Bonum Certa Men Certa

Secret Deals -- Not GnuTLS -- a Threat to GNU/Linux Security

Summary: Shifted focus (diversion towards non-issues like the GnuTLS flaw) and what we really need to watch out for when it comes to surveillance on GNU/Linux users

Cryptology is a funny thing. It's an instrument of control (through predictive information. espionage, blackmail and so on). That's more or less the thesis of a popular book from Wikileaks folks, titled "Cypherpunks". Held in the hands of ordinary citizens, cryptology gives citizens power. Abused in the hands of freelance thugs [1] or state-sanctioned thugs like the NSA, cryptology helps guard the thugs (secrecy) and expose citizens who are only ever 'enjoying' fake cryptology, such as Microsoft's and RSA's. Now that Apple is receiving horrible publicity for breaking cryptology around the same time Apple joined PRISM there is some dodgy attempt to divert attention towards GNU/Linux, even if GnuTLS flaws are already patched and GnuTLS is not so widely adopted, not to mention the fact that is not used for very sensitive transactions such as banking [2]. The Linux Foundation was also quick to rebut the FUD [3], stating that "some were quick to point out that Linux distributions were not vulnerable to this particular issue" (contrary to corporate media reports).



What remains much bigger an issue, other than weak passwords (human error), is closed-sourced and proprietary hardware that may or may not incorporate Linux [4], such as my Home Hub from BT (which is rumoured to have back doors, based on some British press). A lot of what we've learned from the NSA leaks is that secret deals and collusion with companies is what's responsible for back doors, not something which is visible at source code level. It is also what makes Red Hat, an NSA partner, difficult to trust these days [1, 2, 3]. The NSA reportedly asked Torvalds for back doors in Linux [1, 2, 3, 4]. Social engineering, bribes from the CIA in exchange for access (as reported in mainstream media) and even cracking is how spies get their way. They need not rely on programmers' errors.

Related/contextual items from the news:


  1. Two in five Brits cough up for CryptoLocker ransomware's demands
    Researchers from the University of Kent quizzed a total of 48 people who had been affected by CryptoLocker. Of the sample, 17 said they paid the ransom and 31 said they did not.


  2. GnuTLS: Big internal bugs, few real-world problems


  3. What is the GnuTLS Bug and How to Protect Your Linux System From It
    It seems that it's only been a few weeks since we all heard of a nasty certificate validation error in Apple's software, a.k.a. the infamous "double goto fail" bug. While some were quick to point out that Linux distributions were not vulnerable to this particular issue, wiser heads cautioned that a similar bug could be potentially lurking in software used on Linux.


  4. More than 300,000 routers in homes and small businesses hacked
    Team Cymru, the US-based security outfit which published the report, said that the network of hacked routers is one of the biggest of its kind that has been discovered, with most of the hacked routers in Columbia, India, Italy, Thailand, and Vietnam.




Recent Techrights' Posts

Preparations for Our 19th Anniversary Have Already Begun
When we get back we'll probably sort out some balloons and venue for the next party
Pleased After 2 Years With team.blue
Moving from a Content Management System (CMS, dynamic) to a Static Site Generator (SSG) was a wise decision that made life so much easier
The Free Software Foundation (FSF) is Being Attacked by Organisations Jealous of Its Principled Stance and Longevity
Nobody is perfect, but imperfection does not instantaneously imply sinister intent
Many Microsoft "Assets" Are Fabricated Baloney (to Game the Numbers)
At times it seems like what we deal with are many weak patents (on algorithms), valuations or speculations based on hype ("hey hi"), and stocks held by Microsoft and its own staff
 
