What's your first impression from this Financial Post story?
First you'd see the headline: "Microsoft Corp warns ‘Freak’ security bug leaves hundreds of millions of PC users vulnerable"
You might make your way to the opening paragraph, though, where you'd read that the "FREAK" security bug was initially thought to "only threaten mobile devices and Mac computers".
That's good, because the FREAK bug totally impacts every single modern communications device on the planet.
News of the vulnerability surfaced on Tuesday when a group of nine security experts disclosed that ubiquitous Internet encryption technology could make devices running Apple Inc’s iOS and Mac operating systems, along with Google Inc’s Android browser vulnerable to cyberattacks.So the Financial Post didn't do too badly about the news about FREAK and Microsoft.
Microsoft released a security advisory on Thursday warning customers that their PCs were also vulnerable to the “Freak” vulnerability.
The weakness could allow attacks on PCs that connect with Web servers configured to use encryption technology intentionally weakened to comply with U.S. government regulations banning exports of the strongest encryption.
If hackers are successful, they could spy on communications as well as infect PCs with malicious software, the researchers who uncovered the threat said on Tuesday.
Unfortunately, they were seemingly in the minority. Kelowna Now's headline reads "PC Users Left Vulnerable by Security Flaw" and at no point in the article does it mention non-Microsoft products are impacted. The Christianity Today headline says "FREAK bug: Microsoft issues security warning on latest bug for Windows OS users" and you have to make it to paragraph three before you find out that Android, Blackberry, and Apple devices are also impacted. Global TV News says "‘FREAK’ security flaw affecting Microsoft PCs" with the opening paragraph implying the problem is exclusive to Microsoft before spilling the beans a couple paragraphs down. Maine News Online also waits until paragraph three to mention the FREAK bug's long reach, sticking to "Microsoft warns Windows PC users about ‘FREAK’ vulnerability" as it's headline. very few sites, such as Tech Week Europe have both headlines and opening paragraphs that explain the bug well.
Why is this a big deal, you ask? Easy: the casual reader, especially the kind who don't use Microsoft products (your low-info tech people), are going to see articles like this and be convinced that they're immune from the FREAK bug, a worldwide SSL exploit that impacts all devices.
When Zine Report puts a giant "Microsoft" photo on with it's article, it gives people the inaccurate impression. When we're dealing with a software vulnerability such as FREAK, it's a dangerous tactic that gives some of the most impacted users (clueless smartphone owners) a chance to unwittingly expose themselves to the flaw.
If you're going to write this story, you should really invest in a headline like "Microsoft joins Apple, Android as tech giants impacted by FREAK bug", along with a picture of a computer chip or a keyboard or a person using an electronic device. Microsoft did announce it was vulnerable, yes that is news. But it's only part of a larger story, and one that much of the audience may not have been listening to. Framing the story like this means fewer of them will.