Bonum Certa Men Certa
An Android World: Limitless Expansion in Tablets, Smaller Devices, and New Hardware | Patent Stacking by Microsoft, Apple, Nokia et al. Makes Android/Linux More Expensive, Less Competitive

Panic Over Transport Layer Security (TLS) Flaw Which is Already Patched

Bad news sells better

Summary: What the media is not really telling us about the GnuTLS vulnerability

The corporate press has shown its ignorance by characterising GNU as "Linux" and describing an already-patched flaw as the worst thing since proprietary software. Some went as far as suggesting that the NSA was behind it [1] and Muktware rebutted [2] the seminal article [3] which started a lot of the panic (at the time of writing there are dozens of articles about this, but we don't need to feed them with links). What we have here is another case of Dan Goodin creating panic in the Microsoft-friendly Ars, just as he had done when he worked for the Microsoft-friendly The Register. The only shocking thing is the amount of press coverage this received. PGP/GPG, OpenSSH, OpenSSL etc. were previously named here for flaws that had been found (in the context of Red Hat and the NSA [1, 2, 3]). These are not so uncommon. One just needs to keep up to date (patched) -- one that which Apple's customers cannot do. They can't even write their own patches.



Related/contextual items from the news:


  1. NSA did it again? This time GnuTLS fails to check malicious certificates


  2. Yes there was a security hole in Linux, but Red Hat already fixed it
    Originally reported by Ars Technica, the fix was available by the time the general public was made aware of it. It’s actually fairly similar to a certain security hole that lived for a year and could have allowed for exploits to be used in the wild.


  3. Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
    The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.
An Android World: Limitless Expansion in Tablets, Smaller Devices, and New Hardware | Patent Stacking by Microsoft, Apple, Nokia et al. Makes Android/Linux More Expensive, Less Competitive

Recent Techrights' Posts

Over at Tux Machines...
GNU/Linux news for the past day
Governments That Financially Benefit (Profit) From the EPO Have a Long History of Covering Up Fraud and Corruption at the EPO
Many people are aware of it, even some of the biggest EPO stakeholders
 