Links 03/09/2025: Microsoft Causes Mass Layoffs Outside Microsoft Also, "Google Can Keep Paying for Firefox Search Deal"
Links for the day
Gemini Links 03/09/2025: calendar.txt, Alhena 5.3.1, and ROOPHLOCH
Links for the day
The Theory That the Man From McKinsey, Whom Red Hat Took From Microsoft a Month Ago as Executive, Wants 'Efficiency' (Lower Salaries)
So far... no "official" word
When Your Site's Articles Are Being 'Cheapened' by Slop as Feature Images
Dr. Farnell should become an advisor to The Register MS
Certificate Authority Let's Encrypt Drops to Only Half a Dozen Capsules and 0.2% of the Whole in Geminispace, Self-Signed is the Way to Go
It used to have hundreds, according to Lupa
Doing to Red Hat What They Already Did (and Still Do) to IBM
there seems to be a drive to hire cheaper staff, and it may be led by somebody Red Hat hired from Microsoft
Links 03/09/2025: Salesforce's Latest Mass Layoffs, 93% in Large Poll at The Register MS Say UK Government Should Dump Microsoft
Links for the day
If You Reject the Google Verdict in the US, Then You Should Also Reject the "Modern" Web (Do Something About It)
Gemini Protocol is still open; it cannot be hijacked or subverted because it's frozen by design and by intention
Open Source Initiative IRS Filing: Almost All the Money is Corporate, Stefano Maffuli (Executive Director) Takes About a Quarter of That Money for Openwashing of "AI" Ponzi Scheme
OSI is currently little but a PR/marketing agency of Microsoft
Many People Are "Leaving" Red Hat, Even High-Level Managers
Something is definitely going on at Red Hat
Techrights Has Been Subjected to Calls of Violence (and Death Threats), It Never Condoned Violence
I have no sympathy for people who call violence "free speech" and then get in trouble
Condoning Violent Behaviour and "Free Speech"
perhaps Microsoft Lunduke lost touch with what constitutes violence
Takeaway From the Google Verdict: GAFAM Has Too Much Control (Even Over the US Government and Courts With Government Appointees)
Many people feel disappointed but hardly surprised by the verdict
The Free Software Foundation (FSF) Turns 40 in One Month
As noted a few days ago, several times in fact, many people now recognise the importance of the FSF's mission, even if most people don't know what the FSF is
"Voluntary" Layoffs at Microsoft (to Game the Numbers, Sugar-Coating a Crisis)
"Employees interested have until the end of October to volunteer."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 02, 2025
IRC logs for Tuesday, September 02, 2025
Links 02/09/2025: Oligarch Tech and Text Encoding Concerns in Ada
Links for the day
"Internal Changes at Red Hat / IBM"
It seems like quite a few people are leaving
Confirmed in French Media: Mass Layoffs (10% Culled) in Microsoft France
Now some reports in French
"People on LinkedIn Saying That They've Left Red Hat."
We already saw signs of it a month ago and named some of the people
Gone With the BRICs (or BRICS): "Linux 8" in Cuba
GAFAM must be worried
Telecompaper Reports Microsoft to Reduce the Workforce by Another 10% (in France)
Imagine what this will do to staff's morale
Microsoft in Freefall in Finland
Can Finland eradicate Windows from all its infrastructure, including core operations that are sensitive to sabotage by cracking?
Google's Chrome Passes 70% and Web Standards Are Dying
The Web is quickly becoming devoid of any standards
India is Back to Windows 8 (Market Share Down to 8%) as Android Soars to a New Record High
For Microsoft, India is a runaway market
Slopwatch: Plagiarism and Ponzi Scheme, Bubble About to Burst Entirely, Admits Goldman Sachs
the hype that Google News and The Register MS actively participate and profit from
Links 02/09/2025: SCO Summit and Russia Suspected Of Jamming GPS
Links for the day
Gemini Links 02/09/2025: Mediterranean Marriage and Staying Connected at 35,000 Feet
Links for the day
The Register MS Says "AI Web Crawlers Are Destroying Websites", So Why Does The Register MS Help 'AI' Companies? (Spoiler: Money)
People need to call out The Register MS on its hypocrisy
Slopfarms Already Peaked, They Will Die When Slop Companies Run Out of Money to Borrow
slopfarms will lack an actual "engine"
Links 02/09/2025: Attacks on Unions, Microsoft TCO, and DDoSing a Growing Problem
Links for the day
Why We Publish Information About the SLAPPs (But Not About the Legal Process), an Abuse of Process by Americans Trying to Silence Critics of Their Employer, Microsoft
It doesn't take thousands of pages to explain something simple
Internet Relay Chat Didn't Fall Off a Cliff
IRC will turn 40 in less than 3 years from now
The UEFI 9/11 - Part V - This is Not a Drill (Disable "SecureBoot" Now)
A "9/11" Coming
There's No Obligation to Speak to Anybody
The very fact that "bkuhn" is till spending time in social control media says a lot about his poor judgment
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 01, 2025
IRC logs for Monday, September 01, 2025
Microsoft Trying to Force People to Resign (Amid Mass Layoffs) a Strategy That Takes Its Toll
Microsoft seems to be circling down the drain and the "final flush" will be the moment the "hey hi" (AI) bubble implodes completely
Google Simply Cannot Be Trusted
Only fools would trust GAFAM
Admission That a Third Party (or Parties) Funds the SLAPPs Against Techrights
This can end up costing them over a million dollars
Modifying and Writing One's Own Computer Programs is Not a Crime (or: Google Proves That Stallman Was Right)
We're generally gratified to see so many positive mentions of him
Why We Stopped Publishing Videos (for Now)
We'll probably get back to videos one day, but it's hard to say when or to what extent
What Animal Rights Activism Teaches Us About Sympathy and Focus
It's possible to believe that the planet is warming, that we must do something about it, and still eat eggs and butter
When You Turn Web Sites About Tech Into Political Sites
A lot of people fall into the trap of catering only for particular groups
Gemini Links 02/09/2025: ROOPHLOCH 2025 and Lagrange 1.19 Released
Links for the day
Gemini Links 01/09/2025: News Corp. WSJ and A Month With NixOS
Links for the day
“Sideloading” Never Killed Anybody
There are many online discussions this week about the misnomer "sideloading"
Slopwatch: Google News as FUD Vector Against Linux and Plagiarism Enhancer, Serial Slopper (SS) Uses LLMs to Googlebomb "Linux"
Slop destroys the Web not just by screwing with search engines and helping plagiarists. It's also responsible for de facto DDoS attacks...
Links 01/09/2025: "Attacks on Science" and China's "Soft Power" Grows
Links for the day
Links 01/09/2025: Fresh Backlash Against Slop and "Norway’s Electricity Crisis is About to Hit Britain"
Links for the day
Writing and Coding Isn't Always Enough
Last year we had to assume a role we didn't have before: litigants
Links 01/09/2025: Catching Up (Mostly via Deutsche Welle), "Windows TCO" Effect in UK
Links for the day
Gemini Links 01/09/2025: Linguistic Barriers and "Web 1.0 Hosting"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, August 31, 2025
IRC logs for Sunday, August 31, 2025
Autumn Has Come
Autumn should be exciting in all sorts of ways; it'll also mark our anniversary
The UEFI 9/11 - Part IV - External Interference
They all seem to be playing a role in crushing Software Freedom and self-determination for users