EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.05.14

Panic Over Transport Layer Security (TLS) Flaw Which is Already Patched

Posted in GNU/Linux, Security at 12:44 pm by Dr. Roy Schestowitz

Bad news sells better

Summary: What the media is not really telling us about the GnuTLS vulnerability

The corporate press has shown its ignorance by characterising GNU as “Linux” and describing an already-patched flaw as the worst thing since proprietary software. Some went as far as suggesting that the NSA was behind it [1] and Muktware rebutted [2] the seminal article [3] which started a lot of the panic (at the time of writing there are dozens of articles about this, but we don’t need to feed them with links). What we have here is another case of Dan Goodin creating panic in the Microsoft-friendly Ars, just as he had done when he worked for the Microsoft-friendly The Register. The only shocking thing is the amount of press coverage this received. PGP/GPG, OpenSSH, OpenSSL etc. were previously named here for flaws that had been found (in the context of Red Hat and the NSA [1, 2, 3]). These are not so uncommon. One just needs to keep up to date (patched) — one that which Apple’s customers cannot do. They can’t even write their own patches.

Related/contextual items from the news:

  1. NSA did it again? This time GnuTLS fails to check malicious certificates
  2. Yes there was a security hole in Linux, but Red Hat already fixed it

    Originally reported by Ars Technica, the fix was available by the time the general public was made aware of it. It’s actually fairly similar to a certain security hole that lived for a year and could have allowed for exploits to be used in the wild.

  3. Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

    The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Web Site 'Patent Progress' Now Officially 'Powered by CCIA' (FRAND Proponent, Microsoft Front)

    After talking a job at CCIA, "Patent Progress" and its chief author should be treated as dubious on real patent progress



  2. Articles About the Death of Software Patents in the United States

    Recent coverage of software patents and their demise in their country of origin, where even proponents of software patents are giving up



  3. The Death of Software Patents is Already Killing Some Major Patent Trolls

    VirnetX seems to be the latest victim of the demise of software patents in the United States



  4. More Microsoft Layoffs

    More Microsoft layoffs go ahead as the company is unable to compete



  5. ODF on the Rise

    Milestones for OpenDocument Format (ODF) and the launch of FixMyDocuments



  6. Links 17/9/2014: CoreOS, ChromeOS, and systemd

    Links for the day



  7. Italy is Cracking Down on Microsoft's Monopoly Abuse While Gradually Moving to GNU/Linux

    Italy is not only moving to Free/Open Source software but also to GNU/Linux while at the same time barring Microsoft from forcibly tying Windows to new PCs



  8. OpenSUSE's 'Assurances' Are Classic MBA School Hogwash

    OpenSUSE is not part of any commitment, except for SUSE's; the impact of the Novell/SUSE acquisition casts uncertainty on the project's future



  9. Links 16/9/2014: Firefox OS Smartphones in Bangladesh, “Treasure Map” of the Internet

    Links for the day



  10. The United Kingdom Should Dump Microsoft For the Sake of National Security

    The UK has issues of Microsoft dependency and Windows viruses; its migration to Free software and GNU/Linux is not fast enough to guard its autonomy in the age of digital imperialism



  11. CBS Hires Even More Microsoft Staff to Cover Microsoft Matters

    CBS continues to be infested with Microsoft staff past and present (this time Dave Johnson) and the bias in output is quite revealing



  12. Microsoft Has Just Killed Minecraft for GNU/Linux and the Possibility of Free/Open Source Releases

    Persson sells out to Microsoft and lets the abusive monopolist destroy the popular cross-platform game that a community has been built around



  13. Another Reason to Boycott Intel UEFI

    More anti-competitive aspects are revealed inside UEFI, which helps merginalise GNU/Linux



  14. Quick Mention: Novell and SUSE Passed to Microsoft's 'Partner of the Year', Microsoft Focus

    Novell is changing hands again, and falling into the hands of even more Microsoft-friendly actors



  15. Links 16/9/2014: Linux 3.17 RC5, KDE Frameworks 5.2.0

    Links for the day



  16. Željko Topić, Benoît Battistelli, and the European Patent Office (EPO): Part II

    Part II of our look into the EPO appointment of Željko Topić and other matters showing the dubious integrity of the EPO



  17. Links 14/9/2014: Android-based Watches Earn Optimism

    Links for the day



  18. Links 14/9/2014: Eucalyptus Devoured

    Links for the day



  19. Links 11/9/2014: Linux Toilet Project, Linux-Based Wheelchair Project

    Links for the day



  20. Links 10/9/2014: Brian Stevens in Google, Ubuntu 14.10 Expectations

    Links for the day



  21. Links 9/9/2014: Hating/Loving Linux, Android Aplenty

    Links for the day



  22. Links 8/9/2014: Linux 3.17 RC 4, Switzerland Welcoming Snowden

    Links for the day



  23. Suspicion of High-Level Corruption at the European Patent Office (EPO): Part I

    The European Patent Office (EPO) Vice-President has a background of corruption and his appointment to the EPO too is believed to be reliant on systemic corruption



  24. Links 6/9/2014: Core OS at DigitalOcean, Women in Xorg

    Links for the day



  25. Software Patents 'Quality' Debated in Courts, Microsoft's Biggest Patent Troll Still a Chronic Liar

    Intellectual Ventures, Microsoft's and Bill Gates' largest patent proxy, continues to spread lies about its motivations, claiming that patent assessment is among the goals when in fact only the courts and patent offices do this



  26. New Article Explains How Bill Gates Prevents Schools From Moving to GNU/Linux and Free Software

    A new article from Al Jazeera provides details about the role of so-called 'charities' of billionaires inside school systems



  27. Microsoft Sued for Large-scale Copyright Abuses

    Microsoft reveals its disregard for copyright law which it loves so much to wield as a weapon against its competition and clients



  28. Links 5/9/2014: New WordPress, Systemd Debate Continues

    Links for the day



  29. 'Embrace and Extend' at Microsoft: The New Generation

    Some of the latest examples of Microsoft's predatory acts against Free software and against competition in general, disguised as acts of friendliness



  30. Bill Gates' God Complex: Common Core a One-Man Campaign of Greed and Control

    The push for Common Core is overwhelmingly dominated by Bill Gates, who intimidates and even resorts to retribution against critics while bribing those who help him accomplish the goal of privatised (for his private profit) indoctrination in US schools


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts