Bonum Certa Men Certa

Security FUD Against Free Software Resurfaces, Using Promotional Branding From a Microsoft-Linked Firm, So Red Hat Finally Responds

Bugs
Image courtesy of Red Hat



Summary: Old news is 'new' again, as Microsoft-friendly media decides to keep knocking hard on the reputation of Free software, using words rather than substance

A YEAR ago there was a curious (first of its kind for Free/Open Source software) "branding" of a 2-year-old FOSS bug by a Microsoft-linked firm that did not even find the bug. An engineer from Google had found it and sought to responsibly disclose it so as to patch it properly before the Microsoft-linked opportunists blew off the lid and called it "Heartbleed", set up a Web site to 'celebrate' the bug, and even made a professionally-prepared logo for it. This whole "Heartbleed" nonsense -- however serious it may have been for a day -- was blown out of all proportions in the media and tarnished the name of Free software because it was so 'successfully' marketed, even to non-technical people. It was a branding 'success' which many firms would later attempt to emulate, though never with the same degree of 'success' (where success means bamboozling the public, especially non-technical decision-making people).

"Microsoft must be laughing quite hard seeing all that media manipulation.""Dear journalists," I said earlier today in social media (Diapora), "bugs don't have birthdays. Stop finding excuses to bring "Heartbleed" BS (MS name for old bug) to headlines." I spoke to one author about it and challenged him for floating these "Heartbleed" logos and brands yet again. To us it seems quite evident that Microsoft keeps attacking Free software and GNU/Linux like no time before; it's just more subtle and hidden in more sophisticated ways. The person who heads the incognito firm that's known only for the "Heartbleed" brand (they control the brand) came from Microsoft (he was head of security there) and also from the FBI, whose stance on encryption is widely known by now; they actively seek to break security of software, so knowing about the 2-year-old OpenSSL bug would make sense. Some reputable media reports said that the NSA had known about this bug for about a year before it was known to the public and the NSA cooperates with the FBI on breaking software security, sharing personal (illegally intercepted) data, etc.

Anyway, the same publication (as above) also floated the "Heartbleed" nonsense in another article today. Would they do just about anything to keep it in headlines? Even a year later? They are now citing some firm called Venafi (never heard of it before), which basically relies on misleading misuse of statistics. It's FUD from a company that tries to make money from perceived dangers and accentuates these dangers in an effort to acquire clients. What kind of 'journalism' is this? incidentally, Black Duck is now joining the list of such parasitic companies, with new hires and multiple press releases, so clearly it's a growth area and the Microsoft link is easy to see. It is FUD season again this spring as more publications now float this whole nonsense. This is hardly journalism, it's just throwback.

Thankfully enough, Red Hat demonstrates what "branding" of FOSS bugs practically means, even using the image above. There is no correlation between the naming of bugs and their severity, but press coverage sure loves a good brand. This is an important (albeit belated) response from Red Hat to "branding" of a FOSS bug by Microsoft-linked firms like the one behind "Heartbleed".

"It’s been almost a year since the OpenSSL Heartbleed vulnerability," says Red Hat, "a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the time, and just because a vulnerability gets a name and a fancy logo doesn’t mean it is of real risk to users."

Well, Microsoft folks sure squeezed everything they could from this bug, seeking to discredit not just OpenSSL but the whole development process of Free software (due to just one small bug, or a few lines of code). And Microsoft still pretends that it is warming up to Open Source? Who are these frauds kidding?

There's a lot of companies which continue to use platforms with back doors, such as Windows, but the Wintel-oriented media would rather we just obsess over this one bug from one year ago (which was patched as soon as it became publicly-known).

We are rather disappointed to see a decent journalist like Sean Michael Kerner, along with colleagues at eWEEK, swallowing the bait and serving to promote the misleading claims to advertise this company that controls the "Heartbleed" brand, among other opportunists (like fish swimming around a shark for some leftovers). Microsoft must be laughing quite hard seeing all that media manipulation.

Recent Techrights' Posts

linuxsecurity.com Still At It! 98% Probability Chatbot Generated, According to GPTZero!
"The Internet is mostly made by AI... but that's ok, it's all being deleted anyway."
 
