Bonum Certa Men Certa

Secret Deals -- Not GnuTLS -- a Threat to GNU/Linux Security

Summary: Shifted focus (diversion towards non-issues like the GnuTLS flaw) and what we really need to watch out for when it comes to surveillance on GNU/Linux users

Cryptology is a funny thing. It's an instrument of control (through predictive information. espionage, blackmail and so on). That's more or less the thesis of a popular book from Wikileaks folks, titled "Cypherpunks". Held in the hands of ordinary citizens, cryptology gives citizens power. Abused in the hands of freelance thugs [1] or state-sanctioned thugs like the NSA, cryptology helps guard the thugs (secrecy) and expose citizens who are only ever 'enjoying' fake cryptology, such as Microsoft's and RSA's. Now that Apple is receiving horrible publicity for breaking cryptology around the same time Apple joined PRISM there is some dodgy attempt to divert attention towards GNU/Linux, even if GnuTLS flaws are already patched and GnuTLS is not so widely adopted, not to mention the fact that is not used for very sensitive transactions such as banking [2]. The Linux Foundation was also quick to rebut the FUD [3], stating that "some were quick to point out that Linux distributions were not vulnerable to this particular issue" (contrary to corporate media reports).



What remains much bigger an issue, other than weak passwords (human error), is closed-sourced and proprietary hardware that may or may not incorporate Linux [4], such as my Home Hub from BT (which is rumoured to have back doors, based on some British press). A lot of what we've learned from the NSA leaks is that secret deals and collusion with companies is what's responsible for back doors, not something which is visible at source code level. It is also what makes Red Hat, an NSA partner, difficult to trust these days [1, 2, 3]. The NSA reportedly asked Torvalds for back doors in Linux [1, 2, 3, 4]. Social engineering, bribes from the CIA in exchange for access (as reported in mainstream media) and even cracking is how spies get their way. They need not rely on programmers' errors.

Related/contextual items from the news:


  1. Two in five Brits cough up for CryptoLocker ransomware's demands
    Researchers from the University of Kent quizzed a total of 48 people who had been affected by CryptoLocker. Of the sample, 17 said they paid the ransom and 31 said they did not.


  2. GnuTLS: Big internal bugs, few real-world problems


  3. What is the GnuTLS Bug and How to Protect Your Linux System From It
    It seems that it's only been a few weeks since we all heard of a nasty certificate validation error in Apple's software, a.k.a. the infamous "double goto fail" bug. While some were quick to point out that Linux distributions were not vulnerable to this particular issue, wiser heads cautioned that a similar bug could be potentially lurking in software used on Linux.


  4. More than 300,000 routers in homes and small businesses hacked
    Team Cymru, the US-based security outfit which published the report, said that the network of hacked routers is one of the biggest of its kind that has been discovered, with most of the hacked routers in Columbia, India, Italy, Thailand, and Vietnam.




Recent Techrights' Posts

linuxsecurity.com Still At It! 98% Probability Chatbot Generated, According to GPTZero!
"The Internet is mostly made by AI... but that's ok, it's all being deleted anyway."
 
Congratulations to Sirius Open Source, Still Claiming to Employ People Who Left Half a Decade Ago (or More!)
What signal does that send to con men?
[Meme] Bluewashing
Cent OS? No more.
IRC Proceedings: Thursday, May 23, 2024
IRC logs for Thursday, May 23, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Tenfold Increase for ChromeOS+GNU/Linux in Brunei
Brunei Darussalam is a country most people don't know about and never even heard about
Coming Soon: Another Round of 'Cancel Stallman' Chorus
The series required a great deal of patience
Links 23/05/2024: SeekOut Collapsing and Why Microsoft Probably Isn’t Going to Buy Valve
Links for the day
Gemini Links 23/05/2024: The Allure of Vinyl
Links for the day
Links 23/05/2024: Apple Responds to Streaming Music Fine, DOJ to Sue Live Nation
Links for the day
Links 23/05/2024: UK General Election and Archival
Links for the day
[Video] 3 Major Issues in Nationwide, Including (Potentially) a Major Data Breach
'electronic-bank' security has become the joke of the town
[Meme] Pointing Out Corruption Isn't a "Hate Crime"
The European Commission's reflexive (re)action to any sort of doubt or criticism
More Evidence in "iLearn AI Day" (a Buzzwords Festival) That EPO Intends to Eliminate Staff and Deviate Further Away from Fairness, Law, and Constitutions (Including Its Own!)
The EPO is a very potent danger to Europe's unity and the very concept of lawfulness. It exists to serve international monopolists and patent lawyers.
Microsoft's Windows Has Fallen Below 3% in Democratic Republic of the Congo (100+ Million Citizens)
Microsoft's sharp fall in Congo
The Real Reason Censorship is Attempted Against Us (and Against Others Too)
Microsoft's Windows market monopoly was in trouble
You Are Not The Only One
Reprinted with permission from Cyber Show (C|S)
GNU/Linux in Monaco: From 0.3% to Almost 6%
Monaco is a small country
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 22, 2024
IRC logs for Wednesday, May 22, 2024
Microsoft Has Lost Cote D'ivoire (Ivory Coast), Where Android Now Exceeds 60% of the Operating Systems' 'Market Share'
According to statCounter anyway
The Rumour Said Later Today Red Hat (IBM) Might Announce Layoffs
Let's see what happens later today (or next week)
Governments That Fail Journalism
Australia is known for giving us pure garbage like Rupert Murdoch
Windows Has Fallen From 'Grace'
When you tell people that Microsoft watches their every move in Windows many of them will freak out and ask for alternatives
Serbia: GNU/Linux at Almost 4% (or Beyond if ChromeOS is Counted)
considerable growth for GNU/Linux
Links 22/05/2024: China in Other Countries' Islands, Growing Threat of Piracy
Links for the day
Gemini Links 22/05/2024: Freedom Through Limitation, Cloud Photos
Links for the day
Canonical Supports Monopoly
more of the same
A farewell to Finland, an occupied territory
Finland, Finland, Finland
Links 22/05/2024: "Copilot+" as Mass Surveillance and Microsoft Defying Consent in Scarlett Johansson's Case
Links for the day
[Meme] Escalating After Failures
4 stages of cancel culture
Red Hat Had 2+ Days to Deny Reports of Impending Layoffs. But Red Hat Chose to Keep Silent.
Red Hat DOES NOT deny layoffs on the way
Microsoft-Connected Person Was Threatening to Sue Me and to Sue My Wife (Because His Feelings Were Hurt After Had He Spent More Than a Decade Defaming Me and Violating My Family's Dignity, Privacy)
litigation was chosen and we shall defend everything we wrote
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 21, 2024
IRC logs for Tuesday, May 21, 2024
Attempts to Sink the Free Software Movement (Under the Guise of Saving It)
We can see who's being drowned
Czech Republic: Windows Down From 98% to 43%, GNU/Linux Rises to Over 3%
modest gains for GNU/Linux
Links 22/05/2024: Pixar Layoffs and More Speculation About Microsoft Shutdowns/Layoffs (Ninja Theory)
Links for the day
Microsoft-Connected Sites Trying to Shift Attention Away From Microsoft's Megabreach Only Days Before Important If Not Unprecedented Grilling by the US Government?
Why does the mainstream media not entertain the possibility a lot of these talking points are directed out of Redmond?