EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.26.13

Former Novell Staff Still Pushing the Linux Foundation Into Restricted Boot Territory, Ignoring the Real Threat (Back Doors)

Posted in GNU/Linux, Kernel, Novell, Security at 3:54 am by Dr. Roy Schestowitz

Greg Kroah-Hartman
Photo by Sebastian Oliva

Summary: Back doors in code, embedded in blobs, and even shoehorned into encryption is the overlooked security threat, which gets pushed aside in favour of phantom threats which Microsoft ‘sells’ through former Novell staff (i.e. funded by Microsoft)

A MONTH or two ago we mostly ignored exaggerated (sexed-up) reports about something called “Hand of Thief”. When there’s a Windows security threat the press does not call out Windows, but when it relates to GNU/Linux then tabloids like ZDNet scream from the rooftops. This thing called “Hand of Thief” is basically a malicious program which GNU/Linux users need to install themselves in order for it to do malicious things. It is not a virus, it does not spread, and it hardly even uses social engineering to get itself installed. We cited some reports which stress these facts and now comes a belated one too [1]. LynuxWorks is now offering some “Linux rootkit detector” [2] as if rootkits on GNU/Linux are a common issue. In a sense, since the Linux Foundation seems to insist on helping UEFI restricted boot, we are led to the belief that bootkits are a common threat to Linux. As the Linux Foundation’s site put it, as in the words of the employee it acquired from Novell:

Now that The Linux Foundation is a member of the UEFI.org group, I’ve been working on the procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.

Greg K-H has been working on all sorts of other kernel-level projects that help Microsoft. He did this while being paid by Novell, which was in turn being given money by Microsoft. That’s the power of money. Other former Novell employees also helped promote UEFI restricted boot, as we showed before. Rogue influence by Novell in the Linux Foundation is a subject we have written about for half a decade, showing numerous examples.

The bigger security issue right now might be back doors, which might also exist in Linux, even in encryption form [3] (giving away passwords over the network for example), so hard-to-crack passwords [4] might not be enough. Microsoft’s and Sony’s network compromises sure reveal the massive financial effects of system intrusions, so this subject should not be taken lightly.

UEFI restricted boot is actually a security threat, not a security solution, especially when a signature is provided and managed by some rogue company in the United States — one which has been secretly in bed with the NSA. With UEFI restricted boot, hardware can be bricked remotely. In a way, UEFI restricted boot deserves the name “unsecure boot”. In some devices it can block the user from accessing his/her own computer. Nobody should promote such treacherous computing.

Related/contextual items from the news:

  1. Hand of Thief, Not

    Linux’s biggest vulnerability is the software that users install with full “superuser” privileges. If you just install applications from your distro’s official repository, that’s not a problem. But if you download software from dubious web sites, or if you add a mysterious repository to your package manager, you’re opening yourself up for an infection. Always, always make sure you know what software you are installing, why you are installing it, and where it’s from.

  2. Linux rootkit detector adds hardware punch to security scanning

    LynuxWorks is stepping up the battle with the release of the first hardware-based rootkit detection system powered by the LynxSecure separation kernel. Called the RDS5201, it combats and detects stealthy advanced persistent threats. Built on the LynxSecure 5.2 separation kernel and hypervisor, this small form factor appliance has been designed to offer a unique detection capability that complements traditional security mechanisms as they try to protect against the growing number and complexity of cyber threats.

  3. RSA warns developers not to use RSA products

    In today’s news of the weird, RSA (a division of EMC) has recommended that developers desist from using the (allegedly) ‘backdoored’ Dual_EC_DRBG random number generator — which happens to be the default in RSA’s BSafe cryptographic toolkit. Youch.

  4. How-to make hard-to-crack passwords you can easily remember
  5. Australian who boasted of hacking to plead not guilty to charges stemming from raid

    Dylan Wheeler, who claimed in February to have breached Microsoft’s and Sony’s networks, has not been charged with hacking

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Corporate Media, Led Astray by Patent Lawyers, Continues to Distort the Reality of Software Patents Post-Alice

    The press of the rich and the powerful continues its attempt to preserve software patents, despite the US Supreme Court's decision to abolish a lot of them on the basis of abstraction



  2. An Estimated 1,000 EPO Employees-Strong Legion Engulfs Danish Consulate to Protest Jesper Kongstad's (of Administrative Council) Protection of Benoît Battistelli

    A large protest waged by staff of the EPO targets one of the key facilitators of Battistelli's terrifying tyranny



  3. Links 28/1/2015: Ubuntu Touch Windowed Mode, NVIDIA Linux Legacy Drivers Updated

    Links for the day



  4. Breaking: EPO Vice-President Željko Topić Loses Defamation Case in Croatia

    The EPO's notorious Vice-President, whose appointment at the EPO is still raising some alarming questions, has just lost his case in Croatia (one of many cases), motivating us to accelerate coverage about the persona known as Željko Topić



  5. Qualys Starts Self-Promotional FUD Campaign, Naming a Bug That Was Already Fixed 2 Years Ago and Distros Have Covered With Patches

    Responding to the media blitz which paints GNU/Linux as insecure despite the fact that bugs were evidently found and fixed



  6. The Openwashing of Microsoft is Now Threatening to Eliminate the Identity of Free Software

    More openwashing of Microsoft, including in the corporate media, shows just to what great an extent and how quickly the old "Microsoft Open Source" Big Lie grows feet



  7. Links 27/1/2015: Plasma 5.2, Dell Precision With GNU/Linux

    Links for the day



  8. Microsoft's Media Attack on Free Software and GNU/Linux

    Brainwash war is still being waged by Microsoft and its friends to convince people that Windows is universally dominant and that Microsoft is now part of the Free software world



  9. Microsoft Accounting Practices After Fire Again, After Previous Abuses and Book-Cooking

    After the infamous IRS brawl comes another confrontation between Microsoft and the SEC, which is unhappy with Microsoft for seemingly cooking the books again



  10. Links 26/1/2015: Debian 8.0 “Jessie” RC1, Linux Kernel 3.19 RC6

    Links for the day



  11. Links 25/1/2015: Android Wear 5.0, Tizen in Bangladesh

    Links for the day



  12. IRC Proceedings: January 11th, 2015 – January 24th, 2015

    Many IRC logs



  13. Links 24/1/2015: Zenwalk Linux Reviewed, Netrunner 14.1 Released

    Links for the day



  14. The Latest 'Microsoft is Open Source' Propaganda a Parade of Lies

    Microsoft myth makers continue their assault on what is objectively true and try to tell the public that Microsoft is a friend of "Open Source"



  15. Apple -- Like Microsoft -- Not Interested in the Security of Its Operating Systems

    Apple neglected to patch known security flaws in Mac OS X for no less than three months and only did something about that vector of intrusion when the public found out about it



  16. As Battistelli Breaks the Rules and Topić Silences Staff, New European Parliament Petition for Tackling the EPO's Abuses is Needed

    The neglected (by EPO) Article 4a of the European Patent Convention (EPC) and the European Parliament petition/complaint against the EPO's crooked management



  17. Links 23/1/2015: Red Hat on IBM Power, Meizu Leaks With Ubuntu

    Links for the day



  18. Links 23/1/2015: Plasma 5.2, Manjaro 0.9-pre1

    Links for the day



  19. Microsoft is Dying Due to Free Software, Tries to Infect GNU/Linux With .NET and to Infect Moodle in Schools With Microsoft Office and OOXML Lock-in

    'Free' drugs (a proprietary software analogy) the new strategy of Microsoft in its latest battle against Free software, especially in schools where choice is a rarity (if not an impossibility), with the premeditated intention of forming dependency/addiction among young people



  20. Microsoft Symptoms of a Dying Company: More Boosters Depart, Back Doors Revealed, Microsoft's Outlook Cracked

    Bad news for Microsoft shortly before the marketing extravaganza served to cover much of it up



  21. The Collapse of European Patent Office Management Culminates With Resignations

    No blood is spilled, but even the management of the EPO is falling apart as the Director of Internal Communication is said to have just resigned



  22. New LCA Talk: Open Invention Network's Deb Nicholson on Software Patents and Patent Trolls

    Deb Nicholson's LCA talk is now publicly accessible



  23. Links 22/1/2015: GNU/Linux Sysadmin Opportunities, TraceFS Introduced

    Links for the day



  24. Links 21/1/2015: Andrew Tridgell, Torvalds Being Baited

    Links for the day



  25. Vesna Stilin Renews Her Fight for Justice in Željko Topić Case (EPO VP)

    Željko Topić's abuses continue to cloud the legitimacy of the European Patent Office, in which he is a Vice-President



  26. Failure of the EPO Can Derail the Trojan Horse of Software Patents and Patent Trolls

    Dazzled by his endless pursuit of infinite money and power, Battistelli pushes for expansion of patent scope (geographically too), but he won't have it without a challenge



  27. Links 20/1/2015: Linux 3.19 RC5, 30 Years of FSF

    Links for the day



  28. Translations of Member of the European Parliament Complaining About European Patent Office (EPO)

    French, German, Dutch, and English translations of the article from Dennis De Jong



  29. Microsoft, the Back Doors Company, is Gradually Dying and Trying to Embrace the Competition

    The world is leaving Microsoft's common carrier (Windows) behind, so Microsoft, which is shrinking, tries to conquer Free software and GNU/Linux



  30. Battistelli's Latest Propaganda War Tries to Convince EPO Staff That Željko Topić's Many Criminal Charges Don't Exist

    Battistelli's right-hand man, Željko Topić, is now facing real danger of prosecution and possibly arrest in his home country, so Battistelli rushes to defend this thug's reputation


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts