Panic Over Transport Layer Security (TLS) Flaw Which is Already Patched

Dr. Roy Schestowitz

2014-03-05 17:44:51 UTC
Modified: 2014-03-05 17:44:51 UTC

Bad news sells better

Summary: What the media is not really telling us about the GnuTLS vulnerability

The corporate press has shown its ignorance by characterising GNU as "Linux" and describing an already-patched flaw as the worst thing since proprietary software. Some went as far as suggesting that the NSA was behind it [1] and Muktware rebutted [2] the seminal article [3] which started a lot of the panic (at the time of writing there are dozens of articles about this, but we don't need to feed them with links). What we have here is another case of Dan Goodin creating panic in the Microsoft-friendly Ars, just as he had done when he worked for the Microsoft-friendly The Register. The only shocking thing is the amount of press coverage this received. PGP/GPG, OpenSSH, OpenSSL etc. were previously named here for flaws that had been found (in the context of Red Hat and the NSA [1, 2, 3]). These are not so uncommon. One just needs to keep up to date (patched) -- one that which Apple's customers cannot do. They can't even write their own patches. ⬆

Related/contextual items from the news:

NSA did it again? This time GnuTLS fails to check malicious certificates

Yes there was a security hole in Linux, but Red Hat already fixed it

Originally reported by Ars Technica, the fix was available by the time the general public was made aware of it. It’s actually fairly similar to a certain security hole that lived for a year and could have allowed for exploits to be used in the wild.

