Et Tu Gnu?

Ooops. Slashdot leads us to an Arstechnia post on TLS’s #goto fail.

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

Naturally it has been patched by GnuTLS, so you’re apt to yum it up.

But this goes back to the fact that ethernet is based on a trust model, so you have to prevent untrusted events and persons from happening or doing something. Which means it is obsolete, IMHO.

One day through the primeval wood
A calf walked home as good calves should;

But made a trail all bent askew,
A crooked trail as all calves do.

Since then three hundred years have fled,
And I infer the calf is dead.

There is a reason distros ship with everything turned off, (almost anyway,) assuming that those who need a service are willing to learn to turn it on and secure it too. But the internet is no longer the domain of the tech savvy, and the underlying protocols put everyone at risk.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: