Bonum Certa Men Certa

Secret Deals -- Not GnuTLS -- a Threat to GNU/Linux Security

Summary: Shifted focus (diversion towards non-issues like the GnuTLS flaw) and what we really need to watch out for when it comes to surveillance on GNU/Linux users

Cryptology is a funny thing. It's an instrument of control (through predictive information. espionage, blackmail and so on). That's more or less the thesis of a popular book from Wikileaks folks, titled "Cypherpunks". Held in the hands of ordinary citizens, cryptology gives citizens power. Abused in the hands of freelance thugs [1] or state-sanctioned thugs like the NSA, cryptology helps guard the thugs (secrecy) and expose citizens who are only ever 'enjoying' fake cryptology, such as Microsoft's and RSA's. Now that Apple is receiving horrible publicity for breaking cryptology around the same time Apple joined PRISM there is some dodgy attempt to divert attention towards GNU/Linux, even if GnuTLS flaws are already patched and GnuTLS is not so widely adopted, not to mention the fact that is not used for very sensitive transactions such as banking [2]. The Linux Foundation was also quick to rebut the FUD [3], stating that "some were quick to point out that Linux distributions were not vulnerable to this particular issue" (contrary to corporate media reports).



What remains much bigger an issue, other than weak passwords (human error), is closed-sourced and proprietary hardware that may or may not incorporate Linux [4], such as my Home Hub from BT (which is rumoured to have back doors, based on some British press). A lot of what we've learned from the NSA leaks is that secret deals and collusion with companies is what's responsible for back doors, not something which is visible at source code level. It is also what makes Red Hat, an NSA partner, difficult to trust these days [1, 2, 3]. The NSA reportedly asked Torvalds for back doors in Linux [1, 2, 3, 4]. Social engineering, bribes from the CIA in exchange for access (as reported in mainstream media) and even cracking is how spies get their way. They need not rely on programmers' errors.

Related/contextual items from the news:


  1. Two in five Brits cough up for CryptoLocker ransomware's demands
    Researchers from the University of Kent quizzed a total of 48 people who had been affected by CryptoLocker. Of the sample, 17 said they paid the ransom and 31 said they did not.


  2. GnuTLS: Big internal bugs, few real-world problems


  3. What is the GnuTLS Bug and How to Protect Your Linux System From It
    It seems that it's only been a few weeks since we all heard of a nasty certificate validation error in Apple's software, a.k.a. the infamous "double goto fail" bug. While some were quick to point out that Linux distributions were not vulnerable to this particular issue, wiser heads cautioned that a similar bug could be potentially lurking in software used on Linux.


  4. More than 300,000 routers in homes and small businesses hacked
    Team Cymru, the US-based security outfit which published the report, said that the network of hacked routers is one of the biggest of its kind that has been discovered, with most of the hacked routers in Columbia, India, Italy, Thailand, and Vietnam.




Recent Techrights' Posts

More Information About Public Talks That Richard Stallman Gave This Week in Europe
Two talks in Switzerland
SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Links 29/03/2024: Fentanylware (TikTok) Fines and UK High Court Makes It Seem OK to Assassinate People Wrongly (Falsely) Associated With "Russia"
Links for the day
Garden Season Starts Today
Outdoor time, officially...
Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
Engadget writes for bots now, not for humans
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries