AS our previous post stated, there is an effort to keep insecurity debates around Free software, even if by going a whole year back to the "Heartbleed" brand. "More branded bug FUD" can be found here, according to a reader of ours. So why are journalists still so stubborn and so eager to keep us talking about Free software as the risk when Microsoft deliberately makes its software insecure as if the priority is to keep remote access (by anyone) in tact (some countries now recognise this)? Why are there no brands for Microsoft's critical bugs these days? Free software is a big threat to the Security State, not to security, so a large number of moles can be suspected or even assumed. How many SSL flaws have already affected Microsoft and how many of them got "branded" in the same way as the OpenSSL bug? Some journalists don't even name Windows, to spare Microsoft the embarrassment.
"Some journalists don't even name Windows, to spare Microsoft the embarrassment."Another back door/bug door in Windows has just been found. As iophk told us yesterday: "No logo or name?" No, it's Windows. Remote access by anyone is a given any day.
As this article noted the other day, "Microsoft abruptly ended advance notification of security patches in January."
In other words, Microsoft does not even inform those affected by serious bugs anymore. And in other news (yesterday), "HTTP 'pings of death' are spewing across web to kill Windows servers" (not the first of this kind).
To quote the article: "The SANS Institute has warned Windows IIS web server admins to get patching as miscreants are now exploiting a flaw in the software to crash websites."
"For Microsoft," says an IDG report, "the vulnerabilities just keep popping up, and appear to be surfacing more quickly than ever before.
"Like last month, Microsoft issued a fairly large number of security bulletins for April Patch Tuesday—11 bulletins addressing 26 vulnerabilities. Last month brought 14 bulletins from Microsoft, covering 43 vulnerabilities."
Remember that Microsoft does not even report all the vulnerabilities. It games the system by making up bogus numbers (silent patches). ⬆