around the World, Perhaps as Expected, Yandex is Nearly Bigger Than Microsoft (Like in Several African Countries): Microsoft may soon fall to "third place" in search
Keeping Productive This Christmas: We've (pre)paid for hosting till almost January 2026 and fully back on the saddle
IBM and Canonical Leave Money on the Table Because Microsoft Pays Them Not to Compete and Instead Market Windows, WSL, Microsoft 'Clown Computing', and TPMs: Where are the regulators?
Other Editors Who Agree "Hey Hi" (AI) is Just Hype But Won't Say So Publicly as It Might Upset Key Sponsors: Some media would gladly participate in a scam to make money
IBM (and Red Hat) is a Patent Troll, Still Leveraging Software Patents to Extract Money Out of Other Companies by Suing Them: Basically, when it comes to patents, IBM is demonstrably part of the problem, not the solution
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 17, 2024: IRC logs for Tuesday, December 17, 2024
In Some Countries, Such as Greece, Almost 80% of Windows Users Are on Vista 10 and About 85% Need to Move to GNU/Linux for Security Patches: Vista 11 was a failure
[Meme] They Don't Want the Public to Know What "Responsible Encryption" Really Means: They also blame "China" for their own back doors (because China learned how to exploit those)
The Linux Foundation's Certificate Authority (CA) Significantly and Suspiciously Raises the Number of Certificates It Issues (Quantity Increase/Inflation) by Lessening Their Lifetime in the Name of 'Security' (That Barely Makes Sense!): LE made 3 months the "standard" for most, soon to become just 6 days instead of 6 months?
Links 17/12/2024: More China Sanctions, GOP Scheming to Prop Up Fentanylware (TikTok): Links for the day
Gemini Links 17/12/2024: The Streisand Effect and Productivity-systems Desiderata: Links for the day
Links 17/12/2024: More "Tesla Autopilot" and "Hey Hi" (AI) Blunders: Links for the day
Instead of Promoting GNU/Linux (or Ubuntu) Ahead of Vista 10's EoL Canonical is Marketing Microsoft's Proprietary Software: It's like Canonical employs people who work for Microsoft, not for Canonical
Links 17/12/2024: Many Abuses by Microsoft and War Updates From Ukraine: Links for the day
Content Management Systems (CMS) Bloat/ Static Site Generators (SSG) Trouble: some Web site management stories
DEI Room at fedoraproject.org Pretty Much Dead: We're not against diversity but against its weaponisation by greedy people who do not value diversity at all
The "Latest Technology News" at BetaNews is Slop About Slop: This is at the very top of the "news" (front page) at the moment
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, December 16, 2024: IRC logs for Monday, December 16, 2024
Gemini Links 16/12/2024: Invisibles and 20 Years of GNU/Linux on the Desktop: Links for the day
Microsoft's Windows Fell From 98% to Less Than 15% (in 15 Years in Africa): Operating System Market Share Africa
Swaziland: GNU/Linux Leaps to 7.24%, Based on statCounter: Remember that Microsoft had many layoffs this year in Africa
A Birthday Wish: My birthday is a few hours away
[Meme] Definitely Not Your Role Models: Hypocrite Neckbeard Meme
Changes or Variation of Logo at the FSF as 40th Anniversary is Near (Months Away): Next year the FSF turns 40
Mobile Usage Nearly 90% in Maharlika (Philippines)?: Microsoft has become just a footnote
Push Back and Become More Vocal for LLM Abuse and Misuse to Stop: We hope that more people out there (sites too) will call out the people who saturate particular topics on the Web with machine-generated junk
The Media Failed to Hold GAFAM Accountable (and Now It Suffers From It and For It): This recognition of the problem emboldens us to carry on
Botswana: New Highs for GNU/Linux, All-Time Lows for Microsoft: No wonder Microsoft has so many layoffs in Africa this year
Links 16/12/2024: Skinnerboxes ("Smart" "Phones") and Control Social Media Blamed for Fights: Links for the day
Reminder: The Microsoft Person Who Used OpenAI for En Masse GPL Violations Told the Whistleblower to Kill Herself: The evidence (real message)
Links 16/12/2024: emacs, Drawabox, “You Should Have Your Own Website”: Links for the day
In Some Parts of the World, Like Central America and South America, Microsoft is Irrelevant on the Web: Nadella has bet the farm on a Ponzi scheme
[Meme] Microsoft is Not a Country: Reporting crimes is essential for democracy
There's Not Much Time Left for President Biden to Pardon Julian Assange and Signal to Journalists That Exposing States' Crimes or Rich People's Misbehaviour is Lawful: Apathy towards this is part of the problem
Image Fusion is Not 'AI' (LLMs Aren't Either): Such fakes can (and always could) be done by a digital artist, it's just a little more expensive and time-consuming
GNU/Linux at New Highs in Bosnia And Herzegovina: Quite a few Balkan nations show high adoption rates for GNU/Linux
From Scientists to Pigeons: The EPO Has Turned Patent Examination Into a Process Made by Computers and Improperly Trained Staff Which Doesn't Meet the Requirements of the European Patent Convention (EPC): Might as well abolish this entire system if this is the current trajectory
Razik Menidjel Will No Longer be Chief Operating Officer Operations at the EPO: What does the EPC say about slop and should it be updated to deal with trouble such as slop?
Underpaid and Inexperienced Workers Overwhelm the EPO, Granting Many Invalid Patents and Placing Pressure on Veteran Examiners: So-called "production" (giving monopolies) pressure is "compromising the quality of our products" [sic] according to a new report
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, December 15, 2024: IRC logs for Sunday, December 15, 2024

Qualys Admits That Its Scare Campaign (So-called 'GHOST') Somewhat Baseless

Recent Techrights' Posts