Bonum Certa Men Certa

Snaps Were Never Good at Security, But the Media Coverage is Just Appalling

posted by Roy Schestowitz on Oct 01, 2023

Terrified Man

THE "sky is falling" alarmists are at it again because we're meant to think that Snaps are Linux and Linux is Snaps. OMG Ubuntu wrote a couple of posts about it [1]. Clickbait from Brian Fagioli [2] and Phoronix [3] came as well. Imagine LWN saying that Exim is Linux and Linux is Exim [4]. Instead, it places attribution correctly.

The real issue or the elephant in the room should be Windows. There's a lot of cybercrime [5] taking advantage of Windows problems and causing real fiascos [6,7], not theoretical ones.

The media should focus on culling Windows, not making a huge fuss over minor things wrongly attributed to "Linux".

Related/contextual items from the news:

  1. Snap Store Restricts Uploads Following Possible Security Issue
    Canonical is enacting manual reviews for all newly registered uploads to its Snap Store following what it describes as a ‘potential security incident’. It’s responding to reports that a number of recently published crypto-related snaps were acting in malicious manner (the apps in question have since been pulled and are no longer available to install). Now, this sounds dodgy – as any security incident might.
  2. Linux users at risk? Canonical uncovers possible security issue in Snap Store! [Ed: Clickbait from Brian Fagioli]

    When it comes to Linux-based operating systems, users don’t have to worry about security, right? Umm, no. Linux distributions are not infallible. For instance, according to a forum post, Canonical's Snap Store recently hit a big security snag when users discovered some new snaps that might contain harmful code. This scary moment shows how even trusted places like app stores can have problems that could hurt users.

    Reacting quickly, the Snap Store team removed these bad snaps from the platform, making sure no one else could find or install them. But they didn't stop there.

  3. Canonical's Snap Store Hit By Malicious Apps
    Stemming from reports of several fake crypto apps appearing in Canonical's Snap Store that aimed to steal user funds, temporary restrictions have been put in place while Canonical investigates the security matter...
  4. Multiple Exim security vulnerabilities disclosed

    The "Zero Day Initiative" site has posted a number of advisories (1, 2, 3, 4, 5, 6) describing a number of flaws in the Exim mail server, some of which are exploitable remotely. These problems, allegedly, were first reported to the project in June 2022, well over one year ago. There is some disagreement over the timing of events, with Exim developer Heiko Schlittermann claiming that no actual information was received until last May, and an anonymous ZDI representative disputing that story.

  5. A Closer Look at the Snatch Data Ransom Group
    Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.
  6. More than 3.8 billion records exposed in DarkBeam data leak

    More than 3.8 billion records have been exposed after digital protection firm DarkBeam left an interface containing the exposed records unprotected.

    The leak was discovered on September 18 by CEO of cyber security news site SecurityDiscovery, Bob Diachenko, who alerted DarkBeam to the leak. The digital protection firm immediately addressed the vulnerability and closed the leak after being alerted to the fact.

  7. Building automation giant Johnson Controls hit by ransomware attack

    Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi s […]

    Yesterday, a source told BleepingComputer that Johnson Controls suffered a ransomware attack after initially being breached at its Asia offices.

    BleepingComputer has since learned that the company suffered a cyberattack over the weekend that caused the company to shut down portions of its IT systems.

Other Recent Techrights' Posts

IBM Has Not Been Good for IBM's Red Hat (Which Microsoft Also Attempted to Buy)
GAFAM or GIAFAM are not a force for good
All Set for Tomorrow
Techrights waves
Rust's "Memory Safety" Talking Point Ought to be Discarded in Light of Fil-C
new memory-safe C/C++ compiler
 
