Bonum Certa Men Certa

Snaps Were Never Good at Security, But the Media Coverage is Just Appalling

posted by Roy Schestowitz on Oct 01, 2023

Terrified Man

THE "sky is falling" alarmists are at it again because we're meant to think that Snaps are Linux and Linux is Snaps. OMG Ubuntu wrote a couple of posts about it [1]. Clickbait from Brian Fagioli [2] and Phoronix [3] came as well. Imagine LWN saying that Exim is Linux and Linux is Exim [4]. Instead, it places attribution correctly.

The real issue or the elephant in the room should be Windows. There's a lot of cybercrime [5] taking advantage of Windows problems and causing real fiascos [6,7], not theoretical ones.

The media should focus on culling Windows, not making a huge fuss over minor things wrongly attributed to "Linux".

Related/contextual items from the news:

  1. Snap Store Restricts Uploads Following Possible Security Issue
    Canonical is enacting manual reviews for all newly registered uploads to its Snap Store following what it describes as a ‘potential security incident’. It’s responding to reports that a number of recently published crypto-related snaps were acting in malicious manner (the apps in question have since been pulled and are no longer available to install). Now, this sounds dodgy – as any security incident might.
  2. Linux users at risk? Canonical uncovers possible security issue in Snap Store! [Ed: Clickbait from Brian Fagioli]

    When it comes to Linux-based operating systems, users don’t have to worry about security, right? Umm, no. Linux distributions are not infallible. For instance, according to a forum post, Canonical's Snap Store recently hit a big security snag when users discovered some new snaps that might contain harmful code. This scary moment shows how even trusted places like app stores can have problems that could hurt users.

    Reacting quickly, the Snap Store team removed these bad snaps from the platform, making sure no one else could find or install them. But they didn't stop there.

  3. Canonical's Snap Store Hit By Malicious Apps
    Stemming from reports of several fake crypto apps appearing in Canonical's Snap Store that aimed to steal user funds, temporary restrictions have been put in place while Canonical investigates the security matter...
  4. Multiple Exim security vulnerabilities disclosed

    The "Zero Day Initiative" site has posted a number of advisories (1, 2, 3, 4, 5, 6) describing a number of flaws in the Exim mail server, some of which are exploitable remotely. These problems, allegedly, were first reported to the project in June 2022, well over one year ago. There is some disagreement over the timing of events, with Exim developer Heiko Schlittermann claiming that no actual information was received until last May, and an anonymous ZDI representative disputing that story.

  5. A Closer Look at the Snatch Data Ransom Group
    Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.
  6. More than 3.8 billion records exposed in DarkBeam data leak

    More than 3.8 billion records have been exposed after digital protection firm DarkBeam left an interface containing the exposed records unprotected.

    The leak was discovered on September 18 by CEO of cyber security news site SecurityDiscovery, Bob Diachenko, who alerted DarkBeam to the leak. The digital protection firm immediately addressed the vulnerability and closed the leak after being alerted to the fact.

  7. Building automation giant Johnson Controls hit by ransomware attack

    Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi s […]

    Yesterday, a source told BleepingComputer that Johnson Controls suffered a ransomware attack after initially being breached at its Asia offices.

    BleepingComputer has since learned that the company suffered a cyberattack over the weekend that caused the company to shut down portions of its IT systems.

Other Recent Techrights' Posts

Professor Eben Moglen on How Social Control Media Metabolises Humans and Constrains Freedom of Thought
Nothing of value would be lost if all these data-harvesting giants (profiling people) vanished overnight
Debian Left Twitter (MElon "X"), We Think the Free Software Foundation (FSF) Should Do the Same
What would the FSF really lose if it stopped posting there?
Tons of Anti-Linux 'Articles' Published by Bots (LLMs), Maybe Microsoft's
Upon closer inspection, all this FUD turned out to be LLM garbage
Ubuntu Desktop Director of Engineering Has Only One Blog Post. It Promotes Microsoft Windows.
Remember that even 15 years ago (more or less, maybe 16 years ago) Canonical appointed a a 'former' Microsoft manager (Spencer) to lead Ubuntu on the desktop
 
