Bonum Certa Men Certa

Secret Deals -- Not GnuTLS -- a Threat to GNU/Linux Security

Summary: Shifted focus (diversion towards non-issues like the GnuTLS flaw) and what we really need to watch out for when it comes to surveillance on GNU/Linux users

Cryptology is a funny thing. It's an instrument of control (through predictive information. espionage, blackmail and so on). That's more or less the thesis of a popular book from Wikileaks folks, titled "Cypherpunks". Held in the hands of ordinary citizens, cryptology gives citizens power. Abused in the hands of freelance thugs [1] or state-sanctioned thugs like the NSA, cryptology helps guard the thugs (secrecy) and expose citizens who are only ever 'enjoying' fake cryptology, such as Microsoft's and RSA's. Now that Apple is receiving horrible publicity for breaking cryptology around the same time Apple joined PRISM there is some dodgy attempt to divert attention towards GNU/Linux, even if GnuTLS flaws are already patched and GnuTLS is not so widely adopted, not to mention the fact that is not used for very sensitive transactions such as banking [2]. The Linux Foundation was also quick to rebut the FUD [3], stating that "some were quick to point out that Linux distributions were not vulnerable to this particular issue" (contrary to corporate media reports).



What remains much bigger an issue, other than weak passwords (human error), is closed-sourced and proprietary hardware that may or may not incorporate Linux [4], such as my Home Hub from BT (which is rumoured to have back doors, based on some British press). A lot of what we've learned from the NSA leaks is that secret deals and collusion with companies is what's responsible for back doors, not something which is visible at source code level. It is also what makes Red Hat, an NSA partner, difficult to trust these days [1, 2, 3]. The NSA reportedly asked Torvalds for back doors in Linux [1, 2, 3, 4]. Social engineering, bribes from the CIA in exchange for access (as reported in mainstream media) and even cracking is how spies get their way. They need not rely on programmers' errors.

Related/contextual items from the news:


  1. Two in five Brits cough up for CryptoLocker ransomware's demands
    Researchers from the University of Kent quizzed a total of 48 people who had been affected by CryptoLocker. Of the sample, 17 said they paid the ransom and 31 said they did not.


  2. GnuTLS: Big internal bugs, few real-world problems


  3. What is the GnuTLS Bug and How to Protect Your Linux System From It
    It seems that it's only been a few weeks since we all heard of a nasty certificate validation error in Apple's software, a.k.a. the infamous "double goto fail" bug. While some were quick to point out that Linux distributions were not vulnerable to this particular issue, wiser heads cautioned that a similar bug could be potentially lurking in software used on Linux.


  4. More than 300,000 routers in homes and small businesses hacked
    Team Cymru, the US-based security outfit which published the report, said that the network of hacked routers is one of the biggest of its kind that has been discovered, with most of the hacked routers in Columbia, India, Italy, Thailand, and Vietnam.




Recent Techrights' Posts

Nobody Knows What's in Our Fridge! Wow, Spooky!
Freedom means you can also purchase things anonymously
 
