Bonum Certa Men Certa

Secret Deals -- Not GnuTLS -- a Threat to GNU/Linux Security

Summary: Shifted focus (diversion towards non-issues like the GnuTLS flaw) and what we really need to watch out for when it comes to surveillance on GNU/Linux users

Cryptology is a funny thing. It's an instrument of control (through predictive information. espionage, blackmail and so on). That's more or less the thesis of a popular book from Wikileaks folks, titled "Cypherpunks". Held in the hands of ordinary citizens, cryptology gives citizens power. Abused in the hands of freelance thugs [1] or state-sanctioned thugs like the NSA, cryptology helps guard the thugs (secrecy) and expose citizens who are only ever 'enjoying' fake cryptology, such as Microsoft's and RSA's. Now that Apple is receiving horrible publicity for breaking cryptology around the same time Apple joined PRISM there is some dodgy attempt to divert attention towards GNU/Linux, even if GnuTLS flaws are already patched and GnuTLS is not so widely adopted, not to mention the fact that is not used for very sensitive transactions such as banking [2]. The Linux Foundation was also quick to rebut the FUD [3], stating that "some were quick to point out that Linux distributions were not vulnerable to this particular issue" (contrary to corporate media reports).



What remains much bigger an issue, other than weak passwords (human error), is closed-sourced and proprietary hardware that may or may not incorporate Linux [4], such as my Home Hub from BT (which is rumoured to have back doors, based on some British press). A lot of what we've learned from the NSA leaks is that secret deals and collusion with companies is what's responsible for back doors, not something which is visible at source code level. It is also what makes Red Hat, an NSA partner, difficult to trust these days [1, 2, 3]. The NSA reportedly asked Torvalds for back doors in Linux [1, 2, 3, 4]. Social engineering, bribes from the CIA in exchange for access (as reported in mainstream media) and even cracking is how spies get their way. They need not rely on programmers' errors.

Related/contextual items from the news:


  1. Two in five Brits cough up for CryptoLocker ransomware's demands
    Researchers from the University of Kent quizzed a total of 48 people who had been affected by CryptoLocker. Of the sample, 17 said they paid the ransom and 31 said they did not.


  2. GnuTLS: Big internal bugs, few real-world problems


  3. What is the GnuTLS Bug and How to Protect Your Linux System From It
    It seems that it's only been a few weeks since we all heard of a nasty certificate validation error in Apple's software, a.k.a. the infamous "double goto fail" bug. While some were quick to point out that Linux distributions were not vulnerable to this particular issue, wiser heads cautioned that a similar bug could be potentially lurking in software used on Linux.


  4. More than 300,000 routers in homes and small businesses hacked
    Team Cymru, the US-based security outfit which published the report, said that the network of hacked routers is one of the biggest of its kind that has been discovered, with most of the hacked routers in Columbia, India, Italy, Thailand, and Vietnam.




Recent Techrights' Posts

Credit Suisse collapse obfuscated Parreaux, Thiébaud & Partners scandal
Reprinted with permission from Daniel Pocock
UK Media Under Threat: Cannot Report on Data Breach, Cannot Report on Microsoft Staff Strangling Women
The story of super injunction (in the British media this week, years late)
Under the Guise of "MIT Technology Review Insights" the Site MIT Technology Review Posts Corporate Spam as 'Articles'
Some of the articles aren't even articles but 'hit pieces' against Free software and some are paid advertisements
Brett Wilson LLP Has Track Record in Scam Coin Cases (e.g. Craig Wright and More), Now It Works for 'Crypto' Scam Purveyors
But wait, it gets worse
Will Brett Wilson LLP Handle Its Own Winding Up Petition or be Struck Off for Overt Abuse of Process?
Today we sue not only the first Microsofter
Ubuntu Becomes Microsoft GitHub, Based on Decision Made by British Army Officer
You're hopeless, Canonical
Sharing Code and Recipes
It helps explain the triviality of software freedom
How Many Women Has Microsoft's Alex Balabhadra Graveley Already Strangled and Where Does That End?
If you too are a victim of this man and wish to share information, contact us
 
Links 17/07/2025: "Blog Identity Crisis" and Openwashing by Nvidia
Links for the day
Greffiers and the US Attorney of the Serial Strangler From Microsoft
The lawsuit can help expose extensive corruption in the American court system as well
The People Who Promoted systemd in Debian Also Promote Wayland
This is not politics
Victims of the Serial Strangler From Microsoft, Alex Balabhadra Graveley, Wanted to Sue Him But Lacked the Funds (He Attacked Their Finances)
Having spoken to victims of the Serial Strangler From Microsoft
Links 17/07/2025: Science, Hardware, and Censorship
Links for the day
Gemini Links 17/07/2025: Staying in the "Small Web" and Back on ICQ
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 16, 2025
IRC logs for Wednesday, July 16, 2025
Exclusive: corruption in Tribunals, Greffiers, from protection rackets to cat whisperers
Reprinted with permission from Daniel Pocock
Links 16/07/2025: Chip Bans and Microsoft’s “Digital Escort” Program
Links for the day
Revolving Doors: One Day You're a Judge, the Next Day You're an Attorney Paying Public Officials and Working for Violent and Dangerous Microsoft Employees
how the US justice system works
Slopwatch: Noise, Plagiarism and Even Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
What are we meant to do to prevent a false association or misleading connotations? Game the LLMs? No. Boycott slopfarms.
Gemini Links 16/07/2025: BaseLibre Numerical System and Simple Web Browsing with TLS
Links for the day
Links 16/07/2025: Fascist Slop Takes "Intelligence" Clothing, New Criminal Case Against MElon
Links for the day
"We Might Save Somebody's Life"
I follow the example of my father
Why I am Suing the Serial Strangler From Microsoft, Alex Balabhadra Graveley, in the UK High Court This Week
Out of respect to the process and to the Court, I shall not share any pertinent details about the case
Links 16/07/2025: China’s Economy Grows Steadily, France Takes Action Regarding Harm to Children by GAFAM and Fentanylware (TikTok)
Links for the day
It is Not About Politics
Beware the people who try to make this about politics
Good Journalism Saves Lives
a shocking number of women die or get seriously hurt every day due to violence from a partner
Recognition of Women's Contributions to Free Software
Being passive is not an option when bad things are happening
Slopfarms Are Going to Perish Because Public Opinion is Changing
Many slopfarms will simply go offline
19 Years of Standing Up for Justice, Equality, and Truth
This week we shall take it up a notch
Gemini Links 16/07/2025: Tmux and OCC25 Working TLS
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 15, 2025
IRC logs for Tuesday, July 15, 2025
Links 15/07/2025: LLM Pollution and Pushback in Ukraine
Links for the day
Gemini Links 15/07/2025: xkcd, New Cert, and Alhena Gemlog
Links for the day
Links 15/07/2025: Press Freedom at Risk and New Facebook Blunders
Links for the day
Reboots Should Never be Necessary
"BUT WHAT ABOUT SECURITY!!"
There's Still Hope for the World Wide Web
Let's hope that the trajectory of the Web won't be leading us to over-reliance on Google, nor will it reward worthless slopfarms
Gemini Links 15/07/2025: Smolweb and Alhena 5.1.7
Links for the day
The Danes Want GNU/Linux
David Heinemeier Hansson recently moved to GNU/Linux
Cory Doctorow Explains Why Software Freedom Matters, Whereas "Open Source" Misses the Point and Helps Monopolies
It's a very long article
BillPR (EpsteinGate-Bribed NPR) is Turning Into a Partial Slopfarm that Promotes Slop
"I went on a date with a chatbot!"
Two Weeks Passed Since Latest Large Wave of Microsoft Layoffs, More Expected Next Month
Blaming the debt on "AI" is just self-serving storytelling
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 14, 2025
IRC logs for Monday, July 14, 2025
Gemini Links 15/07/2025: Gemini "Style Sheets" and Switching From Microsoft GitHub to Codeberg
Links for the day