4b7ddbb46fa6769b563d42abfd3763b2
Trusting the FUD Blindly
Creative Commons Attribution-No Derivative Works 4.0
OVER the past 5 or so days we've included in Daily Links many articles about an upcoming patch for OpenSSL, not "imminently" as this was disclosed almost a week in advance, which is rather unusual (that long a timespan).
"A lot of the media reports, not privy to any details, trust the panic makers despite having no details. Where's the fact-checking?"So many speculative, uninformed and uninformative articles have mentioned the magic "FUDword", Heartbleed, still failing to recognise that it was a bug first discovered by Google and then hyped up by Microsofters to stigmatise Free software (we wrote a lot about this at the time). This was almost a decade ago; after that we saw many logos and sites (for pertinent bugs, not pieces of software) and even the occasional pranks after that, trying to reproduce that hype's success [sic] because FUD travels fast and some firms wanted to "make a name" for themselves.
People with access to information or special privileges already caution us that the advanced notice is more about hype than substance. A lot of the media reports, not privy to any details, trust the panic makers despite having no details. Where's the fact-checking?
Seeing how "Heartbleed" FUD was used by Microsoft for years (and "log4j" a year later, even by the anti-Linux Foundation), it seems likely that this is a campaign of drama, not a real security crisis. How many breaches will be caused by this? Time will tell, but probably not many (same as "Heartbleed", where reality didn't match the propaganda). ⬆