Bonum Certa Men Certa
The Latest Microsoft Strategy: Embrace, Extend, Deceive, Abuse and Diffuse | Links 7/2/2015: Manjaro 0.8.12, Korora 21

Parasitical Firms Like Black Duck Exploit Bugs With Branding to Market Nonfree Services/Software

Skulls



Summary: Parasites that take advantage of public panic and lack of comprehension are occupying paper space, as usual

LAST WEEK we wrote about the overblown threat called/dubbed "GHOST" (all capital letters) by the company seeking to make money from it despite being only the third to discover it and knowing it was not much of a big deal. We have not yet heard about any major exploit, which pretty much can be said about the OpenSSL bug as well (this one too was discovered by two entities before a Microsoft-connected firm irresponsibly publicised it, giving it a name and a logo to sell its own services and spread FOSS-hostile FUD for many months to come). What unifies the GLibC and OpenSSL bugs is that they got "brand recognition" very quickly. It was like a marketing campaign rather than a non-alarmist discussion about security -- something that non-technical/technically-illiterate journalists would surely fail at.



"As more stories are published in the media about big "hacks" (cracks) against large corporations we can't help but feel that the media neglects to mention that Microsoft Windows -- not OpenSSL or Bash, let alone GLibC -- is usually to blame."Days ago we saw the most FOSS-hostile IDG Web site becoming a platform of Black Duck, a Microsoft-connected firm that sells proprietary software by spreading and accentuating fear of FOSS. The article at hand uses bugs with "branding" to spook FOSS users while Black Duck, paying to publish this self-promotional press release on the same day, is still pretending to be an authority in FOSS.

The bugs with "branding" were also exploited by Veracode in this article (on the same day) and as Eric Lorenzo pointed out: "If businesses don't update legacy software, often they will will have bugs fixed in later versions! Shock!"

"I wonder what percentage of businesses are using obsolete Windows without updates," he added.

As more stories are published in the media about big "hacks" (cracks) against large corporations we can't help but feel that the media neglects to mention that Microsoft Windows -- not OpenSSL or Bash, let alone GLibC -- is usually to blame. It not only sports back doors but is also badly designed and won't patch known critical holes. It is basically designed to be not secure.

When it comes to reporting on computer security, the corporate press has almost zero legitimacy. All it knows is brands and it is eager to promote corporate partners that piggyback those brands (like "heartbleed") or stories (Anthem, Sony, etc.), claiming to be experts and offering remedies other than patches which were already issued and are free to apply by all.

The Latest Microsoft Strategy: Embrace, Extend, Deceive, Abuse and Diffuse | Links 7/2/2015: Manjaro 0.8.12, Korora 21

Recent Techrights' Posts

Hard Evidence Reinforces Suspicion That Mark Shuttleworth May Have Worked Volunteers to Death
Today we start re-publishing articles that contain unaltered E-mails
A Discussion About Suicides in Science and Technology (Including Debian and the European Patent Office)
In Debian, there is a long history of deaths, suicides, and mysterious disappearances
[Video] Why Microsoft is by Far the Biggest Foe of Computer Security (Clue: It Profits From Security Failings)
Microsoft is infiltrating policy-making bodies, ensuring real security is never pursued
Harassment Against My Wife Continues
Drug addict versus family of Techrights authors
 
Frans Pop Debian Day suicide, Ubuntu, Google and the DEP-5 machine-readable copyright file
Reprinted with permission from disguised.work
Axel Beckert (ETH Zurich), the mentality of sexual violence on campus
Reprinted with permission from Daniel Pocock
[Meme] Russian Reversal
Mark Shuttleworth: In Soviet Russia's spacecraft... Man exploits peasants
Frans Pop & Debian suicide denial
Reprinted with permission from disguised.work
The Real Threats to Society Include Software Patents and the Corporations That Promote Them
The OIN issue isn't a new one and many recognise this by now
Links 30/04/2024: OpenBSD and Enterprise Cloaking Device
Links for the day
Microsoft Still Owes Over 100 Billion Dollars and It Cannot be Paid Back Using 'Goodwill'
Meanwhile, Microsoft's cash at hand (in the bank) nearly halved in the past year.
Workers' Right to Disconnect Won't Matter If Such a Right Isn't Properly Enforced
I was always "on-call" and my main role or function was being "on-call" in case of incidents
[Teaser] Ubuntu Cover-up After Death
Attack the messenger
The Cyber Show Explains What CCTV is About
CCTV does not typically resolve crime
[Video] Ignore Buzzwords and Pay Attention to Attacks on Software Developers
AI in the Machine Learning sense is nothing new
Outline of Themes to Cover in the Coming Weeks
We're accelerating coverage and increasing focus on suppressed topics
[Video] Not Everyone Claiming to Protect the Vulnerable is Being Honest
"Diversity" bursaries aren't always what they seem to be
[Video] Enshittification of the Media, of the Web, and of Computing in General
It manifests itself in altered conditions and expectations
[Meme] Write Code 100% of the Time
IBM: Produce code for us till we buy the community... And never use "bad words" like "master" and "slave" (pioneered by IBM itself in the computing context)
[Video] How Much Will It Take for Most People to Realise "Open Source" Became Just Openwashing (Proprietary Giants Exploiting Cost-Free or Unpaid 'Human Resources')?
turning "Open Source" into proprietary software
Freedom of Speech... Let's Ban All Software Freedom Speeches?
There's a moral panic over people trying to actually control their computing
Richard Stallman's Talk in Spain Canceled (at Short Notice)
So it seems to have been canceled very fast
Links 29/04/2024: "AI" Hype Deflated, Economies Slow Down Further
Links for the day
Gemini Links 29/04/2024: Gopher Experiment and Profectus Alpha 0.9
Links for the day
Debian 'Cabal' (via SPI) Tried to Silence or 'Cancel' Daniel Pocock at DNS Level. It Didn't Work. It Backfired as the Material Received Even More Visibility.
know the truth about modern slavery
Lucas Nussbaum & Debian attempted exploit of OVH Hosting insider
Reprinted with permission from disguised.work
Software in the Public Interest (SPI) is Not a Friend of Freedom
We'll shortly reproduce two older articles from disguised.work
Syria, John Lennon & Debian WIPO panel appointed
Reprinted with permission from disguised.work
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 28, 2024
IRC logs for Sunday, April 28, 2024
[Video] GNU and Linux Everywhere (Except by Name)
In a sense, Linux already has over 50% of the world's "OS" market
[Video] Canonical Isn't (No Longer) Serious About Making GNU/Linux Succeed in Desktops/Laptops
Some of the notorious (or "controversial") policies of Canonical have been covered here for years
[Video] What We've Learned About Debian From Emeritus Debian Developer Daniel Pocock
pressure had been put on us (by Debian people and their employer/s) and as a result we did not republish Debian material for a number of years
Bruce Perens & Debian public domain trademark promise
Reprinted with permission from disguised.work
Links 28/04/2024: Shareholders Worry "AI" Hype Brings No Income, Money Down the Drain
Links for the day
Lawyer won't lie for Molly de Blanc & Chris Lamb (mollamby)
Reprinted with permission from disguised.work
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 27, 2024
IRC logs for Saturday, April 27, 2024