EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.26.13

Former Novell Staff Still Pushing the Linux Foundation Into Restricted Boot Territory, Ignoring the Real Threat (Back Doors)

Posted in GNU/Linux, Kernel, Novell, Security at 3:54 am by Dr. Roy Schestowitz

Greg Kroah-Hartman
Photo by Sebastian Oliva

Summary: Back doors in code, embedded in blobs, and even shoehorned into encryption is the overlooked security threat, which gets pushed aside in favour of phantom threats which Microsoft ‘sells’ through former Novell staff (i.e. funded by Microsoft)

A MONTH or two ago we mostly ignored exaggerated (sexed-up) reports about something called “Hand of Thief”. When there’s a Windows security threat the press does not call out Windows, but when it relates to GNU/Linux then tabloids like ZDNet scream from the rooftops. This thing called “Hand of Thief” is basically a malicious program which GNU/Linux users need to install themselves in order for it to do malicious things. It is not a virus, it does not spread, and it hardly even uses social engineering to get itself installed. We cited some reports which stress these facts and now comes a belated one too [1]. LynuxWorks is now offering some “Linux rootkit detector” [2] as if rootkits on GNU/Linux are a common issue. In a sense, since the Linux Foundation seems to insist on helping UEFI restricted boot, we are led to the belief that bootkits are a common threat to Linux. As the Linux Foundation’s site put it, as in the words of the employee it acquired from Novell:

Now that The Linux Foundation is a member of the UEFI.org group, I’ve been working on the procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.

Greg K-H has been working on all sorts of other kernel-level projects that help Microsoft. He did this while being paid by Novell, which was in turn being given money by Microsoft. That’s the power of money. Other former Novell employees also helped promote UEFI restricted boot, as we showed before. Rogue influence by Novell in the Linux Foundation is a subject we have written about for half a decade, showing numerous examples.

The bigger security issue right now might be back doors, which might also exist in Linux, even in encryption form [3] (giving away passwords over the network for example), so hard-to-crack passwords [4] might not be enough. Microsoft’s and Sony’s network compromises sure reveal the massive financial effects of system intrusions, so this subject should not be taken lightly.

UEFI restricted boot is actually a security threat, not a security solution, especially when a signature is provided and managed by some rogue company in the United States — one which has been secretly in bed with the NSA. With UEFI restricted boot, hardware can be bricked remotely. In a way, UEFI restricted boot deserves the name “unsecure boot”. In some devices it can block the user from accessing his/her own computer. Nobody should promote such treacherous computing.

Related/contextual items from the news:

  1. Hand of Thief, Not

    Linux’s biggest vulnerability is the software that users install with full “superuser” privileges. If you just install applications from your distro’s official repository, that’s not a problem. But if you download software from dubious web sites, or if you add a mysterious repository to your package manager, you’re opening yourself up for an infection. Always, always make sure you know what software you are installing, why you are installing it, and where it’s from.

  2. Linux rootkit detector adds hardware punch to security scanning

    LynuxWorks is stepping up the battle with the release of the first hardware-based rootkit detection system powered by the LynxSecure separation kernel. Called the RDS5201, it combats and detects stealthy advanced persistent threats. Built on the LynxSecure 5.2 separation kernel and hypervisor, this small form factor appliance has been designed to offer a unique detection capability that complements traditional security mechanisms as they try to protect against the growing number and complexity of cyber threats.

  3. RSA warns developers not to use RSA products

    In today’s news of the weird, RSA (a division of EMC) has recommended that developers desist from using the (allegedly) ‘backdoored’ Dual_EC_DRBG random number generator — which happens to be the default in RSA’s BSafe cryptographic toolkit. Youch.

  4. How-to make hard-to-crack passwords you can easily remember
  5. Australian who boasted of hacking to plead not guilty to charges stemming from raid

    Dylan Wheeler, who claimed in February to have breached Microsoft’s and Sony’s networks, has not been charged with hacking

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 18/1/2018: MenuLibre 2.1.4, Git 2.16 Released

    Links for the day



  2. Microsoft, Masking/Hiding Itself Behind Patent Trolls, is Still Engaging in Patent Extortion

    A review of Microsoft's ugly tactics, which involve coercion and extortion (for businesses to move to Azure and/or for OEMs to preload Microsoft software) while Microsoft-connected patent trolls help hide the "enforcement" element in this whole racket



  3. Patent Prosecution Highway: Low-Quality Patents for High-Frequency Patent Aggressors

    The EPO's race to the bottom of patent quality, combined with a "need for speed", is a recipe for disaster (except for litigation firms, patent bullies, and patent trolls)



  4. Press Coverage About the EPO Board Revoking Broad's CRISPR Patent

    Even though there's some decent coverage about yesterday's decision (e.g. from The Scientist), the patent microcosm googlebombs the news with stuff that serves to distract from or distort the outcome



  5. Links 17/1/2018: HHVM 3.24, WordPress 4.9.2

    Links for the day



  6. No Patents on Life (CRISPR), Said EPO Boards of Appeal Just a Few Hours Ago

    Broad spectacularly loses its key case, which may soon mean that any other patents on CRISPR too will be considered invalid



  7. Only Two Weeks on the Job, Judge Patrick Corcoran is Already Being Threatened by EPO Management

    The attack on a technical judge who is accused of relaying information many people had already relayed anyway (it was gossip at the whole Organisation for years) carries on as he is again being pushed around, just as many people predicted



  8. EPO Board of Appeal Has an Opportunity to Stop Controversial Patents on Life

    Patent maximalism at the EPO can be pushed aback slightly if the European appeal board decides to curtail CRISPR patents in a matter of days



  9. Links 16/1/2018: More on Barcelona, OSI at 20

    Links for the day



  10. 2018 Will be an Even Worse Year for Software Patents Because the US Supreme Court Shields Alice

    The latest picks (reviewed cases) of the Supreme Court of the United States signal another year with little or no hope for the software patents lobby; PTAB too is expected to endure after a record-breaking year, in which it invalidated a lot of software patents that had been erroneously granted



  11. Patent Trolls (Euphemised as “Public IP Companies”) Are Dying in the United States, But the Trouble Isn't Over

    The demise of various types of patent trolls, including publicly-traded trolls, is good news; but we take stock of the latest developments in order to better assess the remaining threat



  12. EPO Management and Team UPC Carry on Lying About Unified Patent Court, Sinking to New Lows in the Process

    At a loss for words over the loss of the Unitary Patent, Team UPC and Team Battistelli now blatantly lie and even get together with professional liars such as Watchtroll



  13. China Tightens Its Knot of Restrictive Rules and Patents

    Overzealous patent aggressors and patent trolls in China, in addition to an explosion in low-quality patents, may simply discourage companies from doing production/manufacturing there



  14. Microsoft's Patent Racket Has Just Been Broadened to Threaten GNU/Linux Users Who Don't Pay Microsoft 'Rents'

    Microsoft revisits its aggressive patent strategy which it failed to properly implement 12 years ago with Novell; it wants to 'collect' a patent tax on GNU/Linux and it uses patent trolls to make that easier



  15. EPO Scandals Played a Considerable Role in Sinking the Unified Patent Court (UPC)

    Today's press coverage about the UPC reinforces the idea that the EPO saga, culminating in despicable attacks on Patrick Corcoran (a judge), may doom the UPC once and for all (unless one believes Team UPC)



  16. J Nicholas Gross Thinks Professors Stop Being Professors If They're Not Patent Extremists Like Him

    The below-the-belt tactics of patent trolls and their allies show no signs of abatement and their tone reveals growing irritation and frustration (inability to sue and extort companies as easily as they used to)



  17. The US Supreme Court Has Just Denied Another Chance to Deal With a Case Similar to Alice (Potentially Impacting § 101)

    There is no sign that software patents will be rendered worthwhile any time in the near future, but proponents of software patents don't give up



  18. Litigation Roundup: Nintendo, TiVo, Apple, Samsung, Huawei, Philips, UMC

    The latest high-profile legal battles, spanning a growing number of nations and increasingly representing a political shift as well



  19. Roundup of Patent News From Canada, South America and Australia

    A few bits and pieces of news from around the world, serving to highlight patent trends in parts of the world where the patent offices haven't much international clout/impact



  20. Links 15/1/2018: Linux 4.15 RC8, Wine 3.0 RC6

    Links for the day



  21. PTAB is Being Demeaned, But Only by the Very Entities One Ought to Expect (Because They Hate Patent Justice/Quality)

    The latest rants/scorn against PTAB -- leaning on cases such as Wi-Fi One v Broadcom or entities like Saint Regis Mohawk Tribe, Apple etc. -- are all coming from firms and people who profit from low-quality patents



  22. If Ericsson and Its Patent Trolls (Like Avanci and Unwired Planet) Cannot Make It, the Patent Microcosm Will Perish

    The demise of patent-asserting/patent assertion business models (trolling or enforcement by proxy) may see front groups/media supportive of it diminishing as well; this appears to be happening already



  23. European Patent Office Causes Physical Harm to Employees, Then Fires Them

    Another one (among many) EPO documents about the alarming physical wellbeing of EPO employees and the management’s attitude towards the issue



  24. Battistelli Was Always (Right From the Start and Since Candidacy) All About Money

    “I have always admired creative people, inventors, those who, through their passion and their work, bring about scientific progress or artistic evolution. I was not blessed with such talent myself,” explained the EPO‘s President when pursuing his current job (for which he was barely qualified and probably not eligible because of his political work)



  25. “Under the Intergovernmental EPC System It is Difficult to Speak of a Functional Separation of Powers”

    An illustration of the glaring deficiency that now prevails and cannot be tolerated as long as the goal is to ensure democratic functionality; absence of the role of Separation of Powers (or Rule of Law) at the EPO is evident now that Battistelli not only controls the Council (using EPO budget) but also blatantly attacks the independence of the Boards of Appeal



  26. The Patent Microcosm Thinks It's Wonderful That IP3 is Selling Stupid Patents, Ignores Far More Important News

    IP3, which we've always considered to be nothing but a parasite, does what it does best and those who love stupid patents consider it to be some sort of victory



  27. Automotives, Artificial Intelligence, Internet of Things and Industry 4.0 Among the Buzz Terms Used to Bypass Alice and the EPC Nowadays

    In order to make prior art search a lot harder and in order to make software patents look legitimate (even in various courtrooms) the patent microcosm and greedy patent offices embrace buzzwords



  28. Blockchain Becomes the Target Not Only of Financial Institutions With Software Patents But Also Trolls

    Blockchain software, which is growing in importance and has become ubiquitous in various domains other than finance, is perceived as an opportunity for disruption and also patent litigation; CNBC continues to publish puff pieces for Erich Spangenberg (amid stockpiling of such patents)



  29. EPC Foresaw the Administrative Council Overseeing the Patent Office, Jesper Kongstad Made It “Working Together”

    An old open letter from the EPO shows the famous moment when Jesper Kongstad and Battistelli came up with a plan to empower both, rendering the Administrative Council almost subservient to the Office (complete inversion of the desired topology)



  30. 2010: Blaming the Messenger (SUEPO) for Staff Unhappiness at the European Patent Office (EPO)

    Tactics of SUEPO (EPO union) blaming go further back than Battistelli and can be found in the previous administration as well


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts