Bonum Certa Men Certa

Security FUD Against Free Software Resurfaces, Using Promotional Branding From a Microsoft-Linked Firm, So Red Hat Finally Responds

Bugs
Image courtesy of Red Hat



Summary: Old news is 'new' again, as Microsoft-friendly media decides to keep knocking hard on the reputation of Free software, using words rather than substance

A YEAR ago there was a curious (first of its kind for Free/Open Source software) "branding" of a 2-year-old FOSS bug by a Microsoft-linked firm that did not even find the bug. An engineer from Google had found it and sought to responsibly disclose it so as to patch it properly before the Microsoft-linked opportunists blew off the lid and called it "Heartbleed", set up a Web site to 'celebrate' the bug, and even made a professionally-prepared logo for it. This whole "Heartbleed" nonsense -- however serious it may have been for a day -- was blown out of all proportions in the media and tarnished the name of Free software because it was so 'successfully' marketed, even to non-technical people. It was a branding 'success' which many firms would later attempt to emulate, though never with the same degree of 'success' (where success means bamboozling the public, especially non-technical decision-making people).

"Microsoft must be laughing quite hard seeing all that media manipulation.""Dear journalists," I said earlier today in social media (Diapora), "bugs don't have birthdays. Stop finding excuses to bring "Heartbleed" BS (MS name for old bug) to headlines." I spoke to one author about it and challenged him for floating these "Heartbleed" logos and brands yet again. To us it seems quite evident that Microsoft keeps attacking Free software and GNU/Linux like no time before; it's just more subtle and hidden in more sophisticated ways. The person who heads the incognito firm that's known only for the "Heartbleed" brand (they control the brand) came from Microsoft (he was head of security there) and also from the FBI, whose stance on encryption is widely known by now; they actively seek to break security of software, so knowing about the 2-year-old OpenSSL bug would make sense. Some reputable media reports said that the NSA had known about this bug for about a year before it was known to the public and the NSA cooperates with the FBI on breaking software security, sharing personal (illegally intercepted) data, etc.

Anyway, the same publication (as above) also floated the "Heartbleed" nonsense in another article today. Would they do just about anything to keep it in headlines? Even a year later? They are now citing some firm called Venafi (never heard of it before), which basically relies on misleading misuse of statistics. It's FUD from a company that tries to make money from perceived dangers and accentuates these dangers in an effort to acquire clients. What kind of 'journalism' is this? incidentally, Black Duck is now joining the list of such parasitic companies, with new hires and multiple press releases, so clearly it's a growth area and the Microsoft link is easy to see. It is FUD season again this spring as more publications now float this whole nonsense. This is hardly journalism, it's just throwback.

Thankfully enough, Red Hat demonstrates what "branding" of FOSS bugs practically means, even using the image above. There is no correlation between the naming of bugs and their severity, but press coverage sure loves a good brand. This is an important (albeit belated) response from Red Hat to "branding" of a FOSS bug by Microsoft-linked firms like the one behind "Heartbleed".

"It’s been almost a year since the OpenSSL Heartbleed vulnerability," says Red Hat, "a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the time, and just because a vulnerability gets a name and a fancy logo doesn’t mean it is of real risk to users."

Well, Microsoft folks sure squeezed everything they could from this bug, seeking to discredit not just OpenSSL but the whole development process of Free software (due to just one small bug, or a few lines of code). And Microsoft still pretends that it is warming up to Open Source? Who are these frauds kidding?

There's a lot of companies which continue to use platforms with back doors, such as Windows, but the Wintel-oriented media would rather we just obsess over this one bug from one year ago (which was patched as soon as it became publicly-known).

We are rather disappointed to see a decent journalist like Sean Michael Kerner, along with colleagues at eWEEK, swallowing the bait and serving to promote the misleading claims to advertise this company that controls the "Heartbleed" brand, among other opportunists (like fish swimming around a shark for some leftovers). Microsoft must be laughing quite hard seeing all that media manipulation.

Recent Techrights' Posts

OSI's Blog is Still 100% Microsoft-Sponsored Attacks on Free/Open Source Software
OSI is a compromised, defunct body. It exists to serve the enemies of its original mission.
Red Hat is Suing to Protect From Patent Trolls
Why doesn't Red Hat (IBM) also lobby to eliminate all software patents once and for all?
Free Software Foundation (FSF) Probably Has No Choice But to Shut Down Its Office
Net Income -$686,366
Difficult Times at Soylent News
We hope that Soylent News will recover from this
Modern spyware and the problems of "Discord newspeak"
The history of modern instant messaging...
The Best Interface is Outdoors, It's Nature!
Not everything should be replaced by or emulated by digital devices
 
Crimes of the EPO Are Costing Everybody in Europe
Since virtually everyone in Europe is a user of software (almost nobody is a forest dweller like in countries near the equator), this impacts everybody
A Decade Ago Things Became So Bad at the European Patent Office (EPO) That Staff Jumped Out the Window During Working Hours
Colleagues saw the suicide; the EPO's response wasn't to tackle the causes but to bolt down the windows (like factories in China installing controversial 'suicide nets')
COVID-19 Ushered in Attacks on Human Rights and Things They Said They Had Introduced Temporarily Are Still in Effect/Operation Today
COVID-19 changed a lot of things
The Peril of the Electronic Frontier Foundation (EFF) Illuminates the Dangers of Founders Leaving or Being Forced Out
Whatever you may think they stand for, you risk being fixated on what they originally were and perhaps what their Web sites still say
Quitting Academia When Its IT Systems Are Dominated by Clowns Who Outsource
It seems like a common trajectory
Why the Free Software Foundation (FSF) Owning or Renting Office Space Mattered
"In the long term, the FSF needs to own its future office space, but then the deadly risk is that the property ownership becomes the end goal rather than software freedom."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 09, 2024
IRC logs for Monday, September 09, 2024
Nearly Two Years After Quitting My Job
My colleagues and I were bullied by managers (grievance complaint got filed) who didn't even know what "Linux" was
Terms of Service (TOS) Under Scrutiny - Part XVIII - In Conclusion
Many activities can be done offline without having to sign anything
Links 09/09/2024: More Trash Balloons and Collapse of Real Estate Market in China
Links for the day
Gemini Links 09/09/2024: ROOPHLOCH and More
Links for the day
Wrong Priorities at IBM
Lavish spendings on a 16-year contract for the most expensive place while firing tens of thousands of staff
Links 09/09/2024: LLMs Manipulated to Lie, More Corruption Found in COVID-19 Contracts
Links for the day
Terms of Service (TOS) Under Scrutiny - Part XVII - A Personal Perspective
The bottom line is, it's possible to reduce (albeit not entirely eliminate) how many things one signs, presses "OK" on and so on
[Video] Richard Stallman's New Talk in Germany Covers What Free Software Means, Why LLMs are "Bullshit", and Lots More (Web3 Summit 2024 Berlin)
Closing Keynote Day 3 - Dr. Richard Stallman - Web3 Summit 2024 Berlin
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 08, 2024
IRC logs for Sunday, September 08, 2024
Always Taking Things Up a Notch
Nothing will stop us
[Meme] EPO Keeps Masking Its Corruption With "Diversity and Inclusion" (Hiring the Wife of a Friend of Someone Who Bribed His Way Into EPO Presidency)
chain of nepotism
Very Large EPO Applicants Now Threaten a Boycott of the EPO (the EPO Management is Trying to Bribe Them to Change Their Plans/Minds While Hiding It From Staff)
If corruption prevails to this extent, it will have severe international effect
Gemini Links 09/09/2024: Gemini Application Developer Guide and ROOPHLOCH 2024
Links for the day
Links 09/09/2024: 'Dieselgate' Criminal Trial Starts Late, Mass Layoffs at Volkswagen
Links for the da
On Losing the Job at Google After Talking About Committing Acts of Violence Against Colleagues
We still have a highly toxic element trying to enter and fracture our community
[Meme] Patent Monopolies as Bribes at the European Patent Office (EPO)
bloggers who report crime are being threatened with lawsuits by several law firms hired by the EPO to cover up crimes
New EPO Letter Expressing Concerns About EPO Violating Its Charter, Clearly Violating Rules (Possibly Bribing Siemens With Monopolies) and Granting Loads of Fake Patents to Make More Money
Why does the EU tolerate the EPO's crimes and how much longer will this go on for?
NIST is Threatening to Sue You With Patents on Mathematics (That Aren't Even Legal in the First Place) If They Don't Like You
They're asserting monopolies on mathematics
[Meme] EPO 'Hush Money' to Companies That Point Out EPO Breaks the Rules
A bribed doorman: "We have patent examiners, but if you say the right words, we'll bypass them for you"
Gemini Links 08/09/2024: WebDAV, OpenBSD, Pocket Reform, and More
Links for the day
Links 08/09/2024: Super Typhoon and Lots of Climate Journalism
Links for the day
Certificate Authorities (CAs) Are Serving the Authorities, Not You
The centralised CAs "model" is not working
Rage in the Propaganda Machine
There has never been a better time to quit social control media
The Free Software Movement Must Not Assume That Truth and Science Always Win
Sometimes the bad people and the liars get ahead
Peter Eckersley and 'Afterlife'
It's better to look after one's health at present than to pursue all sorts of perceived 'insurance' policies
Terms of Service (TOS) Under Scrutiny - Part XVI - When Radio is No Longer "Read-Only" (Listening Mode) Because Someone Listens and Sells Your Data
Who would want to put up with this?
Terms of Service (TOS) Under Scrutiny - Part XV - "Zoom's terms of service change sparks worries over AI uses" (and More)
Then they wonder why users get all grumpy?
redhat.com is Promoting Revisionism and Lies Regarding the Origin of the Term "Open Source"
debunked many times before
Software Patents Against GNU/Linux Again
Patent extortion against OpenShift and Red Hat Enterprise Linux
IBM is Cutting - Almost in Half - Its Office Space in Austin, So Expect Many Layoffs (RAs)
IBM reduces office space by 187,00 square feet or 37%
IRC Proceedings: Saturday, September 07, 2024
IRC logs for Saturday, September 07, 2024
Over at Tux Machines...
GNU/Linux news for the past day