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

Microsoft Under Investigation for Breaches of Law in the UK: Just like the Microsofters
GAFAM is Connected to Misogyny, Almost All Founders Divorced: They're not good people, even if they pay the media to pretend otherwise
SLAPP Censorship - Part 83 Out of 200: Religion is Still Alive, But for Many This Religion is Monetary (Greed, Monopolies, Corporate Power): If all you keep boasting about is being able to afford a hotel room and some domestic flight, then maybe you have no real accomplishments and are more like a "Facebook serf" with a credit card
The Register MS Has Become a 'Content' Farm Promoting Slop for Hostile Corporations: Now they call it "PARTNER CONTENT" - not "SPONSORED" - as if semantics make the difference
Latest Example of Widespread Fake Assertions (False News) About "Hey Hi": The false narrative of "Hey Hi layoffs"
Links 21/05/2026: Facebook Rewarded With Tax Breaks to Destroy the Environment and Cause Global Warming, Shortages, Pollution; SpaceX (SPCX) Continues Losing Billions of Dollars: Links for the day
Codecs and Software Patents - Part VIII - GNU Audio/Video Team Has Chosen the AV1 Video Codec and It Explains Why (They've Researched Their Options): AV1 video codec will be used to encode and share GNU videos online
Dr. Stallman Helps Establish Free Software Advocacy Outside the Free Software Foundation (FSF) as Well: The ideals or principles of Free Software needn't be centralised or monopolised; they can be federated
22 Years of Tux Machines and a Community Stronger Than Ever Before: We've already received some feedback from the community and improved it accordingly
More Microsoft Layoffs on the Way (June and July 2026): with or without PIPs
LWN Sponsored by the Linux Foundation (Monopolies): We must be able to casually point this out
The Corrupt Lecture the Non-Corrupt - Part XXIX - European Patent Office (EPO) Tells Staff "Speaking up" is Good, But Not When the "Brother-in-law" of EPO's President Does Cocaine: Do we still have a functioning democracy and potent press?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 20, 2026: IRC logs for Wednesday, May 20, 2026
Gemini Links 21/05/2026: Immigration, Slop, and Slop 'Code' Suggestions Infesting Code Repositories: Links for the dayGemini Links 21/05/2026: Immigration, Slop, and Slop 'Code' Suggestions Infesting Code Repositories
Oracle Seems to Have Popularised Overnight Layoffs, Now GAFAM Does the Same: layoff emails at 4 a.m. local time
A Lot of Fake News About Microsoft's LinkedIn Today, Some Comes From Slopfarms, Some Relies on Those Slopfarms: As usual, slopfarms make the Web a huge pile of garbage
IBM's Kyndryl is Circling Down the Drain, Say Kyndryl Insiders: "IBM Dinosaurs who were recycled and catapulted into the orange trash heap by IBM"
A Lot of Coverage Adding Hype Factor to Slop Bug Reports... is Made by LLM Slop: Local Privilege Escalation [...] the slop motivates some actual people to keep writing about it
Links 20/05/2026: Mass Layoffs at NPR (Bought by the Ballmers and Bill Epsteingate), Starbucks Korea CEO Fired Over ‘Tank Day’ Ad: Links for the day
Gemini Links 20/05/2026: Advantage of CD Collections, Geminaut's View of Nostr, and SSL / TLS Certificates: Links for the day
IBM is Becoming a Pile of Expired Patents and Abandoned Buildings, Assets of Little Actual Value: Having laid off a ton of people, borrowed lots of money to fake growth (by acquisition), and sent some jobs to low-paid regions where innovation isn't done
Links 20/05/2026: Looting of Americans for "White Grievance Reparations Fund"; "Mark Zuckerberg Used Shell Companies to Bully Native Hawaiians": Links for the day
Web Browsers Are for Rendering Web Page, They Shouldn't Become PDF Editors: Linus Torvalds is quickly learning and speaking about this
SLAPP Censorship - Part 82 Out of 200: British Government Intervenes in the SLAPPs by Brett Wilson LLP: At this stage our matters are dealt with by a layer below that of the Prime Minister (adjacent to it)
LinkedIn Communications Reveal That LinkedIn - Like GitHub - Will Vanish Inside the Belly of Microsoft: This is definitely going to happen.
In Wall Street, Financial Difficulties Drive Shares Up: Wall Street doesn't work that way
The Corrupt Lecture the Non-Corrupt - Part XXVIII - European Patent Office (EPO) Guidebook Says Report Crimes Committed on EPO Premises. Some Did, But President Campinos Covers up for the Culprits.: The staff has long been on strike and the union (SUEPO) organised an enhanced day of action just two days ago
Gemini Links 20/05/2026: Fall of an Empire, "High Tech is a Social Exercise", and Big Cameras: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 19, 2026: IRC logs for Tuesday, May 19, 2026
LinkedIn Layoffs at Microsoft: Probably Well More Than 5% of Staff: In short, it's difficult to believe only 5% are impacted
It's Not Just a Widespread Theory, It's Apparently a Verified Fact: Home Appliances Not Made to Last Long: Washing machine repair man asserts that the machines sold a decade ago could maybe last a decade; now they last barely 5 years.
Torvalds Capitulated on Rust and Slop, Now He's Paying the Price: they are pushing Microsoft and slop for grifters and scammers
Whistleblowers Needed: We Are Seeing Many Layoffs in Red Hat (Not Just in China), We Want to Know More: Last week we learned about some people who said they had left Red Hat or are leaving Red Hat
Links 19/05/2026: More Obituaries for Peter G. Neumann, Taiwan Abandoned by Cheeto House for Don's Personal Gain: Links for the day
Links 19/05/2026: Online 'Storage' (Surveillance) Accounts Lower Thresholds (Gmail, Google Drive, and Google Photos), Slop Debacles Expand (False Promises Made to Staff Regarding Compensation): Links for the day
SLAPP Censorship - Part 81 Out of 200: SLAPP Censorship Does Not Work If Your Sole Strategy is Revenge (and You Attack the Family): Both yours and others'
Techrights at 20 (Soon): It does not seek popularity or affirmation from "Establishment" outlets
We Pay More for Less, for Things That Last Less Time and Are Almost Impossible to Repair: Ever noticed how "modern" or "smart" TVs come with dumber and dumber (worse) controllers?
Vista 11 Turns 5 in a Couple of Months. Not Many People Use It.: It is the only supported version of Windows; many people move elsewhere
Head of GitHub Recently Left, Microsoft Need No Longer Report Mass Layoffs There (User Activity is Declining): We've long said that LinkedIn and GitHub, which Microsoft bought, would likely end up like Skype
The Slop Bubble is Already Bursting: Slop is not desirable and the general public is growingly impatient, seeing that slop has improved nothing for them
Gemini Links 19/05/2026: Reliable Old Tech, Collection of Essays: Links for the day
The Corrupt Lecture the Non-Corrupt - Part XXVII - European Patent Office (EPO) Became a "Toxic Work Environment" When Cocaine Addicts Put in Charge: They are putting at risk colleagues by abusing them
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, May 18, 2026: IRC logs for Monday, May 18, 2026

Panic Over Transport Layer Security (TLS) Flaw Which is Already Patched

NSA did it again? This time GnuTLS fails to check malicious certificates

Yes there was a security hole in Linux, but Red Hat already fixed it

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Recent Techrights' Posts