Congratulations to Sirius Open Source, Still Claiming to Employ People Who Left Half a Decade Ago (or More!)
What signal does that send to con men?
[Meme] Bluewashing
Cent OS? No more.
IRC Proceedings: Thursday, May 23, 2024
IRC logs for Thursday, May 23, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Tenfold Increase for ChromeOS+GNU/Linux in Brunei
Brunei Darussalam is a country most people don't know about and never even heard about
Coming Soon: Another Round of 'Cancel Stallman' Chorus
The series required a great deal of patience
Links 23/05/2024: SeekOut Collapsing and Why Microsoft Probably Isn’t Going to Buy Valve
Links for the day
Gemini Links 23/05/2024: The Allure of Vinyl
Links for the day
Links 23/05/2024: Apple Responds to Streaming Music Fine, DOJ to Sue Live Nation
Links for the day
Links 23/05/2024: UK General Election and Archival
Links for the day
[Video] 3 Major Issues in Nationwide, Including (Potentially) a Major Data Breach
'electronic-bank' security has become the joke of the town
[Meme] Pointing Out Corruption Isn't a "Hate Crime"
The European Commission's reflexive (re)action to any sort of doubt or criticism
More Evidence in "iLearn AI Day" (a Buzzwords Festival) That EPO Intends to Eliminate Staff and Deviate Further Away from Fairness, Law, and Constitutions (Including Its Own!)
The EPO is a very potent danger to Europe's unity and the very concept of lawfulness. It exists to serve international monopolists and patent lawyers.
Microsoft's Windows Has Fallen Below 3% in Democratic Republic of the Congo (100+ Million Citizens)
Microsoft's sharp fall in Congo
The Real Reason Censorship is Attempted Against Us (and Against Others Too)
Microsoft's Windows market monopoly was in trouble
You Are Not The Only One
Reprinted with permission from Cyber Show (C|S)
GNU/Linux in Monaco: From 0.3% to Almost 6%
Monaco is a small country
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 22, 2024
IRC logs for Wednesday, May 22, 2024
Microsoft Has Lost Cote D'ivoire (Ivory Coast), Where Android Now Exceeds 60% of the Operating Systems' 'Market Share'
According to statCounter anyway
The Rumour Said Later Today Red Hat (IBM) Might Announce Layoffs
Let's see what happens later today (or next week)
Governments That Fail Journalism
Australia is known for giving us pure garbage like Rupert Murdoch
Windows Has Fallen From 'Grace'
When you tell people that Microsoft watches their every move in Windows many of them will freak out and ask for alternatives
Serbia: GNU/Linux at Almost 4% (or Beyond if ChromeOS is Counted)
considerable growth for GNU/Linux
Links 22/05/2024: China in Other Countries' Islands, Growing Threat of Piracy
Links for the day
Gemini Links 22/05/2024: Freedom Through Limitation, Cloud Photos
Links for the day
Canonical Supports Monopoly
more of the same
A farewell to Finland, an occupied territory
Finland, Finland, Finland
Links 22/05/2024: "Copilot+" as Mass Surveillance and Microsoft Defying Consent in Scarlett Johansson's Case
Links for the day
[Meme] Escalating After Failures
4 stages of cancel culture
Red Hat Had 2+ Days to Deny Reports of Impending Layoffs. But Red Hat Chose to Keep Silent.
Red Hat DOES NOT deny layoffs on the way
Microsoft-Connected Person Was Threatening to Sue Me and to Sue My Wife (Because His Feelings Were Hurt After Had He Spent More Than a Decade Defaming Me and Violating My Family's Dignity, Privacy)
litigation was chosen and we shall defend everything we wrote
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 21, 2024
IRC logs for Tuesday, May 21, 2024
Attempts to Sink the Free Software Movement (Under the Guise of Saving It)
We can see who's being drowned
Czech Republic: Windows Down From 98% to 43%, GNU/Linux Rises to Over 3%
modest gains for GNU/Linux
Links 22/05/2024: Pixar Layoffs and More Speculation About Microsoft Shutdowns/Layoffs (Ninja Theory)
Links for the day
Microsoft-Connected Sites Trying to Shift Attention Away From Microsoft's Megabreach Only Days Before Important If Not Unprecedented Grilling by the US Government?
Why does the mainstream media not entertain the possibility a lot of these talking points are directed out of Redmond?