The Register MS Still Occasionally Uses Slop
some articles don't use real images
Links 10/11/2025: "Scam Altman Gets Served Subpoena" and "China will Rule Renewable Energy"
Links for the day
ubuntupit.com Has Paused the LLM Slop (for Now)
No slopfarm ever offered any real value
More Media Coverage From Austria Regarding Cocaine Use by EPO Management
The ultimate goal is full accountability
Ponzi Economics and the Media's Role in Defending Ponzi Economics
We occasionally notice weak or almost-non-existent coverage regarding the economy
Links 10/11/2025: Very High Windows TCO and XBox Continues to Languish
Links for the day
IRC Proceedings: Sunday, November 09, 2025
IRC logs for Sunday, November 09, 2025
Our Time in London
10 Days Ago We Were Down in London
Giving Red Hat a Second Life and Second Chance: Drop the LLM Slop, Stop Publishing Promotion of LLMs or Text Made by LLMs
For Red Hat to earn more trust it needs to quit participating in the biggest "pump and dump" pyramid scheme since the 1990s
Gemini Links 09/11/2025: Garden Room Complete, FreeBSD 15.0 on the ThinkPad T480, and Known Gemini Caspules Sorted by Number of URLs
Links for the day
Links 09/11/2025: Fung-wong Strikes Maharlika, "Open" "AI" Wants Taxpayers to Give It Bailout Money
Links for the day
Links 09/11/2025: "Avoid MSI Graphics Like the Plague", Harms of Social Control Media More Widely Recognised
Links for the day
Rocky Linux's Embrace of Mindless Cargo Cults Will Harm Rocky Linux in the Long Run
focus on technology, not marketing that defrauds many people and plagiarises many producers
Many of Red Hat's Official Blog Posts Seem to be Fake, Written at Least Partly by Bots (LLM Slop)
Can one trust Red Hat on technical things if it cannot even write words?
Suggestions Regarding Techrights Search
In some cases, Daily Links also serve to obscure our original articles
"Open" "AI" is Going Bankrupt, Appealing for Government Bailout
The writings have been on the wall for years
Reaffirming Rumours of More Microsoft Layoffs, Halo Impacted, XBox Business Winding Down
XBox has a huge target painted on its bum
"Secure Boot": Stop Trying to Boot Into GNU/Linux, Use Vista 11 Instead
It's all about reducing the user's cybersecurity under the false guise of improving it
This is What We Always Wanted to Spend Our Time on
2026 will probably be our most productive ever
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 08, 2025
IRC logs for Saturday, November 08, 2025
LowEndBox Resorts to Ableism to Smear Software Freedom
Not some "low-level" pundit but an administrator
IBM is Destroying Red Hat (by Extension, It Also Harms GNU/Linux)
IBM is where things come to die, more so in the past decade or so
Austrian Media Coverage of Luis Berenguer's (Top EPO Official) Getting Busted for Cocaine
This wasn't some rich tourist caught by cops, it was a local official whom they busted
This Coming Thursday EPO Staff Meets Online to Discuss the Salaries Going Down While Stoned Managers Increase Their Own
compensation going down relative to inflation and other factors
Misinformation of IBM Spread via LLM Slop
Since a lot of sites now rely on LLMs we can expect the corporations' lies to be perpetuated by bots. That includes the myths of IBM Red Hat.
Gemini Links 09/11/2025: File Managers and DPC Commissioner
Links for the day
Links 08/11/2025: Climate Talk Unfruitful, OldVersion.com Archive Facing Shutdown
Links for the day
IBM is Eliminating Red Hat Like It Eliminated Tivoli and Eliminated Cognos
Be wary of IBM
Quitting One's Job Isn't Forbidden, Right?
it's important to remind people that leaving one's job is perfectly OK
Being Absent/Missing From Social Control Media is Not a Sign of Weakness
Broadly speaking, social control media is for losers
Empathy Online
I recently learned from someone that running his Web site might hurt some feelings, even if the writings are truthful
Our Site Search Increases Our Editorial and Informational Independence
Implementing our search facility is a long-term investment
Advocates of GNU/Linux and the Uphill Battles Behind Us
GNU/Linux felt like "activism" 20 years ago. Now it's mainstream.
Cybersecurity Means Real Security, Not Back Doors
Standing our ground on technology and cybersecurity is an uncompromisable stance
Links 08/11/2025: Disinformation Crisis, Denmark Recognises Threats Associated With Social Control Media
Links for the day
The Free Software Foundation (FSF) is Besieged for the Times It Does the Right Things
As that upsets rich people's interests (and they were, at times, sponsors)
Links 08/11/2025: Technical and Financial GAFAM Woes and Arrests of Journalists by Despots
Links for the day
Like SUSE, IBM Red Hat Seems to be Using LLM Slop to Write Fake (Bot-Generated) Blog Posts
IBM Red Hat keeps promoting slop
Corruption is a Reality, It's Not a Dirty or a Strong Word
Corruption is a topic some newspapers shy away from
How German Media Covered Cocainegate at The European Patent Office (EPO)
At some point we'll ask that same press to revisit the issue and this time comment on the EPO connection
Our Launch of Techrights Search Has Been Successful (So Far)
There are about 50,000 articles indexed there, going 19+ years back
Daniel Pocock Explains Social Engineering in Debian and Other Communities Increasingly Controlled by "Barons"
Communities are not corporations
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 07, 2025
IRC logs for Friday, November 07, 2025
Rosanna Yuen & GNOME community triple tricked
Reprinted with permission from Daniel Pocock
Adrian & Diana von Bidder-Senn, Debian: detailed history of a death
Reprinted with permission from Daniel Pocock
Crypto AG tricked ETH Zurich student internship
Reprinted with permission from Daniel Pocock
An Old Story of Fraud at the EPO in the Netherlands (and How the Dutch Government Facilitated It)
We've already mentioned several other scandals where the the Dutch government engaged in fraud and passive corruption
Voicing Concerns About European Patent Office (EPO) in Rijswijk
The report is dated yesterday
Gemini Links 08/11/2025: KeePassRX and Pluribus
Links for the day
IBM Layoffs Not Done, Terminations of Staff in India, Brazil, and Mexico Reported
This hopefully answers questions such as, "do the layoffs only impact US and Canada?"