Bonum Certa Men Certa

Security FUD Against Free Software Resurfaces, Using Promotional Branding From a Microsoft-Linked Firm, So Red Hat Finally Responds

Bugs
Image courtesy of Red Hat



Summary: Old news is 'new' again, as Microsoft-friendly media decides to keep knocking hard on the reputation of Free software, using words rather than substance

A YEAR ago there was a curious (first of its kind for Free/Open Source software) "branding" of a 2-year-old FOSS bug by a Microsoft-linked firm that did not even find the bug. An engineer from Google had found it and sought to responsibly disclose it so as to patch it properly before the Microsoft-linked opportunists blew off the lid and called it "Heartbleed", set up a Web site to 'celebrate' the bug, and even made a professionally-prepared logo for it. This whole "Heartbleed" nonsense -- however serious it may have been for a day -- was blown out of all proportions in the media and tarnished the name of Free software because it was so 'successfully' marketed, even to non-technical people. It was a branding 'success' which many firms would later attempt to emulate, though never with the same degree of 'success' (where success means bamboozling the public, especially non-technical decision-making people).

"Microsoft must be laughing quite hard seeing all that media manipulation.""Dear journalists," I said earlier today in social media (Diapora), "bugs don't have birthdays. Stop finding excuses to bring "Heartbleed" BS (MS name for old bug) to headlines." I spoke to one author about it and challenged him for floating these "Heartbleed" logos and brands yet again. To us it seems quite evident that Microsoft keeps attacking Free software and GNU/Linux like no time before; it's just more subtle and hidden in more sophisticated ways. The person who heads the incognito firm that's known only for the "Heartbleed" brand (they control the brand) came from Microsoft (he was head of security there) and also from the FBI, whose stance on encryption is widely known by now; they actively seek to break security of software, so knowing about the 2-year-old OpenSSL bug would make sense. Some reputable media reports said that the NSA had known about this bug for about a year before it was known to the public and the NSA cooperates with the FBI on breaking software security, sharing personal (illegally intercepted) data, etc.

Anyway, the same publication (as above) also floated the "Heartbleed" nonsense in another article today. Would they do just about anything to keep it in headlines? Even a year later? They are now citing some firm called Venafi (never heard of it before), which basically relies on misleading misuse of statistics. It's FUD from a company that tries to make money from perceived dangers and accentuates these dangers in an effort to acquire clients. What kind of 'journalism' is this? incidentally, Black Duck is now joining the list of such parasitic companies, with new hires and multiple press releases, so clearly it's a growth area and the Microsoft link is easy to see. It is FUD season again this spring as more publications now float this whole nonsense. This is hardly journalism, it's just throwback.

Thankfully enough, Red Hat demonstrates what "branding" of FOSS bugs practically means, even using the image above. There is no correlation between the naming of bugs and their severity, but press coverage sure loves a good brand. This is an important (albeit belated) response from Red Hat to "branding" of a FOSS bug by Microsoft-linked firms like the one behind "Heartbleed".

"It’s been almost a year since the OpenSSL Heartbleed vulnerability," says Red Hat, "a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the time, and just because a vulnerability gets a name and a fancy logo doesn’t mean it is of real risk to users."

Well, Microsoft folks sure squeezed everything they could from this bug, seeking to discredit not just OpenSSL but the whole development process of Free software (due to just one small bug, or a few lines of code). And Microsoft still pretends that it is warming up to Open Source? Who are these frauds kidding?

There's a lot of companies which continue to use platforms with back doors, such as Windows, but the Wintel-oriented media would rather we just obsess over this one bug from one year ago (which was patched as soon as it became publicly-known).

We are rather disappointed to see a decent journalist like Sean Michael Kerner, along with colleagues at eWEEK, swallowing the bait and serving to promote the misleading claims to advertise this company that controls the "Heartbleed" brand, among other opportunists (like fish swimming around a shark for some leftovers). Microsoft must be laughing quite hard seeing all that media manipulation.

Recent Techrights' Posts

Double-Dipping the Docket for Microsoft Glory and Censorship of Microsoft Critics
same lawyer, same barrister, all US, all Microsoft
IBM: Less Than a Month's Severance for Each Decade of Service
Yes, decade!
The EPO, Europe's Largest Patent Office, Admits Outsourcing to Microsoft Slop
Their sole goal is to make more money
 
Microsoft's "FUD-as-a-Service" (Against Linux) Not Functioning Well
This is the kind of contribution companies like Microsoft and Google have to offer to society
Betanews Becoming a Slopfarm is "Betanews Growing Alongside You", According to Betanews
Their first 'article' in over two weeks is 52% "AI-generated" (slop), 33% mixed (edited slop), 18% human-written, says an advanced scanner.
Coffee Day and LLM Sloppers
The LLM slop "bros" are a lot like fake-money bros; they lie to people, they boast that they lie to people, and they're generally bad people, BS artists in colloquial terms
TheLayoff Censorship of IBM Threads Has Gone Truly Ludicrous
we do not argue that TheLayoff should not cull LLM slop
More Stallmanites Added to FSF Board and Summer Fundraiser Commences
There's some good news from the FSF
Gemini Links 17/06/2025: Consistency and Notes About NixOS
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 16, 2025
IRC logs for Monday, June 16, 2025
July 2 2025 Would Not be First Big Wave of Microsoft Layoffs Before Major National Holiday
July 2 or 3 mark the start of a very long weekend in the US
IDG's NetworkWorld Seems to Have Just Become LLM Slop
If IDG (now controlled by China) does that in at least one site, why not the rest? Only a matter of time?
Gemini Links 16/06/2025: Free Lunches and Bookmarklet for Mastodon
Links for the day
Gemini Protocol Turns 6 on Friday
Active (online) Gemini capsules are estimated by Lupa at over 3,000
Taking a Lesson From Denmark and Greenland? Iceland Shows New Lows for Windows, All-Time Highs for GNU/Linux
If Microsoft sabotages systems of judges at the Hague (in order to appease the insane man who wanted to invade Greenland), why won't its neighbour Iceland take note?
BetaNews Has Just Deleted Its Latest 'Article' or Got Cracked Again and Restored From Outdated Backup Again
BetaNews seems to be in some serious trouble right now
Software Freedom is "Activism" Because the Corporate Agenda Revolves Around Bribery, Deceit, and Betrayal
At the end Software Freedom will win because it's on the same side as truth and lawfulness
Links 16/06/2025: EchoLeak and NASA Teaming up With India
Links for the day
The Better the Understanding or the More Nations Understand the Threat Posed by Microsoft, the Faster It'll be Eradicated
We believe that the thing to advocate is self-hosting and Free software... A lack of simplicity or absence of alternatives is a form of vendor lock-in
A Week of Sunlight
They say transparency is like sunlight to a vampire
"Linux" Sites That Went Astray
there are even worse things than shutdowns
Links 16/06/2025: Climate, Wildfires, Breaches, and Monopolies
Links for the day
Links 16/06/2025: Summer in Finland and Misunderstandings
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 15, 2025
IRC logs for Sunday, June 15, 2025
Gemini Links 15/06/2025: Rainy Season and OpenDocument Format (ODF)
Links for the day
Links 15/06/2025: Military Games, Parade, and Actions
Links for the day
Links 15/06/2025: Windows TCO, Openwashing, and Wars
Links for the day
Gemini Links 15/06/2025: "AI Fatigue and Crappiness"
Links for the day
When Abusive Law Firms (Working for Microsofters Against Us) Assert That Someone Writing in Social Media About Himself is Confidential Information
There was no reason to throw "GDPR" into 2 SLAPPs; they know it, but the goal was to increase the cost of a Defence and lessen the incentive to challenge the SLAPPs
Microsoft Attack Dogs Against Watchdogs and Guard Dogs in Software
Last year Microsofters hired attack dogs or "guns for hire"
Slop Cannot Replace Domain Expertise
All this "AI" hype (it's not even intelligence, it's all a misnomer, as many of us have insisted all along) will fizzle and be written off as a failed experiment
IBM's Fresh 'PIPs' (Action Before Layoffs)
At times like these, even once-reputable employers resort to PIPs and other procedures/tricks for denial of workers' rights
Microsoft is a Problem Not Just for Denmark
Every country should consider what Denmark is doing, why Denmark is doing it, and then do the same
The Slopfarms' Self Detonation
If more sites like BetaNews go under, then maybe we can still salvage some of the Web
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 14, 2025
IRC logs for Saturday, June 14, 2025