Bonum Certa Men Certa
An Android World: Limitless Expansion in Tablets, Smaller Devices, and New Hardware | Patent Stacking by Microsoft, Apple, Nokia et al. Makes Android/Linux More Expensive, Less Competitive

Panic Over Transport Layer Security (TLS) Flaw Which is Already Patched

Bad news sells better

Summary: What the media is not really telling us about the GnuTLS vulnerability

The corporate press has shown its ignorance by characterising GNU as "Linux" and describing an already-patched flaw as the worst thing since proprietary software. Some went as far as suggesting that the NSA was behind it [1] and Muktware rebutted [2] the seminal article [3] which started a lot of the panic (at the time of writing there are dozens of articles about this, but we don't need to feed them with links). What we have here is another case of Dan Goodin creating panic in the Microsoft-friendly Ars, just as he had done when he worked for the Microsoft-friendly The Register. The only shocking thing is the amount of press coverage this received. PGP/GPG, OpenSSH, OpenSSL etc. were previously named here for flaws that had been found (in the context of Red Hat and the NSA [1, 2, 3]). These are not so uncommon. One just needs to keep up to date (patched) -- one that which Apple's customers cannot do. They can't even write their own patches.



Related/contextual items from the news:


  1. NSA did it again? This time GnuTLS fails to check malicious certificates


  2. Yes there was a security hole in Linux, but Red Hat already fixed it
    Originally reported by Ars Technica, the fix was available by the time the general public was made aware of it. It’s actually fairly similar to a certain security hole that lived for a year and could have allowed for exploits to be used in the wild.


  3. Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
    The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

Recent Techrights' Posts

Real Life Should be Offline, Not Online, and It Requires Free Software
Resistance means having the guts to say "no!", even in the face of great societal burden and peer pressure
 
IBM Took a Man’s Voice, Pitting Him Against His Own Work, While Companies Profit from Low-Effort Garbage Generated by Bots and “Self-Service”
Reprinted with permission from Ryan Farmer
Links 26/09/2023: KDE, Programming, and More
Links for the day
Mozilla Promotes the Closed Web and Proprietary Webapps That Are Security and Privacy Hazards
This is just another reminder that the people who run Mozilla don't know the history of Firefox, don't understand the Web, and are beholden to "GAFAM", not to Firefox users
Debian More Like an Exploitative Sweatshop Than a Family
Wiltshire is riding a high horse in the UK, talking down to Indians who are "low-level" volunteers in his kingdom of authoritarians, guarded by an army of British lawyers who bully bloggers
Small Computers in Large Numbers: A Pipeline of Open Hardware
They guard and prioritise their "premiums", causing severe price hikes due to supply/demand disparities.
Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up)
There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus
10 Reasons to Permanently Export or Liberate Your Site From WordPress, Drupal, and Other Bloatware
There are certainly more more advantages, but 10 should suffice for now
About 200,000 Objects in Techrights Web Site
This hopefully helps demonstrate just how colossal the migration actually is
Good Teachers Would Tell Kids to Quit Social Control Media Rather Than Participate in It (Teaching Means Education, Not Misinformation)
Insist that classrooms offer education to children rather than offer children to corporations
Twitter: From Walled Gardens to Paywalls and/or Amplifiers of Fascism
There's moreover a push to promote politicians who are as scummy as Twitter's owner
The World Wide Web is Being Confiscated From Us (Like Syndication Was Withdrawn About a Decade Ago) and We Need to Fight Back
We're worse off when fewer people promote RSS feeds and instead outsource to social control media (censorship, surveillance, manipulation)
Next Up: Restoring IRC Log Pipelines, Bulletins/Full Text RSS, Wiki (Archived, Static), and Pipelines for Daily Links
There are still many tasks left ahead of us, but we've progressed a lot
An Era of Rotting Technology, Migration Crises, and Cliffhanging
We've covered examples from IBM, resembling the Microsoft world
First Iteration of Techrights as 100% Static Pages Web Site
We want to champion another decade or two of positive impact and opinionated analysis
Links 25/09/2023: Patent News and Coding
some remaining links for today
Steam Deck is Mostly Good in the Sense That It Weakens Microsoft's Dominance (Windows)
The Steam Deck is mostly a DRM appliance
SUSE is Just Another Black Cat Working for Proprietary Giants/Monopolies
SUSE's relationship with firms such as these generally means that SUSE works for authority, not for community, and when it comes to cryptography it just follows guidelines from the US government
IBM is Selling Complexity, Not GNU/Linux
It's not about the clients, it's about money
Birthday of Techrights in 6 Weeks (Tux Machines and Techrights Reach Combined Age of 40 in 2025)
We've already begun the migration to static
Linux Foundation: We Came, We Saw, We Plundered
Linux Foundation staff uses neither Linux nor Open Source. They're essentially using, exploiting, piggybacking goodwill gestures (altruism of volunteers) while paying themselves 6-figure salaries.
Security Isn't the Goal of Today's Software and Hardware Products
Any newly-added layer represents more attack surface
Linux Too Big to Be Properly Maintained When There's an Incentive to Sell More and More Things (Complexity and Narrow Support Window)
They want your money, not your peace of mind. That's a problem.
Modern Web Means Proprietary Trash
Mozilla is financially beholden to Google and thus we cannot expect any pushback or for Firefox to "reclaims the Web" a second time around
Godot 4.2 is Approaching, But After What Happened to Unity All Game Developers Should be Careful
We hope Unity will burn in a massive fire and, as for Godot, we hope it'll get rid of Microsoft
GNU/Linux Has Conquered the World, But Users' Freedom Has Not (Impediments Remain in Hardware)
Installing one's system of choice on a device is very hard, sometimes impossible
Another Copyright Lawsuit Against Microsoft (or its Proxy) for Misuse of Large Works by Chatbot
Some people mocked us for saying this day would come; chatbots are a huge disappointment and they're on very shaky legal ground
Privacy is Not a Crime, Reporting Hidden Facts Is Not a Crime Either
the powerful companies/governments/societies get to know everything about everybody, but if anyone out there discovers or shares dark secrets about those powerful companies/governments/societies, that's a "crime"
United Workforce Always Better for the Workers
In the case of technology, it is possible that a lack of collective action is because of relatively high salaries and less physically-demanding jobs
Purge of Software Freedom and Its Voices
Reprinted with permission from Ryan Farmer
GNOME and GTK Taking Freedom Away From Users
Reprinted with permission from Ryan Farmer