This page permanently redirects to gemini://gemini.techrights.org/2022/10/30/openssl-bug-hype/.
Gemini version available ♊︎
Posted in Free/Libre Software, FUD, GNU/Linux, Security at 6:22 pm by Dr. Roy Schestowitz
Video download link | md5sum 4b7ddbb46fa6769b563d42abfd3763b2Trusting the FUD Blindly Creative Commons Attribution-No Derivative Works 4.0
http://techrights.org/videos/openssl-fud-again.webm
Summary: Fear, Uncertainty, and Doubt (FUD) campaigns have begun based on a lack of information rather than actual substance; Dramatisation of this kind merits a debate as the boy keeps crying “wolf!” in vain (because he sees a dog)
OVER the past 5 or so days we’ve included in Daily Links many articles about an upcoming patch for OpenSSL, not “imminently” as this was disclosed almost a week in advance, which is rather unusual (that long a timespan).
We’ve patiently been wanting to do a a response, waiting for insiders who can tell what the bug was or how severe it really was; we scolded some media for calling it "zero day" because as far as we can tell the term is misapplied, maybe even on purpose.
“A lot of the media reports, not privy to any details, trust the panic makers despite having no details. Where’s the fact-checking?”
So many speculative, uninformed and uninformative articles have mentioned the magic “FUDword”, Heartbleed, still failing to recognise that it was a bug first discovered by Google and then hyped up by Microsofters to stigmatise Free software (we wrote a lot about this at the time). This was almost a decade ago; after that we saw many logos and sites (for pertinent bugs, not pieces of software) and even the occasional pranks after that, trying to reproduce that hype’s success [sic] because FUD travels fast and some firms wanted to “make a name” for themselves.
People with access to information or special privileges already caution us that the advanced notice is more about hype than substance. A lot of the media reports, not privy to any details, trust the panic makers despite having no details. Where’s the fact-checking?
=> ↺ caution us
Seeing how “Heartbleed” FUD was used by Microsoft for years (and "log4j" a year later, even by the anti-Linux Foundation), it seems likely that this is a campaign of drama, not a real security crisis. How many breaches will be caused by this? Time will tell, but probably not many (same as “Heartbleed”, where reality didn’t match the propaganda). █
=> and "log4j" a year later | Linux Foundation
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
Permalink > Image: Mail
Send this to a friend
=> Permalink | ↺ Send this to a friend
=> Techrights
➮ Sharing is caring. Content is available under CC-BY-SA.
text/gemini;lang=en-GBThis content has been proxied by September (3851b).