Bonum Certa Men Certa

Snaps Were Never Good at Security, But the Media Coverage is Just Appalling

posted by Roy Schestowitz on Oct 01, 2023

Terrified Man

THE "sky is falling" alarmists are at it again because we're meant to think that Snaps are Linux and Linux is Snaps. OMG Ubuntu wrote a couple of posts about it [1]. Clickbait from Brian Fagioli [2] and Phoronix [3] came as well. Imagine LWN saying that Exim is Linux and Linux is Exim [4]. Instead, it places attribution correctly.

The real issue or the elephant in the room should be Windows. There's a lot of cybercrime [5] taking advantage of Windows problems and causing real fiascos [6,7], not theoretical ones.

The media should focus on culling Windows, not making a huge fuss over minor things wrongly attributed to "Linux".

Related/contextual items from the news:

  1. Snap Store Restricts Uploads Following Possible Security Issue
    Canonical is enacting manual reviews for all newly registered uploads to its Snap Store following what it describes as a ‘potential security incident’. It’s responding to reports that a number of recently published crypto-related snaps were acting in malicious manner (the apps in question have since been pulled and are no longer available to install). Now, this sounds dodgy – as any security incident might.
  2. Linux users at risk? Canonical uncovers possible security issue in Snap Store! [Ed: Clickbait from Brian Fagioli]

    When it comes to Linux-based operating systems, users don’t have to worry about security, right? Umm, no. Linux distributions are not infallible. For instance, according to a forum post, Canonical's Snap Store recently hit a big security snag when users discovered some new snaps that might contain harmful code. This scary moment shows how even trusted places like app stores can have problems that could hurt users.

    Reacting quickly, the Snap Store team removed these bad snaps from the platform, making sure no one else could find or install them. But they didn't stop there.

  3. Canonical's Snap Store Hit By Malicious Apps
    Stemming from reports of several fake crypto apps appearing in Canonical's Snap Store that aimed to steal user funds, temporary restrictions have been put in place while Canonical investigates the security matter...
  4. Multiple Exim security vulnerabilities disclosed

    The "Zero Day Initiative" site has posted a number of advisories (1, 2, 3, 4, 5, 6) describing a number of flaws in the Exim mail server, some of which are exploitable remotely. These problems, allegedly, were first reported to the project in June 2022, well over one year ago. There is some disagreement over the timing of events, with Exim developer Heiko Schlittermann claiming that no actual information was received until last May, and an anonymous ZDI representative disputing that story.

  5. A Closer Look at the Snatch Data Ransom Group
    Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.
  6. More than 3.8 billion records exposed in DarkBeam data leak

    More than 3.8 billion records have been exposed after digital protection firm DarkBeam left an interface containing the exposed records unprotected.

    The leak was discovered on September 18 by CEO of cyber security news site SecurityDiscovery, Bob Diachenko, who alerted DarkBeam to the leak. The digital protection firm immediately addressed the vulnerability and closed the leak after being alerted to the fact.

  7. Building automation giant Johnson Controls hit by ransomware attack

    Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi s […]

    Yesterday, a source told BleepingComputer that Johnson Controls suffered a ransomware attack after initially being breached at its Asia offices.

    BleepingComputer has since learned that the company suffered a cyberattack over the weekend that caused the company to shut down portions of its IT systems.

Other Recent Techrights' Posts

LLMs Breaking Everything
Computing and the Net became a playground for scammers and "bros", like people who "invented" fake currencies and also try to tell us that LLMs spewing out things will have some real value
1989: Free Software as "Open" Software (OSI Didn't Coin "Open Source", It Also Predates Linux)
"One man's fight for Free software"
 
Law Firms Facing the Consequences for Patently Abusive Litigation on Behalf of Microsoft Employees Who Got Arrested for Strangulation and Had Done Even Worse Things
Having spent 1.5 years bullying me with patronising letters on behalf of Microsofters, last week they got served a massive bill and, in effect, lost the Hearing
New Report From the EPO's Staff Representatives in The Hague (LSCTH) Reveals Many Unsolved Issues
Local Staff Committee The Hague (LSCTH) wrote to staff just before the weekend
Links 22/06/2025: More Slop Lawsuits (Copyrights) and "America’s Oligarch Problem"
Links for the day
Gemini Links 22/06/2025: Gigantic Toolchest and Annoying Bots
Links for the day
The Calling
Persist and persevere, justice will come your way
So Far Every BetaNews 'Article' is LLM Slop, So BetaNews is Officially Just a Slopfarm
They just don't seem to value what they have
IBM Rumour: Mass Layoffs (RAs) Lists Being Made for Consulting, With Effect in July 2025
Bogus companies with no viable products and no world-leading (in their field) staff are doomed to perish
Links 21/06/2025: Data Breach With 16 Billion Passwords, Dutch Government Recommends Children Under 15 Stay off TikTok and Instagram
Links for the day
Gemini Links 21/06/2025: Notes about Typst (and LaTeX) and Opos
Links for the day
Microsoft's Competition Tactics: Sabotage GNU/Linux Installs, Block Chrome
Edge is dying
The Microsoft OOXML Modus Operandi: Throw 1,000 Pages of Other People's Work for a Judge to Read Ahead of a One-Hour Meeting
No time to discuss this - that's the point
Formalities Officers (FOs) at the EPO Are in Trouble, Reveals Internal Report
We already know, based on an HR pattern we saw at IBM and elsewhere, that reallocating roles can be prerequisite for dismissal and those who do so expect many to resign anyway
The Web is Slop and FUD, Let's Go to Gemini Protocol
Lupa sees self-signed capsules at 92.4%
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 20, 2025
IRC logs for Friday, June 20, 2025
Links 21/06/2025: Phone Bans for Concerts, Tensions in Taiwan Strait
Links for the day
Gemini Links 21/06/2025: Spoilers, Public Yggdrasil Node, Changes to AuraGem Search
Links for the day
"Six years of Gemini!"
From gemini://geminiprotocol.net
Gemini Links 20/06/2025: Summer Updates and Hardware Failures
Links for the day
Links 20/06/2025: Google Shareholder Sues Google and Google Sued for Defamatory Slop ('Hey Hi') Word Salads ('Summaries')
Links for the day
Linux Journal Might Have Become the Latest Slopfarm Targeting "Linux", the Trends Are Concerning for Dying News Sites
They tarnish the Web with junk and then die
On "Learning to Code"
quality may suffer, plus things get bloated
Quick Points Regarding This Week's Court Hearing
it paves the way for us to squash all the SLAPPs from Microsofters
Common Mistake: Believing Social Control Media Will Document Your Writings/Thoughts and Search Engines Like Google Will Help You Find These
Many news sites wrongly assumed that posting directly to Twitter would be acceptable
The Manchester Bees and This Hot Summer
We have had a fantastic week so far this week
Gemini Protocol Enters Its Seventh Year, Growth Has Accelerated!
Maybe in June 20 2026 there will be over 3,500 active capsules?
Mastodon and the Fediverse Have an Issue: Liability for Content (Even in Other Instances) and Costs
self-hosting is the only logical path forward
Why Microsoft and Its 'Hey Hi' (Slop) Frenzy Fail While Sinking in Deep, Growing Debt
Right now, like Twitter around the time it was sold to MElon, "open" "hey hi" is a big pile of debt with a lot to pay for that debt (interest payments)
Europe is Leaving Microsoft, the Press Coverage Isn't Sufficiently Helpful
The news is generally positive, but the press coverage leaves so much to be desired
Slopwatch: Linuxsecurity, BetaNews, and Linux Journal
slippery slope
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 19, 2025
IRC logs for Thursday, June 19, 2025
Gemini Links 20/06/2025: Gemini Protocol Turns 6!
Links for the day