Bonum Certa Men Certa

Security FUD Against GNU/Linux

Mask



Summary: Sightings of security FUD against GNU/Linux in the news

MICROSOFT WINDOWS never had the reputation of a secure platform. In fact, just a short while ago a new kernel vulnerability was found in Windows. To give the gist of the issue:

A local user can invoke NtUserConsoleControl() in 'win32k.sys' to execute arbitrary code on the target system with elevated privileges.


There is also this new report from Heise and many more that we shared over the past few days (the last one came yesterday morning).

Microsoft has issued updates for Internet Explorer and Visual Studio "out of band", between the regular monthly patch days, to mend the ActiveX support of Internet Explorer. Additionally, these updates plug another three critical security vulnerabilities in the browser. All versions, including Internet Explorer 8, are affected.


This brings us to the following new article from Forbes, which states:

Virtual machines, which perform like physical machines but are simulated with software, have fewer sources of entropy: Linux-based virtual machines, for instance, gather random numbers only from the exact millisecond time on their internal clocks. And that source isn't enough to generate strong keys for encryption, Stamos argues. "Normally there's enough variation that after a while your operating system can gather up the entropy it needs to provide you with secure random numbers," he says. "The fundamental issue is that with virtualized hardware, many of those random variations don't exist."

[...]

If a malicious hacker were to set up his or her own Linux virtual machine in Amazon's EC2 cloud service, for example, he or she could use that machine's entropy pool to better guess at the entropy pools of other recently created Linux-based virtual servers in Amazon's cloud, Stamos posits.


What does that have to do with GNU/Linux? Why does Forbes conveniently assume that only "Linux" can suffer from this co-allocation issue? If it is not intended to daemonise GNU/Linux, then it might be worth correcting.

Carla has just found another new example that she wrote about in length. She addresses the whole "obscurity" argument, noting that:

Linux permeates every possible segment of tech-- routers and networking devices, home and business automation, security and surveillance systems, phones, netbooks and other consumer mobile devices, desktops, vehicles, media servers and settop boxes; it's already a major player in the datacenter, server room, mainframes, clusters, and supercomputing. Linux runs on multiple CPU architectures. So a Windows-type Trojan horse or worm on Linux should have a much more catastrophic effect because of Linux' much greater reach.


According to Roughly Drafted Magazine, Rupert Murdoch's Fox is taking shots at Mac OS X as well.

Fox News reports new Mac virus that is neither Mac nor viral nor new



A report published by Fox News says that “online criminals are apparently so impressed with its scorching sales they are sending Macintosh computers an attack typically aimed at” Windows PCs. The story then falls apart in series of inept contradictions.


The press loves pretending that Windows is never the culprit, despite compelling evidence that these very same outlets/publications are most certainly aware of the culprit.

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

Recent Techrights' Posts

Over at Tux Machines...
GNU/Linux news
The Myth of an Aging (or Dying) GNU/Linux Leadership
Self-fulfilling prophecies as a tactic?
 
Links 07/12/2023: More EPO Patents Squashed, More Pfizer COVID-19 Vaccine "Glitches" Found
Links for the day
Still Not 'Canceled'
Ted Ts'o, Jan Kara, Linus Torvalds last month
Google is Googlebombing the Term "Gemini"
Could Google not pick a name that's already "taken"?
Links 06/12/2023: Bitcoin Rebound, China Downgraded by American Firm, Yahoo! Layoffs Again
Links for the day
Shooting the Messenger Using Bribes and Secrecy Bonds
We seem to live in a world where accountability for the rich and well-connected barely exists anymore
Links 06/12/2023: Many More December Layoffs
Links for the day
IRC Proceedings: Tuesday, December 05, 2023
IRC logs for Tuesday, December 05, 2023
PipeWire 1.0: Linux audio comes of age
Once upon a time, serious audio users like musicians and audio engineers had real trouble with Linux
This is How 'Linux' Foundation Presents Linux to the World
Right now it even picks Windows over Linux in some cases
Links 05/12/2023: Microsoft's Chatbot as Health Hazard
Links for the day
There's Nothing "Funny" About Attacking Free Speech and Software Freedom
persistent focus on the principal issues is very important
Professor Eben Moglen Explained How Software Patent Threats Had Changed Around 2014 (Alice Case) and What Would Happen Till 2025
clip aged reasonably well
GNU/Linux Adoption in Africa, a Passageway Towards Freedom From Neo-Colonialism
Digi(tal)-Colonialism and/or Techolonialism are a thing. Can Africa flee the trap?
CNN Contributes to Demolition of the Open Web
Reprinted with permission from Ryan Farmer
Eben Moglen on Encryption and Anonymity
The alternate net we need, and how we can build it ourselves
Yet More Microsofters Inside the Board of Mozilla (Which Has Just Outsourced Firefox Development to Microsoft's Proprietary Prison)
Do you want a browser controlled (and spied on) by such a company?
IRC Proceedings: Monday, December 04, 2023
IRC logs for Monday, December 04, 2023
GNU/Linux Now Exceeds 3.6% Market Share on Desktops/Laptops, According to statCounter
things have changed for Windows in China
Over at Tux Machines...
GNU/Linux news
Links 05/12/2023: Debt Brake in Germany and Layoffs at Condé Nast (Reddit, Wired, Ars Technica and More)
Links for the day