GNU/Linux is Unsafe Because You Can Choose Password 'GoodMorning123' and Open to Logins From Anywhere on the Planet
Here we go again.
THIS "gish gallop" of FUD is already tiring. Responding to it each time is a time-consuming exercise, but let's have a go at it. Someone should.
Look, Lucian Constantin [1] and Dan Goodin [2], you couple of bullshit artists. You could at least cover this properly and say it's about bad passwords. While Mr. Constantin works for a Chinese publisher (IDG, lying as a business model), Mr. Goodin is a colleague of Peter Bright, who was literally raping children while shadowing for Microsoft in Ars Technica (also while trolling us in IRC and moderating the Ars Technica forums). Are these journalists or people with an axe to grind?
Follow the money. Microsoft is one of the biggest sponsors if not the biggest sponsor. Ars Technica UK was created in partnership with Microsoft, the editor of Ars Technica UK admitted to me!
This is how these people pay their bills.
The original report does not mention or emphasise Linux or SSH. This report is entitled "You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance" and it says: "Restricting arbitrary internet SSH access to your network greatly diminishes the risks of infection. In addition, using strong (not default or randomly generated) passwords also makes your network more secure, as the malware uses a basic list of guessable passwords. We’ve shared the credential sets used by the malware in our GitHub repository." (Emphasis added by us)
If the so-called 'journalists' framed it like the following, they would get fewer clicks (ad revenue) and sponsorship from Microsoft:
This has been twisted as "Linux" FUD.
Then they wonder why people walk away from "the media" and online publishers gradually perish. There's no trust. They do a lot to erode this trust by selling us lies and clickbait. █
__________
-
Mirai-based NoaBot botnet deploys cryptominer on Linux servers [Ed: Misleading FUD. The issue here is bad passwords, they try to make it sound like Linux is to blame.]
The attack campaign targets weakly defended servers by brute-forcing SSH logins.
-
Linux devices are under attack by a never-before-seen worm [Ed: It says "the NoaBot targets weak passwords connecting SSH connections." So the issue is clearly not Linux, this headline is classic Microsoft-esque FUD]