EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.26.13

Former Novell Staff Still Pushing the Linux Foundation Into Restricted Boot Territory, Ignoring the Real Threat (Back Doors)

Posted in GNU/Linux, Kernel, Novell, Security at 3:54 am by Dr. Roy Schestowitz

Greg Kroah-Hartman
Photo by Sebastian Oliva

Summary: Back doors in code, embedded in blobs, and even shoehorned into encryption is the overlooked security threat, which gets pushed aside in favour of phantom threats which Microsoft ‘sells’ through former Novell staff (i.e. funded by Microsoft)

A MONTH or two ago we mostly ignored exaggerated (sexed-up) reports about something called “Hand of Thief”. When there’s a Windows security threat the press does not call out Windows, but when it relates to GNU/Linux then tabloids like ZDNet scream from the rooftops. This thing called “Hand of Thief” is basically a malicious program which GNU/Linux users need to install themselves in order for it to do malicious things. It is not a virus, it does not spread, and it hardly even uses social engineering to get itself installed. We cited some reports which stress these facts and now comes a belated one too [1]. LynuxWorks is now offering some “Linux rootkit detector” [2] as if rootkits on GNU/Linux are a common issue. In a sense, since the Linux Foundation seems to insist on helping UEFI restricted boot, we are led to the belief that bootkits are a common threat to Linux. As the Linux Foundation’s site put it, as in the words of the employee it acquired from Novell:

Now that The Linux Foundation is a member of the UEFI.org group, I’ve been working on the procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.

Greg K-H has been working on all sorts of other kernel-level projects that help Microsoft. He did this while being paid by Novell, which was in turn being given money by Microsoft. That’s the power of money. Other former Novell employees also helped promote UEFI restricted boot, as we showed before. Rogue influence by Novell in the Linux Foundation is a subject we have written about for half a decade, showing numerous examples.

The bigger security issue right now might be back doors, which might also exist in Linux, even in encryption form [3] (giving away passwords over the network for example), so hard-to-crack passwords [4] might not be enough. Microsoft’s and Sony’s network compromises sure reveal the massive financial effects of system intrusions, so this subject should not be taken lightly.

UEFI restricted boot is actually a security threat, not a security solution, especially when a signature is provided and managed by some rogue company in the United States — one which has been secretly in bed with the NSA. With UEFI restricted boot, hardware can be bricked remotely. In a way, UEFI restricted boot deserves the name “unsecure boot”. In some devices it can block the user from accessing his/her own computer. Nobody should promote such treacherous computing.

Related/contextual items from the news:

  1. Hand of Thief, Not

    Linux’s biggest vulnerability is the software that users install with full “superuser” privileges. If you just install applications from your distro’s official repository, that’s not a problem. But if you download software from dubious web sites, or if you add a mysterious repository to your package manager, you’re opening yourself up for an infection. Always, always make sure you know what software you are installing, why you are installing it, and where it’s from.

  2. Linux rootkit detector adds hardware punch to security scanning

    LynuxWorks is stepping up the battle with the release of the first hardware-based rootkit detection system powered by the LynxSecure separation kernel. Called the RDS5201, it combats and detects stealthy advanced persistent threats. Built on the LynxSecure 5.2 separation kernel and hypervisor, this small form factor appliance has been designed to offer a unique detection capability that complements traditional security mechanisms as they try to protect against the growing number and complexity of cyber threats.

  3. RSA warns developers not to use RSA products

    In today’s news of the weird, RSA (a division of EMC) has recommended that developers desist from using the (allegedly) ‘backdoored’ Dual_EC_DRBG random number generator — which happens to be the default in RSA’s BSafe cryptographic toolkit. Youch.

  4. How-to make hard-to-crack passwords you can easily remember
  5. Australian who boasted of hacking to plead not guilty to charges stemming from raid

    Dylan Wheeler, who claimed in February to have breached Microsoft’s and Sony’s networks, has not been charged with hacking

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Injunction Against Battistelli's Investigative Unit (Known Internally as 'Gestapo') Amid Serious Injustices and Bogus 'Trials'

    SUEPO, the EPO's staff union, steps up its spiel in a case against the "European Patent Organization" as defendant and "SUEPO/VEOB" (Trade Union of the European Patent Office) as claimants



  2. [ES] Con la UPC Muerta por el Resto del Termino de Battistelli, No Hay Razón para que la EPO o el Consejo Administrativo Sigan Manteniéndolo Más

    Pensamientos acerca de lo que pasará al líderazgo de la EPO después de ‘Brexit’ (salida Británica de la EU), lo que sevéramente socava el proyecto más grande de Battistelli el que usaba habituálmente para justificar sus increíbles abusos



  3. [ES] El Caradura Benoît Battistelli Debería Renunciar a Luz de la Filtrada Nueva Decisión en Su Vendeta en Contra de un Juez que se Atrevió a Decir la Verdad (Actualizado)

    Benoît Battistelli continúa quebrando las propias reglas de la EPO, no sólo las leyes naciónales, como una nueva decisión ayuda a revelar



  4. [ES] Cada Vez Más Parece Que Battistelli está Escondiéndo ‘Evidencia’ Falsa y/o Ilegalmente Obtenda de la Unidad Investigativa de la EPO

    El porqué creemos que Benoît Battistelli está cada vez mas desesperado de esconder operaciónes ilícitas de reunir ´evidencia´ lo que eventuálment lo puso a él mismo — no al acusado — en una situación catastrófica situacion que lo puede forzar (esperamos) a us renuncia



