EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.26.13

Former Novell Staff Still Pushing the Linux Foundation Into Restricted Boot Territory, Ignoring the Real Threat (Back Doors)

Posted in GNU/Linux, Kernel, Novell, Security at 3:54 am by Dr. Roy Schestowitz

Greg Kroah-Hartman
Photo by Sebastian Oliva

Summary: Back doors in code, embedded in blobs, and even shoehorned into encryption is the overlooked security threat, which gets pushed aside in favour of phantom threats which Microsoft ‘sells’ through former Novell staff (i.e. funded by Microsoft)

A MONTH or two ago we mostly ignored exaggerated (sexed-up) reports about something called “Hand of Thief”. When there’s a Windows security threat the press does not call out Windows, but when it relates to GNU/Linux then tabloids like ZDNet scream from the rooftops. This thing called “Hand of Thief” is basically a malicious program which GNU/Linux users need to install themselves in order for it to do malicious things. It is not a virus, it does not spread, and it hardly even uses social engineering to get itself installed. We cited some reports which stress these facts and now comes a belated one too [1]. LynuxWorks is now offering some “Linux rootkit detector” [2] as if rootkits on GNU/Linux are a common issue. In a sense, since the Linux Foundation seems to insist on helping UEFI restricted boot, we are led to the belief that bootkits are a common threat to Linux. As the Linux Foundation’s site put it, as in the words of the employee it acquired from Novell:

Now that The Linux Foundation is a member of the UEFI.org group, I’ve been working on the procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.

Greg K-H has been working on all sorts of other kernel-level projects that help Microsoft. He did this while being paid by Novell, which was in turn being given money by Microsoft. That’s the power of money. Other former Novell employees also helped promote UEFI restricted boot, as we showed before. Rogue influence by Novell in the Linux Foundation is a subject we have written about for half a decade, showing numerous examples.

The bigger security issue right now might be back doors, which might also exist in Linux, even in encryption form [3] (giving away passwords over the network for example), so hard-to-crack passwords [4] might not be enough. Microsoft’s and Sony’s network compromises sure reveal the massive financial effects of system intrusions, so this subject should not be taken lightly.

UEFI restricted boot is actually a security threat, not a security solution, especially when a signature is provided and managed by some rogue company in the United States — one which has been secretly in bed with the NSA. With UEFI restricted boot, hardware can be bricked remotely. In a way, UEFI restricted boot deserves the name “unsecure boot”. In some devices it can block the user from accessing his/her own computer. Nobody should promote such treacherous computing.

Related/contextual items from the news:

  1. Hand of Thief, Not

    Linux’s biggest vulnerability is the software that users install with full “superuser” privileges. If you just install applications from your distro’s official repository, that’s not a problem. But if you download software from dubious web sites, or if you add a mysterious repository to your package manager, you’re opening yourself up for an infection. Always, always make sure you know what software you are installing, why you are installing it, and where it’s from.

  2. Linux rootkit detector adds hardware punch to security scanning

    LynuxWorks is stepping up the battle with the release of the first hardware-based rootkit detection system powered by the LynxSecure separation kernel. Called the RDS5201, it combats and detects stealthy advanced persistent threats. Built on the LynxSecure 5.2 separation kernel and hypervisor, this small form factor appliance has been designed to offer a unique detection capability that complements traditional security mechanisms as they try to protect against the growing number and complexity of cyber threats.

  3. RSA warns developers not to use RSA products

    In today’s news of the weird, RSA (a division of EMC) has recommended that developers desist from using the (allegedly) ‘backdoored’ Dual_EC_DRBG random number generator — which happens to be the default in RSA’s BSafe cryptographic toolkit. Youch.

  4. How-to make hard-to-crack passwords you can easily remember
  5. Australian who boasted of hacking to plead not guilty to charges stemming from raid

    Dylan Wheeler, who claimed in February to have breached Microsoft’s and Sony’s networks, has not been charged with hacking

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 17/4/2014: Android RDP, New Ubuntu, RHEL 7 Milestone

    Links for the day



  2. Racing to 1984: Mass Surveillance, Cracking, 'Targeted' Assassinations, and Illegal Torture

    Links for the day



  3. More Microsoft Subsidies to Patent Troll Intellectual Ventures

    Microsoft hands money to Bill Gates' close friend who is the world's largest patent troll



  4. Aiding Microsoft Under the Disguise of 'Pro-FOSS'

    Not everything which is FOSS necessary becomes, by virtue of existence, a positive contribution, as we are constantly reminded by projects that help proprietary software and/or restrictions get a strong grip on FOSS



  5. Links 16/4/2014: Red Hat PR, Ubuntu LTS Imminent

    Links for the day



  6. Links 15/4/2014: Lots of PCLinuxOS Releases, Ukraine Updates

    Links for the day



  7. Apple and Microsoft Actively Lobbying Against Patent Reform in the US

    Apple and Microsoft are reportedly intervening/interfering with US law in order to ensure that the law is Free/libre software-hostile



  8. Lawsuit by Microsoft Shareholder Targets Fine for Crimes Rather Than the Crimes Themselves

    A new lawsuit by a Microsoft shareholder shows everything that's wrong with today's model of accountability, where those who are responsible for crimes are accused of not avoiding fines rather than committing the crimes



  9. Public Institutions Must Dump PRISM-Associated Software

    Another reminder that taxpayers-subsidised services should refuse, as a matter of principle, to pay anything for -- let alone deploy -- proprietary software with back doors



  10. GNU/Linux News: The Opportunities Amid XP EOL

    Links for the day



  11. Microsoft Gets Its Money's Worth From Xamarin: PlayStation 4 Now Polluted by Microsoft

    The Trojan horse of Microsoft, Xamarin, is pushing .NET into Microsoft's console competitor



  12. After Brendan Eich Comes Chris Beard

    Having removed Brendan Eich using bullying and blackmail tactics, his foes inside Mozilla achieved too little as we have yet another man (coming from inside Mozilla) acting as CEO



  13. Healthcare News: Free Software in Health, Humanitarian Causes

    Links for the day



  14. Links 14/4/2014: MakuluLinux, Many Games, More Privacy News and Pulitzer Prize for NSA Revelations

    Links for the day



  15. TechBytes Episode 87: Catching up With Surveillance (NSA, GCHQ et al.)

    The first audio episode in a very long time covers some of the latest happenings when it comes to privacy and, contrariwise, mass surveillance



  16. Server News: KVM, ElasticHosts, Other GNU/Linux Items, and Open Network Linux

    Links for the day



  17. Hardware News: Freedom, Modding, Hackability on the Rise

    Links for the day



  18. Distributions News: GNU/Linux Distros

    Links for the day



  19. GNOME News: Financial Issues, Mutter-Wayland, West Coast Summit, Community Participation

    Links for the day



  20. KDE News: Kubuntu at the Centre Again KDE Applications Updated

    Links for the day



  21. Techrights Rising

    Effective immediately, Techrights will do what it takes to bring back old volume and pace of publishing



  22. Links: Surveillance, Intervention, Torture and Drones

    Links for the day



  23. Mobile Linux Not Just Android: Jolla, WebOS, and Firefox OS News

    Links for the day



  24. Google's Linux Revolution: New Gains for Android, Chrome OS (GNU/Linux)

    Links for the day



  25. Free/Libre Databases News: MongoDB, NoSQL, and MySQL Branches/Forks

    Links for the day



  26. Open Access on the Rise: Textbooks, Journals, Etc.

    Links for the day



  27. Finance Watch (Watching What's Not Being Watched): Economic Warfare/Class Injustice

    Links for the day



  28. Climate and Ecology Watch: News About a World Being Destroyed

    Links for the day



  29. Copyright News: DRM, Censorship, Megaupload, Hypocrisy, and Impact on the Internet

    Links for the day



  30. Sharing Works: Latest News Stories About Crowd-sourcing, Sharing, Transparency

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts