EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.24.14

The Increasing Danger of Back Doors in Standards and Binary Blobs

Posted in Apple, GNU/Linux, Microsoft, Security at 9:06 am by Dr. Roy Schestowitz

Summary: The risk of back doors in GNU/Linux comes not from source code but from blobs, back room deals, the build process, and bogus standards with weaknesses cleverly shoehorned into them

IT HAS BEEN a while since we last wrote about Mr. Srinivasan from Microsoft-Novell. Suffice to say, Novell did a lot for Microsoft and some former staff of Novell continues to work for Microsoft (either directly or indirectly). One gift from Novell to Microsoft was OOXML inside FOSS/OOo. Another was Mono and let’s not forget intrusion into Linux itself. Robert Pogson goes as far as saying that Microsoft “Hacked Linux!”

“My configuration,” Pogson argues, “has CONFIG_HYPERV not set. The code in question is Copyright 2010, Novell (mshyperv.c), and Copyright 2009, M$ (vmbus_drv.c). K. Y. Srinivasan is listed as one of the authours on both. I’m not about to run that other OS on Beast, but thank you, Thomas Gleixner, for fixing things.” (see this link)

Performance issues overlook the much bigger problem — a problem which we addressed several times before. We already know that the NSA is pursuing back doors in Linux [1, 2, 3, 4] and as we pointed out before, the NSA might already have some.

incidentally, as we have shown before, Yahoo was fighting against NSA surveillance in court. When Microsoft took over Yahoo it became apparent that Yahoo stopped fighting and soon became part of PRISM. While some new reports suggest that Yahoo might be ready to escape Microsoft “Yahoo is still in NSA’s pocket though even if they break free of Microsoft,” explains iophk.

Likewise, even if Linux does not engage with Microsoft, the code from Microsoft remains stuck inside Linux and even if there are no back doors in the code itself, this connects to a system, Hyper-V, which is developed by a back doors specialist (Microsoft). There are binary-level back doors from which to access GNU/Linux systems because if the host machine runs Windows, then we already know that the NSA has access. A nearby company that I once visited, UKFast (the UK’s largest ‘cloud’ provider), runs GNU/Linux servers under HyperV, based on what they told me. How insane is that?! GCHO must love it!

Adding to some concerns about back doors, NSA ally and PRISM partner Apple turns out to have hidden a back door. As Think Progress puts it, “Apple quietly released a major update Friday to fix a security glitch in its iOS 7 systems. But independent security experts say the seemingly routine update covers up what arguably could be Apple’s biggest security lapse, exposing iPhone, iPad and iPod Touch users to hackers.”

Whether it’s a back door or just direct access does not matter, but it enables Apple to dance around important questions. It works across several Apple platforms, even desktop platforms [1].

As iophk put it, in relation to this other new article [2] “Potential problems with an official back door in HTTP 2.0, though only in a proposed draft so far. But because of the ways certificates are currently (mis-)managed, this kind of interception of HTTPS is already easy.”

“See one example with four steps,” he added, pointing to [3] from the OpenBSD mailing lists.

It’s not as though GNU/Linux is immune to back doors (Debian has some new security advisories [4,5]), but at least with access to source code the back doors remain very shallow and too risky/difficult for malicious/covert entities to hide. It’s when proprietary software gets added that we lose the ability to ascertain security and privacy.

Related/contextual items from the news:

  1. Apple SSL Vulnerability Affects OSX Too
  2. No, I Don’t Trust You! — One of the Most Alarming Internet Proposals I’ve Ever Seen

    If you care about Internet security, especially what we call “end-to-end” security free from easy snooping by ISPs, carriers, or other intermediaries, heads up! You’ll want to pay attention to this.

    You’d think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven’t authorized, that a plan to formalize a mechanism for ISP and other “man-in-the-middle” snooping would be laughed off the Net.

    But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft “Explicit Trusted Proxy in HTTP/2.0″ (14 Feb 2014) haven’t gotten the message.

    What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping.

  3. relayd SSL interception

    This mail includes a quite detailed explanation of the attached diff that adds support for SSL Interception (“SSL-MITM”) to relayd. If you don’t want to read the story, just skip to the configuration example and diff below.

  4. Debian: 2862-1: chromium-browser: Multiple vulnerabilities
  5. Debian: 2861-1: file: denial of service
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Microsoft-Funded Attacks on Android Security and Patent/Copyright

    A look back at examples of people who smear Android and are receiving (or received) money from Microsoft



  2. Blowback in Chile and Munich After Microsoft Intervention

    Microsoft's attacks on the digital sovereignty of countries involves lobbying, corruption, an attack on standards (e.g. ODF), an attack on FOSS policies, and even an attack on accurate reporting (truth itself)



  3. The End of Microsoft is Nigh

    A look back at a tough year for Microsoft and a not-so-promising future



  4. Links 22/8/2014: Linux Foundation LFCS, LFCE

    Links for the day



  5. UPS Burned by Microsoft Windows, Gives Away Massive Number of Credit Card Details

    UPS is the latest victim of Microsoft's shoddy back door with software on top of it (Windows); attempts to blame FOSS for data compromise actually divert attention from the real culprit, which is proprietary software



