Bonum Certa Men Certa

Snaps Were Never Good at Security, But the Media Coverage is Just Appalling

posted by Roy Schestowitz on Oct 01, 2023

Terrified Man

THE "sky is falling" alarmists are at it again because we're meant to think that Snaps are Linux and Linux is Snaps. OMG Ubuntu wrote a couple of posts about it [1]. Clickbait from Brian Fagioli [2] and Phoronix [3] came as well. Imagine LWN saying that Exim is Linux and Linux is Exim [4]. Instead, it places attribution correctly.

The real issue or the elephant in the room should be Windows. There's a lot of cybercrime [5] taking advantage of Windows problems and causing real fiascos [6,7], not theoretical ones.

The media should focus on culling Windows, not making a huge fuss over minor things wrongly attributed to "Linux".

Related/contextual items from the news:

  1. Snap Store Restricts Uploads Following Possible Security Issue
    Canonical is enacting manual reviews for all newly registered uploads to its Snap Store following what it describes as a ‘potential security incident’. It’s responding to reports that a number of recently published crypto-related snaps were acting in malicious manner (the apps in question have since been pulled and are no longer available to install). Now, this sounds dodgy – as any security incident might.
  2. Linux users at risk? Canonical uncovers possible security issue in Snap Store! [Ed: Clickbait from Brian Fagioli]

    When it comes to Linux-based operating systems, users don’t have to worry about security, right? Umm, no. Linux distributions are not infallible. For instance, according to a forum post, Canonical's Snap Store recently hit a big security snag when users discovered some new snaps that might contain harmful code. This scary moment shows how even trusted places like app stores can have problems that could hurt users.

    Reacting quickly, the Snap Store team removed these bad snaps from the platform, making sure no one else could find or install them. But they didn't stop there.

  3. Canonical's Snap Store Hit By Malicious Apps
    Stemming from reports of several fake crypto apps appearing in Canonical's Snap Store that aimed to steal user funds, temporary restrictions have been put in place while Canonical investigates the security matter...
  4. Multiple Exim security vulnerabilities disclosed

    The "Zero Day Initiative" site has posted a number of advisories (1, 2, 3, 4, 5, 6) describing a number of flaws in the Exim mail server, some of which are exploitable remotely. These problems, allegedly, were first reported to the project in June 2022, well over one year ago. There is some disagreement over the timing of events, with Exim developer Heiko Schlittermann claiming that no actual information was received until last May, and an anonymous ZDI representative disputing that story.

  5. A Closer Look at the Snatch Data Ransom Group
    Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.
  6. More than 3.8 billion records exposed in DarkBeam data leak

    More than 3.8 billion records have been exposed after digital protection firm DarkBeam left an interface containing the exposed records unprotected.

    The leak was discovered on September 18 by CEO of cyber security news site SecurityDiscovery, Bob Diachenko, who alerted DarkBeam to the leak. The digital protection firm immediately addressed the vulnerability and closed the leak after being alerted to the fact.

  7. Building automation giant Johnson Controls hit by ransomware attack

    Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi s […]

    Yesterday, a source told BleepingComputer that Johnson Controls suffered a ransomware attack after initially being breached at its Asia offices.

    BleepingComputer has since learned that the company suffered a cyberattack over the weekend that caused the company to shut down portions of its IT systems.

Other Recent Techrights' Posts

[Meme] One Person, Singular Pronoun
Abusing people into abusing the English language is very poor diplomacy
New Article From Richard Stallman Explains Why He Says He and She for Unknown Person (Not 'They')
"Nowadays I use gender-neutral singular pronouns for a person whose gender I don't know"
Lookout, It's Outlook
Outlook is all about the sharing!
Updated A Month Ago: Richard Stallman on Software Patents as Obstacles to Software Development
very recent update
Is BlueMail a Client of ZDNet Now?
Let's examine what BlueMail does to promote itself
Site Priorities and Upcoming Improvements
pages are served very fast
Ending Software Patents in Recent Years (Software Freedom Fighters MIA)
not a resolved issue
IRC Proceedings: Wednesday, November 29, 2023
IRC logs for Wednesday, November 29, 2023
Over at Tux Machines...
GNU/Linux news
Links 30/11/2023: Rushing Patent Cases With Shorter Trial Scheme (STS), Sanctions Not Working
Links for the day
Links 30/11/2023: Google Purging Many Accounts and Content (to Save Money), Finland Fully Seals Border With Russia
Links for the day
The 'Smart' Attack on Power Grid Neutrality (or the Wet Dream of Tiered Pricing for Power, Essentially Punishing Poorer Households for Exercising Freedom Like Richer Households)
The dishonest marketing people tell us the age of disservice and discrimination is all about "smart" and "Hey Hi" (AI) as in algorithms akin to traffic-shaping in the context of network neutrality
Links 29/11/2023: VMware Layoffs and Too Many Microsofters Going Inside Google
Links for the day
Just What LINUX.COM Needed After Over a Month of Inactivity: SPAM SPAM SPAM (Linux Brand as a Spamfarm)
It's not even about Linux
Microsoft “Discriminated Based on Sexuality”
Relevant, as they love lecturing us on "diversity" and "inclusion"...
IRC Proceedings: Tuesday, November 28, 2023
IRC logs for Tuesday, November 28, 2023
Media Cannot Tell the Difference Between Microsoft and Iran
a platform with back doors
Links 28/11/2023: New Zealand's Big Tobacco Pivot and Google Mass-Deleting Accounts
Links for the day
Justice is Still the Main Goal
The skulduggery seems to implicate not only Microsoft
OpenBSD Says That Even on Linux, Wayland Still Has a Number of Rough Edges (But IBM Wants to Make X Extinct)
IBM tries to impose unready software on users
[Teaser] Next Week's Part in the Series About Anti-Free Software Militants
an effort to 'cancel' us and spy on us
Over at Tux Machines...
GNU/Linux news
This work is licensed under a Creative Commons Attribution 4.0 International License
Professor Eben Moglen on How Social Control Media Metabolises Humans and Constraints Freedom of Thought
Nothing of value would be lost if all these data-harvesting giants (profiling people) vanished overnight
IRC Proceedings: Monday, November 27, 2023
IRC logs for Monday, November 27, 2023
When Microsoft Blocks Your Access to Free Software
"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." [Chicago Sun-Times]
Techrights Statement on 'Cancel Culture' Going Out of Control
relates to a discussion we had in IRC last night
Stuff People Write About Linux
revisionist pieces
Links 28/11/2023: Rosy Crow 1.4.3 and Google Drive Data Loss
Links for the day