  5. Links 28/6/2016: Vista 10 Updategate, OpenMandriva 3.0 Beta 2

    Links for the day



  6. Links 27/6/2016: Linux 4.7 RC 5, OpenMandriva Lx 3.0 Beta 2

    Links for the day



  7. From Alleged Organised Crime to Vice-President of the European Patent Office (EPO)

    Željko Topić's situation in Croatia illuminated by means of recent documents from the authorities



  8. Battistelli May Still be on the Way Out as Pressure Grows in Germany, UPC in Shambles

    Pressure on Battistelli is growing even from within circles that are traditionally protective of him and a long letter is sent to Dr. Christoph Ernst, who some believe will replace Battistelli



  9. Caricature: European Patent Office (EPO) Under Battistelli

    The latest caricature about the state of the European Patent Office (EPO)



  10. Techrights (Almost) at 10: From Software Patents to Novell and to Present Focus on EPO

    A short story about how and why we ended up writing so much about the European Patent Office (EPO) and the impact beyond Europe



  11. Patents Roundup: Bad Quality (USPTO), Bad Analysis (India), Bad Microsoft, Bad Actors (Trolls), Bad Scope (Software Patents), and the Ugly

    A mishmash of news about patents, mostly regarding the United States, and what can be deduced at the moment



  12. Links 26/6/2016: IceCat 38.8.0, Wine 1.9.13

    Links for the day



  13. With UPC Dead for Battistelli's Entire Remaining Term, No Reason for the EPO or the Administrative Council to Keep Battistelli Around

    Thoughts about what happens to the EPO's leadership after 'Brexit' (British exit from the EU), which severely undermines Battistelli's biggest project that he habitually used to justify his incredible abuses



  14. Links 24/6/2016: Xen Project 4.7, Cinnamon 3.0.6

    Links for the day



  15. Benoît Battistelli Should Resign in Light of New Leak of Decision in His Vendetta Against Truth-Telling Judge (Updated)

    Benoît Battistelli continues to break the EPO's own rules, not just national laws, as a new decision helps reveal



  16. Fake Patents on Software From Fake Australian 'Inventor' of Bitcoin and the Globally-Contagious Nature of EPO Patent Scope

    News from Australia regarding software patents that should not be granted and how patent lawyers from Australia rely on European patent law (EPO and UK-IPO) for guidance on patent scope



  17. Patent Lawyers Love (and Amplify) Halo and Enfish, Omit or Dismiss Cuozzo and Alice

    By misinterpreting the current situation with respect to software patents and misusing terms like "innovation" patent lawyers and others in the patent microcosm hope to convince the public (or potential clients) that nothing in effect has changed and software patents are all fine and dandy



  18. Looks Increasingly Plausible That Battistelli is Covering up Bogus and/or Illegally-Obtained 'Evidence' From the EPO's Investigative Unit

    Why we believe that Benoît Battistelli is growingly desperate to hide evidence of rogue evidence-collecting operations which eventually landed himself -- not the accused -- in a catastrophic situation that can force his resignation



  19. As Decision on the UK's EU Status Looms, EPO Deep in a Crisis of Patent Quality

    Chaotic situation at the EPO and potential changes in the UK cause a great deal of debate about the UPC, which threatens to put the whole or Europe at the mercy of patent trolls from abroad



  20. Another Demonstration by European Patent Office (EPO) Staff on Same Day as Administrative Council's Meeting

    SUEPO (staff union of the EPO) continues to organise staff actions against extraordinary injustice by Benoît Battistelli and his flunkies whom he gave top positions at the EPO



  21. Links 23/6/2016: Red Hat Results, Randa Stories

    Links for the day



  22. Interview With FOSSForce/All Things Free Tech

    New interview with Robin "Roblimo" Miller on behalf of FOSSForce



  23. Links 22/6/2016: PulseAudio 9.0, GNOME 3.21.3 Released

    Links for the day



  24. IP Europe's UPC Lobbying and the EPO Connection

    The loose but seemingly ever-growing connections between AstroTurfing groups like IP Europe (pretending to represent SMEs) and EPO staff which is lobbying-centric



  25. EPO “Recruitment of Brits is Down by 80%”

    Letter says that “recruitment of Brits is down by 80%” and "the EPO lost 7% of UK staff in one year"



  26. The Conspiracy of Patent Lawyers for UPC and Battistelli's Role in Preparing by Firing People

    The parasitic firms that lobby for the UPC and actually create it -- firms like those that pass money to Battistelli's EPO -- are doing exactly the opposite of what Europe needs



  27. Patent Lawyers, Having Lost Much of the Battle for Software Patents in the US, Resort to Harmful Measures and Spin

    A quick glance at how patent lawyers and their lobbyists/advocates have reacted to the latest decision from the US Supreme Court (Justice Breyer)



  28. Links 21/6/2016: Fedora 24 and Point Linux MATE 3.2 Officially Released

    Links for the day



  29. Supreme Court on Cuozzo v Lee Another Major Loss for Software Patents in the United States

    Much-anticipated decision on the Cuozzo v Lee case (at the highest possible level) serves to defend the appeal boards which are eliminating software patents by the thousands



  30. As Alice Turns Two, Bilski Blog Says 36,000 (Software) Patent Applications Have Been Rejected Thanks to It

    A look back at the legacy of Alice v CLS Bank and how it contributed to the demise of software patents in the United States, the birthplace of software patents


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts