Skip to content

Firefox/open source FUD

FUD: Fear, Uncertainty, and Doubt. Often used in connection with open source projects to scare people into sticking with known, but sometimes unsafe, proprietary software. Not always intentional, unless you count unnecessary sensationalism in tech journalism.

Background: the Spread Firefox website is built on Drupal which is the same software that many of EchoDitto’s sites are built with. However, we applied the security patches mentioned recently and Spread Firefox apparently did not (see this thread and search down for “we failed”). Thus, they got hacked within days and the site was compromised. In all honesty, the same could have happened to EchoDitto, as we took longer than we probably should have to patch this; however, three of us spent the better part of a morning taking care of it as soon as we learned of the problem.

From Firefox web site hacked:

Although not directly related to the Firefox browser itself, the hack will be seen as something of an embarrassment to a project which has always prided itself on being that much more secure than Microsoft and Internet Explorer.

FUD through association. Not too bad, but just enough to connect a website with the browser software, even though hardly any of the same developers are working on both. No mention of Drupal or separate site software.

Much better, from Hacked

The Mozilla foundation’s marketing site was hacked with intent to use it to send spam.

The hackers gained entry by exploiting an un-patched security vulnerability in the software which the site operates.

This incident is a major blow for the company that has been pushing Firefox as a safe browser in comparison to Internet Explorer. was launched in September 2004 as a part of the initiative to promote Firefox 1.0.

A statement issued by the company said that it deeply regretted the incident and that it has taken steps to ensure that such incidents do not occur again.

Covers the fact that it was separate software and developers, poor sysadmin, and that yes, this will leave a black mark on Firefox. At least the facts are all there.

Lastly, the horrible, from Firefox Marketing Site Hacked:

Forrester Research analyst Michael Goulde said Firefox is paying the price of success. He contends that community input is a double-edged sword, providing openings for attack but also a collection of programmers who can develop fixes promptly.

Users still are drawn to Firefox as a more secure browsing environment, although reports of unauthorized access to the code might lead to second thoughts, said Walker.

That, and the wonderful sub-headline “Possible Password Theft” earlier in the article. Yes, they mention that the site software is what was hacked, and that Mozilla software remained safe, but they don’t distinguish between the developer bases of the two projects. Also, they highlight the password theft angle and open with this quote:

Firefox is a target for hackers in large part because the inner workings of the browser are in the public domain, suggested Yankee Group analyst Su Li Walker.

Funny, most tech analyst quotes, but worst accuracy and muddying of the actual issue at hand.

Then again, I’ve never heard of any of these three news sites, but they were all linked from Google News. Not sure what the exposure was anyway.

Update: Here’s another winner:

The attackers apparently hacked in to try and use the site to mail out spam. Firefox has always prided itself on being more secure than other browsers such as Internet Explorer.

Maybe I just needed something to vent about today… this is kind of mundane, but still, c’mon, understand what you’re writing about.

{ 1 } Trackback

  1. [...] Here’s an excellent post on FUD in tech media from the so that happened… blog. Does a good job of illustrating how FUD is easily spread (intentionally or otherwise) even by people who should know better using recent news stories about the hacking of [...]