  6. Microsoft's Funding of ALEC and Other Systemic Corruption

    Microsoft role in writing of laws by proxy, via groups such as ALEC



  7. Microsoft is Still Preying on British Taxpayers, Playing Politics

    Some news from the UK showing how Microsoft uses politics to extract money out of taxpayers, irrespective of their preferences



  8. Microsoft's Patent Troll Intellectual Ventures is Collapsing as 20% of Staff Laid Off

    More good news regarding the demise of patents as Microsoft's leading patent proxy is collapsing more rapidly than anyone ever imagined and software patents too are collectively doubted



  9. Links 21/8/2014: Conferences of Linux Foundation, Elephone Emerges

    Links for the day



  10. Links 20/8/2014: Linux Event, GNOME Milestone

    Links for the day



  11. Corruption Watch: Microsoft Lobbying Designed to Kill Chile's Free Software Policy and Promote Microsoft With Subsidies, More Dirty Tricks Emerge in Munich

    icrosoft is systematically attacking migrations to GNU, Linux and Free software, using dirty tricks, as always



  12. Vista 8 Such a Disaster That Even Microsoft Cannot Cope With It, Vapourware Tactics Start Early

    Microsoft's Windows-powered services are failing and Windows gets bricked by Microsoft patches, whereupon we are seeing yet more of Microsoft's vapourware tactics (focusing in imaginary, non-existent versions of Windows)



  13. On BlackBerry and Other Patent Trolls

    A roundup regarding patent trolls, starting with the bigger and latest joiner, BlackBerry's new patents apparatus



  14. Links 19/8/2014: Humble Jumbo Bundle 2 Betrayal, Mercedes-Benz Runs GNU/Linux

    Links for the day



  15. BlackBerry -- Like Microsoft Nokia -- Could be the Next Patent Proxy Troll

    BlackBerry is restructuring for patent assertion (i.e. trolling) in the wake of some alliances with Microsoft



  16. After Microsoft's Soft Bribe Some Non-Technical Deputy Does Not Like Free Software, Microsoft-Linked Media Responds to This Non-News by Making Bogus Claims of Munich Leaving GNU/Linux (Updated)

    The subversive forces that have secretly been attacking Munich over its migration to GNU/Linux (Microsoft press, Gartner, and even HP) are back to doing it while China and Russia follow Munich's lead



  17. Gates Foundation CFO Quits and Debate About Revolving Doors Recalled Amid Systematic and Shrewd Bribery of Public Officials

    More officials step out of the Gates Foundation and their destination is not known yet; Gates continues to corrupt the public sector with his money so as to increase personal gain at taxpayers' expense



  18. Links 19/8/2014: GNU/Linux Raves and Alternative to Proprietary Voice Chat

    Links for the day



  19. Links 18/8/2014: Linux 3.17 RC1, Escalation in Ferguson

    Links for the day



  20. Gartner Group Advocates Using Defective Software With Back Doors

    Despite strong evidence that Microsoft has been complicit in illegal surveillance, Gartner continues to recommend the use of Windows and other espionage-ready Microsoft software



  21. The Microsoft Patent Trolls: Android Extortion, Vringo Versus Google, and Intellectual Ventures

    Roundup of news about patent aggression by Microsoft and some of its proxies



  22. Links 16/8/2014: Microsoft Linux, US Government Turns to Free Software

    Links for the day



  23. Links 15/8/2014: Reiser4 in Headlines Again, GNOME and KDE Events Finish

    Links for the day



  24. Links 14/8/2014: Kernel Summit Coming, KMix on KDE Frameworks 5

    Links for the day



  25. Shameless Microsoft Spin is Blaming China for Microsoft's Misconduct and Back Doors While Justifying Massive Losses in Hardware (Made in China)

    A new look at how Microsoft-friendly media takes negative Microsoft news and turns that news into some kind of scandals where Microsoft is the victim



  26. Microsoft Spin in the Media Evokes 'New Microsoft' and New Back Doors

    Some new examples of Microsoft boosters rewriting history, characterising Microsoft as a FOSS champion, and generally weak/shallow reporting on Microsoft's audio/video surveillance software



  27. Links 13/8/2014: GNU/Linux as Winner, New Snowden Interview

    Links for the day



  28. Reader's Article: Skype Spying Reaches New Levels of Blatant

    Forced 'upgrades' of Skype give useds [sic.] of Skype more than they asked for



  29. The Problem is Software Patents (and Scope), Not Patent Trolls Who Abuse Them Just Like Large Corporations

    Reminder of the dangers of losing sight of the real patent problem, which is the patents themselves, not necessarily those who use them



  30. Fraud in the USPTO and CAFC Helped Apple Launch Frivolous Patent Lawsuits Against Linux/Android, Based on New Withdrawals

    Inherent corruption in the US system has aided Apple's assault on east Asian electronics giants that use Linux at the core of their products


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts