Bonum Certa Men Certa

Security Disinformation

Measuring electricity



Summary: Latest OpenSSL FUD and Microsoft's Howard Schmidt's role informing the public about cyber-security risks

OUR complaints about The Register have intensified recently [1, 2, 3, 4] because of poor articles like this one (see the comments).



The Register spreads FUD about OpenSSL (not the first such smear, after comparisons to "communism" too) and Bradley M. Kuhn from the SFLC has responded as follows:

Ok, Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU



Boy, do I hate it when a FLOSS project is given a hard time unfairly. I was this morning greeted with news from many places that OpenSSL, one of the most common FLOSS software libraries used for cryptography, was somehow "severely vulnerable".

I had a hunch what was going on. I quickly downloaded a copy of the academic paper that was cited as the sole source for the story and read it. As I feared, OpenSSL was getting some bad press unfairly. One must really read this academic computer science article in the context it was written; most commenting about this paper probably did not.

First of all, I don't claim to be an expert on cryptography, and I think my knowledge level to opine on this subject remains limited to a little blog post like this and nothing more. Between college and graduate school, I worked as a system administrator focusing on network security. While a computer science graduate student, I did take two cryptography courses, two theory of computation courses, and one class on complexity theory. So, when compared to the general population I probably am an expert, but compared to people who actually work in cryptography regularly, I'm clearly a novice. However, I suspect many who have hitherto opined about this academic article to declare this "severe vulnerability" have even less knowledge than I do on the subject.


There are much bigger problems to worry about, such as the latest news about Windows botnets [1, 2, 3]. The authors of the Windows exploit might not even face a jail sentence, based on this report.

Three Spanish men were arrested last month for allegedly building an international network of more than 12 million hacked PCs that were used for everything from identity theft to spamming. But according to Spanish authorities and security experts who helped unravel the crime ring, the accused may very well never see the inside of a jail cell even if they are ultimately found guilty, due to insufficient cyber crime legislation in Spain.


Regarding this new article about Scott Charney's outrageous remarks [1, 2] (he worked for the US government before Microsoft hired him), Groklaw wrote 3 days ago: "First Microsoft fills the world with security issues and problems, then it wants the public to be taxed to fix them? I think Microsoft needs to fix its own software itself." Microsoft's own negligence [1, 2, 3] ought to have Microsoft bear the bill.

Howard Schmidt, the US Cyber Czar who came directly from Microsoft [1, 2, 3, 4], claims/pretends that there is no problem, even though many firms that include Google were intruded due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] (there are more security patches coming shortly). Even Google source code got grabbed. [via]

Operation Aurora continues to be a hot topic inside and outside of security circles. At this week’s RSA Conference in San Francisco many conversations are on the topic of the attacks that hit Google and dozens of other companies in January.


These reports indicate that proprietary source code got nicked from Google. Microsoft also nicks proprietary source code from companies/projects like Plurk [1, 2, 3, 4], which probably puts the Redmond-based company at the same side as the crackers.

"Cyberwar Hype Intended to Destroy the Open Internet," says this report from Wired. [via]

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net-neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering. He’s the nice-seeming guy who’s willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those who are not in the know.


And on the other hand, on the same occasion we find that "US urges 'action' needed to fight net attacks," according to the BBC.

Homeland Security secretary Janet Napolitano has admitted there is an urgent need to step up efforts to protect Americans from cyber attacks.


They seem to contradict themselves. Now they claim to be looking for ideas:

Homeland Security wants to pick your brains



[...]

The lucky winners will be invited to an event in Washington DC in late May or early June. They'll get to partner with the department to lead in the planning of the National Cybersecurity Awareness Campaign, due to launch in October.


Over at CNET, Dennis O'Reilly has this new article about "five ways to keep your [Windows] PC free of viruses and Trojans". Here is one of his suggestions.

If you can't give up Windows, you may still be able to install Linux on an old PC or in a partition of your Windows PC. Then you can use that system (or partition) whenever you engage in any sensitive computer activities. You'll find instructions for dual-booting Windows and the Ubuntu version of Linux on the Ubuntu Community Documentation site.


Thumbs up to Dennis.

"Usually Microsoft doesn't develop products, we buy products. It's not a bad product, but bits and pieces are missing."

--Arno Edelmann, Microsoft's European business security product manager

Comments

Recent Techrights' Posts

Rewriting Things in Rust
How far would you go?
What Microsoft Reputation Laundering (With a Weaponised Law Degree) Looks Like in a Foreign Continent
You would expect this in uncivilised and primitive countries
Slopwatch: LLMs 'Write' Fake or Distorted 'News' About "Linux"
LLM slop disguised as news
 
“Twibel” Actions Against Comedians (and Why It's a Truly Low Blow)
they try to make up in quantities for a lack of merit or quality
Linux Foundation Apparently Flirting With Slop (Marketing by LLM-Generated SPAM)
The Web is in a really bad state!
COVID-19 Sped Up Site Improvements in Techrights
A few months later we created our very own IRC network
Gemini Links 05/07/2025: Negative Questions and 'Touching Grass' (Going Outside)
Links for the day
Links 05/07/2025: Dalai Lama Succession as 90th Birthday Approaches, 40 deg C in China
Links for the day
Links 05/07/2025: Hungary and US Defecting to Russia, "Google's Hotseat Hypocrisy"
Links for the day
Gemini Links 05/07/2025: 4th of July 2025 and "Zig Roadmap 2026"
Links for the day
How to Combat the Exploitation and Abuse by Microsoft GitHub
Not to mention corruption and crimes against women
Bryan Lunduke is Actually Sending His Audience to Attack People
"[Lunduke] is actually sending his audience to attack people."
Even The Right Wing is Rejecting Bryan Lunduke
no wonder he became so irrelevant and marginal
Microsoft's MSN Helps Microsoft Spread Lies About the Layoffs' Scale (Well Over 25,000 People Laid Off This Year)
There seem to be monopolies on lies and on truth
The Death of X Has Been Greatly Exaggerated (by Compromised Media)
X.Org Server is alive and well
In 2025 Everything is "AI". Remember Blockchains?
Talk about what companies and things (services, products, software) actually do, not the labels they use
Julian Assange Has Been Free for a Year
Julian Assange and I disagreed on some things
Monopolies and Scalping
Monopolies gravitate towards price hikes
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 04, 2025
IRC logs for Friday, July 04, 2025
Microsoft's August Layoffs Wave: "August is Confirmed for Additional Performance Based Cuts"
"August is confirmed for additional performance based cuts from the recent connects along with additional organizational cuts."
Links 04/07/2025: Google Replaces the Web With Slop, "AI Might Kill Us All"
Links for the day
Gemini Links 04/07/2025: Mindfulness and F1
Links for the day
Weeks After Microsoft Bankruptcy in Russia the Company Shuts Down in Pakistan, Too
Last month Windows' share in Pakistan fell to an all-time low
Rob Musial's June 2025 Additions of Malware in Proprietary Software
Via the GNU Web site this week
Links 04/07/2025: Microsoft's H-1B Visa Applications Show Another Crisis Unfolding, Many More Deep Cuts and Shutdowns Revealed, Complete Microsoft Exits
Links for the day
Gemini Links 04/07/2025: A Day To Remember and "Stop Killing Games"
Links for the day
Crime and Corruption at Microsoft GitHub Cannot be Covered Up by SLAPPs in Another Continent
We'll write about this for a long time to come
Slop Videos Are Disappointing Garbage, Nothing New, Just Brute Force up on Display or a Pedestal of Slop
Slop videos aren't a new thing
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 03, 2025
IRC logs for Thursday, July 03, 2025
The War on Local Storage (People Hosting Their Files Locally and Privately)
There's nothing wrong with controlling one's computing
What Digital Independence Means
Independence in the digital realms means abandoning platforms like GitHub, not just rejecting proprietary software
NVidia is a Bubble
they temporarily see fortunes and wrongly assume perpetuity thereof
Fedora Does Not Care About Diversity and Inclusion, It's About Optics (Corporate Image)
any notion of inclusion is superficial and misleading
Don't Buy the Excuses for Microsoft's Mass Layoffs
Back in the 90s, Microsoft bought a lot of companies to get and stay ahead
Happy Independence Day to Our American Readers
Maybe tomorrow will be a good opportunity to explain to American people - in terms of concepts, not brands - which tools respect their independence
Slopwatch: Linux Journal, Linuxsecurity, and Google News Getting Even Worse (More Slopfarms Added Which Attack Linux With Bruce-Force SPAM)
Google News is part of the same problem
Links 03/07/2025: More Cuts and Cancellations at Microsoft Revealed
Links for the day
Gemini Links 03/07/2025: Favourite Child and Launching WikiGem
Links for the day
GNU/Linux is Replacing Microsoft Windows. But We Need to Eradicate Microsoft, It's a Hub of Crime.
I have been writing about Microsoft since the 1990s when I was in school
Mystery Surrounding the PCLinuxOS Sites and PCLinuxOS Magazine
Let's hope this isn't something major
People and Companies Do Learn Some Lessons From Their Mistakes (Stubborn Ones Don't)
Brett Wilson LLP is an example of one that would rather drown in mistakes
Links 03/07/2025: 'Hey Hi' Slop Ridiculed Some More and Microsoft's Layoffs Tally for 2025 Reaches About 29,000 in Just 6 Months (Almost 5,000 Per Month)
Links for the day
Microsoft Staff Harassing Women, Strangling Women, Telling Women to Kill Themselves and Worse? Not a Problem!
Two women have left Brett Wilson LLP
The Slopfarms Are Losing the Plot (and Google is Propping Up Rogue Sites)
Google is part of the attack on the Web, on information, and on technology
New BetaNews Realises There's No Potential or Future in Slopfarms, Prior Editor Wayne Williams is Back
They realise that slop (so-called "AI") cannot replace humans
Claims That Microsoft Looks for Staff That Works More and Gets Paid Less (or Can Only Code by Grabbing Other People's Code, Under the Guise of "AI")
People can form their own opinion
Richard Stallman Was Right About Reasons Not to Use Microsoft
last updated 2017
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 02, 2025
IRC logs for Wednesday, July 02, 2025
Gemini Links 03/07/2025: No to Cloudflare and Small Web July
Links for the day