Bonum Certa Men Certa

Security FUD Against Free Software Resurfaces, Using Promotional Branding From a Microsoft-Linked Firm, So Red Hat Finally Responds

Bugs
Image courtesy of Red Hat



Summary: Old news is 'new' again, as Microsoft-friendly media decides to keep knocking hard on the reputation of Free software, using words rather than substance

A YEAR ago there was a curious (first of its kind for Free/Open Source software) "branding" of a 2-year-old FOSS bug by a Microsoft-linked firm that did not even find the bug. An engineer from Google had found it and sought to responsibly disclose it so as to patch it properly before the Microsoft-linked opportunists blew off the lid and called it "Heartbleed", set up a Web site to 'celebrate' the bug, and even made a professionally-prepared logo for it. This whole "Heartbleed" nonsense -- however serious it may have been for a day -- was blown out of all proportions in the media and tarnished the name of Free software because it was so 'successfully' marketed, even to non-technical people. It was a branding 'success' which many firms would later attempt to emulate, though never with the same degree of 'success' (where success means bamboozling the public, especially non-technical decision-making people).

"Microsoft must be laughing quite hard seeing all that media manipulation.""Dear journalists," I said earlier today in social media (Diapora), "bugs don't have birthdays. Stop finding excuses to bring "Heartbleed" BS (MS name for old bug) to headlines." I spoke to one author about it and challenged him for floating these "Heartbleed" logos and brands yet again. To us it seems quite evident that Microsoft keeps attacking Free software and GNU/Linux like no time before; it's just more subtle and hidden in more sophisticated ways. The person who heads the incognito firm that's known only for the "Heartbleed" brand (they control the brand) came from Microsoft (he was head of security there) and also from the FBI, whose stance on encryption is widely known by now; they actively seek to break security of software, so knowing about the 2-year-old OpenSSL bug would make sense. Some reputable media reports said that the NSA had known about this bug for about a year before it was known to the public and the NSA cooperates with the FBI on breaking software security, sharing personal (illegally intercepted) data, etc.

Anyway, the same publication (as above) also floated the "Heartbleed" nonsense in another article today. Would they do just about anything to keep it in headlines? Even a year later? They are now citing some firm called Venafi (never heard of it before), which basically relies on misleading misuse of statistics. It's FUD from a company that tries to make money from perceived dangers and accentuates these dangers in an effort to acquire clients. What kind of 'journalism' is this? incidentally, Black Duck is now joining the list of such parasitic companies, with new hires and multiple press releases, so clearly it's a growth area and the Microsoft link is easy to see. It is FUD season again this spring as more publications now float this whole nonsense. This is hardly journalism, it's just throwback.

Thankfully enough, Red Hat demonstrates what "branding" of FOSS bugs practically means, even using the image above. There is no correlation between the naming of bugs and their severity, but press coverage sure loves a good brand. This is an important (albeit belated) response from Red Hat to "branding" of a FOSS bug by Microsoft-linked firms like the one behind "Heartbleed".

"It’s been almost a year since the OpenSSL Heartbleed vulnerability," says Red Hat, "a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the time, and just because a vulnerability gets a name and a fancy logo doesn’t mean it is of real risk to users."

Well, Microsoft folks sure squeezed everything they could from this bug, seeking to discredit not just OpenSSL but the whole development process of Free software (due to just one small bug, or a few lines of code). And Microsoft still pretends that it is warming up to Open Source? Who are these frauds kidding?

There's a lot of companies which continue to use platforms with back doors, such as Windows, but the Wintel-oriented media would rather we just obsess over this one bug from one year ago (which was patched as soon as it became publicly-known).

We are rather disappointed to see a decent journalist like Sean Michael Kerner, along with colleagues at eWEEK, swallowing the bait and serving to promote the misleading claims to advertise this company that controls the "Heartbleed" brand, among other opportunists (like fish swimming around a shark for some leftovers). Microsoft must be laughing quite hard seeing all that media manipulation.

Recent Techrights' Posts

Dr Richard Stallman (RMS) Gives Talk in Oxford University in 4 Hours
If you live nearby, go there (it's free as in gratis)
Using a Law Firm's Licence to Exercise Politics Through Frivolous SLAPPs and Nastygrams (to Silence People, Remove Pages, Demand Fake or Forced 'Apologies')
Things must be getting really bad when lawyers act for raving antisemites
Another Site Bites the Dust: "Open Source For You" Becoming a Slopfarm (LLM Slop)
What a shame. Another dead site.
 
New Article Explains How the GPL Came About and WordPress Having Copyleft Obligations
Having been involved in the WordPress development community since almost the beginning, I know why it chose the GPL and how it restricts abuse by Automattic
IBM Gained Almost 6 Billion Dollars in "Goodwill" Value in Just 3 Months, According to IBM
Congrats to the management!
In Belarus, Yandex is Now Measured as 50 Times More 'Popular' (by Usage) Than Microsoft
Yandex continues to gain, whereas Bing cannot even register at 1%. Last month it was registered or measured at a measly 0.65%.
IBM Cannot Lie to Shareholders Anymore
"I would not be surprised if we see a layoff every quarter this year."
We're Working to Make Full-Site Search Available
This site has over 1,000 'wiki' pages, many thousands of documents, several thousands of videos, and about 50,000 blog posts or articles. We need to make them easier to find/navigate.
Links 24/04/2025: IBM Loses Many Contracts, Intel to Lay Off Over 20% (Not Counting Those Who Leave 'Voluntarily')
Links for the day
Richard Stallman Can Explain to Oxford Artificial Intelligence Society Why LLM Slop is Not Artificial Intelligence and Why It Hurts Society
another 'crop' of LLM slop that damages GNU/Linux and facts
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 23, 2025
IRC logs for Wednesday, April 23, 2025
Open Source Initiative (OSI) Promoting Microsoft and Proprietary Software Using Microsoft Operatives
Because nothing says "Open Source" like GPL violations facilitated by Microsoft
Links 23/04/2025: Crackdowns on Dissent, Palin Loses Libel Retrial Against New York Times
Links for the day
Links 23/04/2025: Hard Times and Digital Amnesia
Links for the day
The GNU/Linux Site Formerly Known as "linoxide.com" is Back... as an LLM Slopfarm!
Better for linoxide.com to go offline than to do this
Get Rid of Back Doors, Don't Obsess Over Bounties and Other Corporate PR Stunts (or Needless Reboot Rituals)
Security as a term has mostly lost its meaning due to repeated misuse for many years
Richard Stallman to Speak in Oxford University Exactly a Day From Now
outsourced to GAFAM
Links 23/04/2025: "Hiding Corruption" and "The Cost of Defunding Harvard"
Links for the day
Microsoft 'Studies' Again? Leon Musolff is Writing Papers With Microsoft.
Even if one can see/find a link to "the study" (in the Bezos-controlled publication), most people won't look any further and just take everything at face value.
Towards GNU World Domination
The FSF led by Geoffrey S. Knauth with his friend Richard Stallman in the FSF's Board [...] Let's encourage people to adopt GNU/Linux. There has never been a better time.
statCounter Helps Visualise Just How Deep in Trouble Microsoft is (Especially in Africa)
Microsoft sabotaged efforts to connect Africans and equip them with GNU/Linux laptops
The Register is Using Linux-Hostile Clickbait in Articles of Linux Proponents
Don't be a "whore" to advertisers, team El Reg
Microsoft Windows in Cyprus Lacking a Future
Most people access the Web there from mobile
Matrix Has a Severe Problem With Illegal Images
If Matrix cannot get the CP problem under control, many projects and people will dump Matrix
Never Try to Justify Strangulation of Women (Not in the US and Not in the UK)
Joint post by Mrs. Rianne Schestowitz and Dr. Roy Schestowitz
Links 23/04/2025: Tesla Profits Plunge 71%, Intel Ready to Lay Off 20% of Staff, Microsoft and IBM Layoffs
Links for the day
Microsoft's Most Profound Issue is That People Moved to 'Mobile' and "App Stores" (Microsoft's Presence There is Negligible)
Expect a wild ride for Microsoft this year
Google News is Amplifying FUD and Lies About Linux (and OpenSSH/SSH) by Promoting Slopfarms With Machine-Generated FUD and Slop Images
Google should know better
Gemini Links 23/04/2025: Librarians, Anubis, and Refactoring a Gemini Capsule
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 22, 2025
IRC logs for Tuesday, April 22, 2025
Links 22/04/2025: Ending DEI Policies at Adobe, FTC Sues Uber
Links for the day
RMS is Done at KCL, Next Stop is Oxford
The message of RMS has long resonated well in India
US Government Already Bailing Out OpenAI/Microsoft With "Contracts", As Usual, Back Doors You Cannot Remove Becoming 'a Step Closer' on New PCs (Unless Everyone Acts ASAP)
The next "logical" step towards digital prisons
Microsoft Devises PR Stunts to Distract From Impending Mass Layoffs and Likely Bad Results Preceding Those Mass Layoffs
A "voluntary exit plan"
Gemini Links 22/04/2025: Deaths, HamsterCMS, and More
Links for the day
Links 22/04/2025: FTC v. Meta Trial and Google Remedies
Links for the day
In Turkey, Windows Down Rapidly While GNU/Linux Grows
Although Turkey is in NATO (but not the EU), it cannot quite trust computer systems controlled by the United States
GNOME, Microsoft, and GitHub: The Lack of Reporting on Abusive Colleagues Contributed to Profound Media Vacuum (or Blackout), Now Resorting to SLAPPs
This lack of morality/courage has helped enable further abuse, lining up more victims
Richard Stallman Has Updated His Article on Why "Free Software Is Even More Important Now"
Richard Stallman is about to give a talk here in the UK in a few hours
Microsoft Already Attacks the BSDs as Well (the E.E.E. Way, as Usual)
Bearers of bad news
The Open Source Initiative (OSI) is in Trouble, May Soon be Out of Business
Openwashing needs to end
Microsoft's Debt Grew Over 6 Billion Dollars in the Last Reporting Quarter (Before Inauguration), Expect Worse Next Week When 'Results' Are Disclosed and Mass Layoffs Resume
Microsoft is bleeding. It does not want people to notice.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 21, 2025
IRC logs for Monday, April 21, 2025
Richard Stallman Gives Public Talk in London in 7 Hours (Need to Register as Venue Limited to 150 Seats), Public Announcements Begin to Appear
These are not announced weeks or months in advance