WordPress is Unfit for Purpose in 2024
The Web itself changed a lot and the majority of Web traffic is pure junk
[Meme] Remember That Microsoft and Trump Already Have a "Targets List"
Microsoft loves Trump bailouts
Service Notice: IRC Downtimes RESOLVED
We believe we've solved this entirely (or hope so), but it may take another week to know for sure
Linux 'Not Inclusive' 6.12 (Trumpism Inside Linux Foundation Affirmed)
They can make a codename for this release: Linux 'Not Inclusive' 6.12
The Open Source Initiative (OSI) is Dead. Cause of Death: Microsoft Bribes.
At the core, Linux Foundation and OSI adopted lies as a business model
Joan Meyer correctly linked Gideon Cody raid on Marion County Record to Kristallnacht
Reprinted with permission from Daniel Pocock
Trans People Misused to Attack a Project or Developer Who Has Nothing to Do With Them
And why that truly hurts all trans people
[Meme] It Takes Only Words to Destroy Malicious People and Pathological Liars
Trying to silence us is foolish. Boasting about this in public is worse than foolish; it's a legal liability.
Our 18+ Years of Freedom-Fighting
We always fight back
Gemini Links 11/11/2024: Men Losing Grip and "You're Relaxing Wrong"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 10, 2024
IRC logs for Sunday, November 10, 2024
Freedom Must Always Be Fought For (All the Time)
Ridicule of "freedom fighters" in the digital realm is typically orchestrated by dictators or wannabes.
Gemini Links 10/11/2024: Taking Jokes and Writing Dense Assembly
Links for the day
Links 10/11/2024: Meaning of Life and iPhone ‘Inactivity Reboot’
Links for the day
Links 10/11/2024: Microsoft Adds Surveillance to Notepad and Paint, TikTok Shutdown Order
Links for the day
Gemini Links 10/11/2024: Scrawlspace and California
Links for the day
Links 10/11/2024: Politics, Economics, and Ticketmaster Issues
Links for the day
Linux Foundation: We've Shut Down the Mailing Lists and Fired Everyone at Linux.com So We Can Spend Money Buying Puff Pieces and Paying Clickfraud/Spammers
deeply rogue
The 'Other' Bruce... on Openwashing at OSI (and Not Bruce Perens, the OSI's Co-founder)
Openwashing people (connected to Microsoft) already do "open weights"
Gemini Links 10/11/2024: A Writer's Block, VIM Tips and Tricks
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 09, 2024
IRC logs for Saturday, November 09, 2024
[Meme] Linux Foundation Cuts
money is spent by the million on highly dubious things
Politics Becoming Way Too 'Toxic'
'Toxic' political discourse ought to be covered, but reducing the toxicity of coverage itself (e.g. inaccurately covering things to incite "the left" and "the right") is still challenging
"Paperless Office" (Incompatible With the Law) as a Threat to Workers' Health at the EPO, Europe's Second-Largest Institution and Largest Patent Office
"Software Ergonomics need to be brought back to the agenda at a high level!"
Linux Foundation is Rebuilding the Berlin Wall (to Keep Russians Out of Linux)
So the Linux Foundation is basically acting a bit like oppressive Soviets
Linux Foundation is a Scam Like 'Crypto' (So is the Company of Jim Zemlin's Wife, Bakkt)
To us, the Linux Foundation is just a massive scam
Remembering and Respecting Fallen Ones by Avoiding or Stopping Wars (and Boycotting Companies That Want Wars)
The people who die tend to be the least privileged and connected
EPO is Blasting Its Own Foot (There Will be No EPO Left)
If the EPO carries on shooting its own foot, there will be nothing left of it
There's Always a Way to Improve
Self-improvement is a perpetual task
Joel Espy Klecker, unpaid, terminally ill youth labor & Debian knew it
Reprinted with permission from Daniel Pocock
List of Debian lies and deception
Reprinted with permission from Daniel Pocock
Links 09/11/2024: More Mass Layoffs and Concerns About Musk Working Like Trump Aide
Links for the day
Gemini Links 09/11/2024: Operating the Temple System and SeaweedFS
Links for the day
[Teaser] [Meme] Central Occupational Health, Safety and Ergonomics Committee (COHSEC) at European Patent Office (EPO)
These are not teenage gamers
Links 09/11/2024: Further Restrictions on Social Control Media, CASIO Cracked Again
Links for the day
Why Brown CIT Oughtn't Be Named After Thomas J. Watson (Like Many Faculties Ought Not be Named After Bill Gates)
In their own words
Reminder That Mass Layoffs Are Going on All Month This Month at IBM
The "silent" layoffs continue until the end of this month if not longer
[Meme] Just Blame Whoever Takes Advantage of Your Back Doors
The media will even sympathise with malicious and/or incompetent companies if they blame "Russia"
This Remembrance Sunday We Must Also Remember That Some 'Security Companies' Want More Cyberwar
Some companies profit from the cyberwar; hence, their objective is not to end the war
Non-Tech Enshittification: Post Office Perils and the Czech is in the Mail
We still hope that the parcel will be recovered (maybe at customs) or will be sent back some day
[Meme] Don't Try This at Home (But a Datacentre Might be OK)
Quit outsourcing to Social Control Media
There's No Free Lunch in Video Hosting
they say there's no free lunch; if you aren't paying for hosting and serving of "your" videos, you're not the customer and those videos, once uploaded, aren't quite yours anymore
Parroting Microsoft Talking Points About Computer Security
This past summer Richard M. Stallman (RMS) openly complained in a public event that the term "security" had come to mean all sorts of ridiculous things, including the very oppose of real security
Visits to OpenAI's Site Plunged by More Than 67% in the Past Half a Year Alone
'autocorrect on steroids' is mostly worthless
Pocock Running for Office Again
Pocock dealt with all sorts of 'politics' in Free software and, unlike many politicians, he has a background in science and technology
[Meme] Turning the EPO Into a Speculation Bank, Monetising It by Breaking the Law, Playing Real Estate (and Mortgage) Financial Games
travesty
Real Estate and Workplace Problems at the European Patent Office, Which Grants Fake Patents Under the Guise of "Law"
Report on the 54th meeting of the Munich LOHSEC of 20 June 2024
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 08, 2024
IRC logs for Friday, November 08, 2024
Links 09/11/2024: Politics, Climate, and Why Physical Cash is Crucial
Links for the day
Gemini Links 09/11/2024: Minerals, Rants, and Maintaining Planetary Balance
Links for the day