Bonum Certa Men Certa

Security FUD Against GNU/Linux

Mask



Summary: Sightings of security FUD against GNU/Linux in the news

MICROSOFT WINDOWS never had the reputation of a secure platform. In fact, just a short while ago a new kernel vulnerability was found in Windows. To give the gist of the issue:

A local user can invoke NtUserConsoleControl() in 'win32k.sys' to execute arbitrary code on the target system with elevated privileges.


There is also this new report from Heise and many more that we shared over the past few days (the last one came yesterday morning).

Microsoft has issued updates for Internet Explorer and Visual Studio "out of band", between the regular monthly patch days, to mend the ActiveX support of Internet Explorer. Additionally, these updates plug another three critical security vulnerabilities in the browser. All versions, including Internet Explorer 8, are affected.


This brings us to the following new article from Forbes, which states:

Virtual machines, which perform like physical machines but are simulated with software, have fewer sources of entropy: Linux-based virtual machines, for instance, gather random numbers only from the exact millisecond time on their internal clocks. And that source isn't enough to generate strong keys for encryption, Stamos argues. "Normally there's enough variation that after a while your operating system can gather up the entropy it needs to provide you with secure random numbers," he says. "The fundamental issue is that with virtualized hardware, many of those random variations don't exist."

[...]

If a malicious hacker were to set up his or her own Linux virtual machine in Amazon's EC2 cloud service, for example, he or she could use that machine's entropy pool to better guess at the entropy pools of other recently created Linux-based virtual servers in Amazon's cloud, Stamos posits.


What does that have to do with GNU/Linux? Why does Forbes conveniently assume that only "Linux" can suffer from this co-allocation issue? If it is not intended to daemonise GNU/Linux, then it might be worth correcting.

Carla has just found another new example that she wrote about in length. She addresses the whole "obscurity" argument, noting that:

Linux permeates every possible segment of tech-- routers and networking devices, home and business automation, security and surveillance systems, phones, netbooks and other consumer mobile devices, desktops, vehicles, media servers and settop boxes; it's already a major player in the datacenter, server room, mainframes, clusters, and supercomputing. Linux runs on multiple CPU architectures. So a Windows-type Trojan horse or worm on Linux should have a much more catastrophic effect because of Linux' much greater reach.


According to Roughly Drafted Magazine, Rupert Murdoch's Fox is taking shots at Mac OS X as well.

Fox News reports new Mac virus that is neither Mac nor viral nor new



A report published by Fox News says that “online criminals are apparently so impressed with its scorching sales they are sending Macintosh computers an attack typically aimed at” Windows PCs. The story then falls apart in series of inept contradictions.


The press loves pretending that Windows is never the culprit, despite compelling evidence that these very same outlets/publications are most certainly aware of the culprit.

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

Recent Techrights' Posts

Greener Pastures for Free Software Users
This coming week we'll publish many articles about GNU/Linux and technical means of/for user empowerment
 
Over at Tux Machines...
yesterday's posts
mp3HD: Another Patent Trolls' Patent Trap That Failed
Reprinted with permission from Ryan Farmer
IRC Proceedings: Tuesday, October 03, 2023
IRC logs for Tuesday, October 03, 2023
"Modern" Computing Sucks and Harms Computer Users
Reprinted with permission from Ryan Farmer
Red Windows
Red Hat is not into Free software
Richard Stallman Giving Talks in the Czech Republic and Germany This Week (Tomorrow's Talk is "Artificial Intelligence vs Language Models")
This past weekend he gave two talks in the Czech Republic
Companies Faking the True Number of Layoffs With Return-to-Office Mandates and Forced Relocation
we estimate that Microsoft cut about 30,000 so far this year, having cut many more jobs last year
Links 03/10/2023: Cellphones (Mobile Phones) Banned in Classrooms in England
Links for the day
IRC Proceedings: Monday, October 02, 2023
IRC logs for Monday, October 02, 2023
Google News, Which We Call Gulag Noise, is Following the New York Times Into the Digital Graveyard
It merely gives an illusion of volume and instead of giving readers more stuff to read it wastes people's time
Daily Bulletins Coming Soon (Hopefully as Early as Next Week)
Today we finish testing IRC logs and their upload to Gemini, not just to IPFS
Over at Tux Machines...
yesterday's posts
Software Freedom is the Future and Microsoft is the Biggest Obstacle
GNU/Linux, at its roots, was all about Software Freedom
Links 02/10/2023: NUC, GTK Themes, and More
Links for the day
New Union Syndicale Articles About the European Patent Office
We'll probably get back to regularly writing about the EPO in the near future
If WordPress Knows Well Enough to Self-Host Its Podcast, Why Can't GNU/Linux Shows Do the Same?
For those who want videos and podcasts, here are today's latest additions from other sites
Richard Stallman Can Outlive Many of His Prominent Haters
M.J.G. tried hard to take our Web site offline, based on lies and repeated threats
The GNU/Linux Revolution Ain't Here. Look at Brazil, Russia, India, China, and South Africa (BRICS) Instead.
The revolution won't be televised
Chaffbot Effect: Microsoft Bing Falls to Lowest Share in Two Years (Amid Loads of Bing Layoffs This Year)
Press outlets mostly failed to report that Bing is collapsing
Forget VSCode (Microsoft's Proprietary Spyware), Use KATE Instead
KATE is great
Sometimes It's Time to Reboot
No, not Android. KDE.
GNU/Linux Distributions as "Appliances" and DRM Platforms (the Case of ChromeOS and SteamOS)
Is this what we envisioned in the 1980s and 90s?
Fulfilling the Site's Full Potential
We remain devoted to the aforementioned goal of posting more original material
Over at Tux Machines...
2 days' worth
Upcoming Talk by Dr. Richard Stallman: Large Language Models Are Not Artificial Intelligence
LLMs aren't truly intelligent and cannot quite grasp what they spew out
GulagTube is a Burning Platform (Exit YouTube, Invidious Won't Save Us From Google/Alphabet in the Long Run)
Alphabet Agency (Google) sees the future of video as a "skinnerbox" (running Android) that indoctrinates you like TikTok does
Microsoft's Demise in the Global News Cycle is Rather Telling
It should be noted that Microsoft is, in general, no longer prominent or dominant in news headlines
Gemini Migration and Backup Capsule (Archive)
At the end we'll end up with something a lot better than before and latency should be massively reduced
Links 01/10/2023: Science, Education, and pro-Russia Slovakia Leadership
Links for the day
IRC Proceedings: Sunday, October 01, 2023
IRC logs for Sunday, October 01, 2023