IBM Mass Layoffs This Week Not Limited to North America, Red Hat Staff Terminated
Do not relocate for a company that sees you as nothing but a number or a "human resource"
Coming Soon: More Proof of Cocaine Use at Europe's Second-Largest Institution
Stay tuned
Entering Our 20th Year
...and still looking for answers
Mailing lists vs Discourse forums: open source communities or commodities?
Reprinted with permission from Daniel Pocock
Links 06/11/2025: "Component Abuse Challenge", Google Play Store Deemed Too Monopolistic
Links for the day
Microsoft and Microsoft GitHub (and Rust @ Microsoft GitHub) the Future of Ubuntu, They Want the Same for Debian
Ubuntu is not the place to find freedom
Richard Stallman Was Right About LLM-based Chatbots
the passing fad, LLM-based chatbots
Taking Back Control Over Technology We Purchase (Study, Modify, Enhance, and More)
"The war on general-purpose computing continues
Links 06/11/2025: EFF Wants New Executive Director, Microsoft's Azure Falls Over Again
Links for the day
The Corporate Media Carries on With Patently Phony and Misleading Narrative About IBM's Mass Layoffs
Instead of rightly alleging business failure or commercial (leadership's) weakness it is offloading blame to some mindless buzzwords
IBM Isn't Hiring Based on Age Groups. It Still Hires Based on Salary Expectations.
It is not about the skills available, it's about the expected cost of labour
Estimating the Scale of IBM's Mass Layoffs This Week
there is no denying that the IBM layoffs are vast
Telling Our Story as Victims of Online Abuse
This post will not mention any names
Claim That EPO Quotas Brought Corruption and Mischief to Europe's Second-Largest Institution
Nowadays corruption is the norm at the EPO and there is even rampant substance abuse among the people who run the Office
Claim That IBM Has Another 8 Days to Lay Off 'Expensive' Staff
The consensus in comments we see is, IBM is a terrible place to work in, treatment of its workers is appalling, it's utterly foolish to relocate in an effort to retain a job at IBM, and it's foolish to join the company in the first place
Science Demands Facts, Not Dogma
Saying that restricted hardware is not secure hardware should be common sense
Site Anniversary is Tomorrow
The celebrations might delay our EPO series somewhat
Launching Techrights Search
New search interface and locally hosted back end
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 05, 2025
IRC logs for Wednesday, November 05, 2025
Slopwatch: linuxbsdos.com, Linux Journal, LinuxSecurity, Brian Fagioli, and WebProNews
Either Google doesn't care about the integrity of Google News or it deems slop to be acceptable
Gemini Links 05/11/2025: Affirmation, GnuPG, and While Loops
Links for the day
Links 05/11/2025: Economic Trouble in France and US Bombing All Over the World Without Declaration of War or Congress Approving
Links for the day
IBM May Well Be Laying Off Over 13,500 and Up to 27,000 Staff This Week When It Says "Single-Digit Percentage of Our Global Workforce"
It's not yet possible to know how many people IBM gets rid of
Red Hat Staff Also Impacted by Latest IBM Layoffs With Focus on North America and Software, Infrastructure
After the bluewashing never expect to see news about "Red Hat layoffs", just as "Tivoli layoffs" aren't to be expected
Early Unverified Figures About Scale of Latest IBM Layoffs
the real scale of the RAs will remain elusive
Coming Soon: Part 4 About the EPO's Substance Abuse (Breaking Laws to Fake 'Production' and Profiting From Unlawful Monopolies)
Notice how quiet the EPO's management has been lately
How Techrights Search Works
Hopefully bots won't use it
For the Record: We Never Named Staff of the Law Firm That's Attacking Us, Except the One the Firm is Named After!
Just to affirm and be sure, I've used our new search facility
Techrights Became a Lot More Productive as a Result of Attacks on It
By default, it's safe to assume anything on the Web is garbage, especially in social control media
Unverified Rumours: IBM Cuts Will Continue Another ~10 Days, Managers Will Invite Those Impacted for 1-on-1 Meetings
Right now IBM likes diversity because with adoption of low-paid demographies it gets to pay workers less for the same work
Links 05/11/2025: Medicare Privatisation and "Breaker Box Economy"
Links for the day
Techrights Search Will Come Early
Maybe tomorrow
It Seems Like GNOME/IBM Don't Like Women and When Budget is Limited Only Women Take the Fall
Seems like a very patriarchal, GAFAM-controlled Foundation
"Last Day" as in "IBM Sacked Me" (Cruel Euphemisms)
"The entire design and research technical leadership at IBM was laid off in the past year, including this round"
analytics.usa.gov: Vista 11 Scarcely Used, GNU/Linux Increasingly Dominant (Microsoft Loses "Goodwill", Depletes Cash Equivalents, and Debt Soars)
"Total current assets" fell by more than 2 billion dollars in the past 3 months
Shadow Crew and Ads Disguised as Articles
That The Register MS runs articles that are paid-for fluff isn't unprecedented
Vista 11 "Market Share" Has Fallen This Month, Based on statCounter
The US government's own data shows the same thing this month
This is How Mainstream Media, Boosted or Parroted by Slopfarms, Spins IBM's Commercial Failure and Mass Layoffs as "AI"
Some say "software focus", but most just resort to buzzwords and blame-shifting hype
Resisting Misogynists
Rianne has already added close to 100,000 pages to this site
Starting November on a Strong Note
All in all, this month started well for us as we have good, accurate publications with considerable impact
Fake Retirements Help IBM Keep the Layoff Figures Down
Yesterday we read that it was quite cruel how IBM (or Red Hat) compelled staff to pretend to be happily leaving or "retiring" when the reality was, they had been pushed out with some "package"
Cocaine at the European Patent Office Now a Subject in YouTube, Media Will Revisit the Topic
"The Cocaine Patent Office" is no joking matter
Gemini Links 05/11/2025: "Wuthering Heights" and "Winter is Coming"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 04, 2025
IRC logs for Tuesday, November 04, 2025
2 Days Until Site Anniversary Party, Search Likely to Launch Same Day
We're now just two days away from the nineteenth anniversary of the site
Not Only Mass Layoffs at IBM But Complete Shutdowns "Amid A.I. Boom"
apparently about 10,000 layoffs, not counting those who got pushed out by PIPs and other means