Gemini Links 07/02/2025: Mid-level Details and Simple Code
Links for the day
Links 07/02/2025: US 'Demolition Crew', e-ID Loopholes, and Sanctions
Links for the day
Social Control Media is Narcissism
Nowadays there's a lot more literature and even press coverage explaining the harms of Social Control Media
statCounter Sees GNU/Linux Share Doubling in China Over the Past Year
It'll be interesting to see what data in the coming months shows
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 06, 2025
IRC logs for Thursday, February 06, 2025
Richard Stallman (RMS) Confirms Next Week's Talk in Europe
He gave at least 2 talks in Europe last month
Nationalism As A Service (NaaS) by Microsoft Azure, Gutting the US Government for Profit
Will Microsoft be receiving bailouts as a reward for all this?
Rumours of IBM Layoffs Apparently Confirmed Yesterday, IBM Canada Consulting Impacted (as Rumoured)
when IBM has layoffs we must also read it as Red Hat layoffs
Gemini Links 06/02/2025: Voicemail Sucks and Night of Lights
Links for the day
Links 06/02/2025: YouTube Takedowns Out of Control, 'DOGE' Breaking Laws
Links for the day
IBM Red Hat on "era of cloud computing", pushing "hey hi" (AI) hype in Microsoft Azure
LLM slop might actually be more benign than Microsoft promotion
Corruption and Rule-Breaking Prevail at the European Patent Office (EPO), Europe's Second-Largest Institution
The law does not really exist at the EPO; it can be perceived as merely a "recommendation"
statCounter: More Countries Where Windows is Around 1% "Market Share" (People Have Moved to Android/Linux)
in some nations Windows is already 1% or less
404 Media Says "Workers at NASA Told to Drop Everything to Scrub Mentions of Indigenous People, Women from Its Websites" But There's Also Accessibility in the Firing Line
In the case of abandoning accessibility, everyone stands to be hurt and proprietary software can be brought in to replace standards
When BetaNews Writes Real Articles About "Linux" They Promote Windows
The Web is in a bad state. We need to at least try to correct this.
Gemini Links 06/02/2025: Cynicism and "Real Magic on the C64"
Links for the day
Links 06/02/2025: New Sanctions, Layoffs, and Executive Orders
Links for the day
Distros and Desktop Environments, Devices
GNU/Linux focused
New Rumours of IBM Layoffs in 2025, IBM Consulting Still Struggles, Based on Management
"Hey hi" (AI) has been a common excuse for business failure
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 05, 2025
IRC logs for Wednesday, February 05, 2025
Links 05/02/2025: Kessler Syndrome and News Online
Links for the day
statCounter: Monaco Now 7% GNU/Linux ("Proper")
GNU/Linux, not counting Chromebooks, is on the rise
Many Parts of Google Lose Money
It's quite apparent that many parts of Google - even some that rely on ad revenue or push ads - aren't profiting
European Internet Forum (EIF) is Dominated by American Corporations and Microsoft Lobbyists, Staff Take the Lead
Should the officials over here or the European Parliament pay attention to these people?
Links 05/02/2025: Connection without Connectivity and Unionised Grocery Workers
Links for the day
Just Because People on Top of the Microsoft Pyramid Made a Lot of Money Doesn't Mean Microsoft is Wealthy
The bigger they are the harder they fall
Gemini Links 05/02/2025: Learning, Madman Ruling a Mad Country, Back in Geminispace
Links for the day
statCounter Shows "WIntel" Chasing a Dying Market
Microsoft acts as if it's running out of money
Free Software Foundation, Inc. (FSF) Still Raising Money, Richard Stallman Contributes
total exceeding $430k
A Lot of Stuff About "Linux" in Google News is LLM Slop, Fake 'Articles'
It seems to be getting worse
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 04, 2025
IRC logs for Tuesday, February 04, 2025