EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.24.14

The Increasing Danger of Back Doors in Standards and Binary Blobs

Posted in Apple, GNU/Linux, Microsoft, Security at 9:06 am by Dr. Roy Schestowitz

Summary: The risk of back doors in GNU/Linux comes not from source code but from blobs, back room deals, the build process, and bogus standards with weaknesses cleverly shoehorned into them

IT HAS BEEN a while since we last wrote about Mr. Srinivasan from Microsoft-Novell. Suffice to say, Novell did a lot for Microsoft and some former staff of Novell continues to work for Microsoft (either directly or indirectly). One gift from Novell to Microsoft was OOXML inside FOSS/OOo. Another was Mono and let’s not forget intrusion into Linux itself. Robert Pogson goes as far as saying that Microsoft “Hacked Linux!”

“My configuration,” Pogson argues, “has CONFIG_HYPERV not set. The code in question is Copyright 2010, Novell (mshyperv.c), and Copyright 2009, M$ (vmbus_drv.c). K. Y. Srinivasan is listed as one of the authours on both. I’m not about to run that other OS on Beast, but thank you, Thomas Gleixner, for fixing things.” (see this link)

Performance issues overlook the much bigger problem — a problem which we addressed several times before. We already know that the NSA is pursuing back doors in Linux [1, 2, 3, 4] and as we pointed out before, the NSA might already have some.

incidentally, as we have shown before, Yahoo was fighting against NSA surveillance in court. When Microsoft took over Yahoo it became apparent that Yahoo stopped fighting and soon became part of PRISM. While some new reports suggest that Yahoo might be ready to escape Microsoft “Yahoo is still in NSA’s pocket though even if they break free of Microsoft,” explains iophk.

Likewise, even if Linux does not engage with Microsoft, the code from Microsoft remains stuck inside Linux and even if there are no back doors in the code itself, this connects to a system, Hyper-V, which is developed by a back doors specialist (Microsoft). There are binary-level back doors from which to access GNU/Linux systems because if the host machine runs Windows, then we already know that the NSA has access. A nearby company that I once visited, UKFast (the UK’s largest ‘cloud’ provider), runs GNU/Linux servers under HyperV, based on what they told me. How insane is that?! GCHO must love it!

Adding to some concerns about back doors, NSA ally and PRISM partner Apple turns out to have hidden a back door. As Think Progress puts it, “Apple quietly released a major update Friday to fix a security glitch in its iOS 7 systems. But independent security experts say the seemingly routine update covers up what arguably could be Apple’s biggest security lapse, exposing iPhone, iPad and iPod Touch users to hackers.”

Whether it’s a back door or just direct access does not matter, but it enables Apple to dance around important questions. It works across several Apple platforms, even desktop platforms [1].

As iophk put it, in relation to this other new article [2] “Potential problems with an official back door in HTTP 2.0, though only in a proposed draft so far. But because of the ways certificates are currently (mis-)managed, this kind of interception of HTTPS is already easy.”

“See one example with four steps,” he added, pointing to [3] from the OpenBSD mailing lists.

It’s not as though GNU/Linux is immune to back doors (Debian has some new security advisories [4,5]), but at least with access to source code the back doors remain very shallow and too risky/difficult for malicious/covert entities to hide. It’s when proprietary software gets added that we lose the ability to ascertain security and privacy.

Related/contextual items from the news:

  1. Apple SSL Vulnerability Affects OSX Too
  2. No, I Don’t Trust You! — One of the Most Alarming Internet Proposals I’ve Ever Seen

    If you care about Internet security, especially what we call “end-to-end” security free from easy snooping by ISPs, carriers, or other intermediaries, heads up! You’ll want to pay attention to this.

    You’d think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven’t authorized, that a plan to formalize a mechanism for ISP and other “man-in-the-middle” snooping would be laughed off the Net.

    But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft “Explicit Trusted Proxy in HTTP/2.0″ (14 Feb 2014) haven’t gotten the message.

    What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping.

  3. relayd SSL interception

    This mail includes a quite detailed explanation of the attached diff that adds support for SSL Interception (“SSL-MITM”) to relayd. If you don’t want to read the story, just skip to the configuration example and diff below.

  4. Debian: 2862-1: chromium-browser: Multiple vulnerabilities
  5. Debian: 2861-1: file: denial of service
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. It Certainly Looks Like Microsoft is Already Siccing Its Patent Trolls, Including Intellectual Ventures, on Companies That Use Linux (Until They Pay 'Protection' Money)

    News about Intellectual Ventures and Finjan Holdings (Microsoft-funded patent trolls) reinforces our allegations -- not mere suspicions anymore -- that Microsoft would 'punish' companies that are not paying subscription fees (hosting) or royalties (patent tax) to Microsoft and are thus in some sense 'indebted' to Microsoft



  2. Links 24/3/2017: Microsoft Aggression, Eudyptula Challenge Status Report

    Links for the day



  3. Bernhard Rapkay, Former MEP and Rapporteur on Unitary Patent, Shoots Down UPC Hopes While UPC Hopefuls Recognise That Spain Isn't Interested Either

    Germany, the UK and Spain remain massive barriers to the UPC -- all this in spite of misleading reports and fake news which attempted to make politicians believe otherwise (for political leverage, by means of dirty lobbying contingent upon misinformation)



  4. Links 23/3/2017: Qt 5.9 Beta, Gluster Storage 3.2

    Links for the day



  5. The Administrative Council of the European Patent Organisation Has Just Buried an Innocent Judge That Battistelli Does Not Like

    An innocent judge (never proven guilty of anything, only publicly defamed with help from Team Battistelli and dubious 'intelligence' gathering) is one of the forgotten casualties of the latest meeting of the Administrative Council (AC), which has become growingly complicit rather than a mere bystander at a 'crime' scene



  6. Nepotism at the European Patent Office and Suspicious Absence of Tenders for Big Projects

    Carte blanche is a French term which now perfectly describes the symptoms encountered in the European Patent Office, more so once led by a lot of French people (Battistelli and his friends)



  7. “Terror” Patent Office Bemoans Terror, Spreads Lies

    Response to some of the latest utterances from the European Patent Office, where patently untruthful claims have rapidly become the norm



  8. China Seems to be Using Patents to Push Foreign Companies Out of China, in the Same Way It Infamously Uses Censorship

    Chinese patent policies are harming competition from abroad, e.g. Japan and the US, and US patent policy is being shaped by its higher courts, albeit not yet effectively combating the element that's destroying productive companies (besieged by patent trolls)



  9. 22,000 Blog Posts

    A special number is reached again, marking another milestone for the site



  10. The EPO is Lying to Its Own Staff About ILO and Endless (Over 2 Years) EPO Mistrials

    The creative writing skills of some spinners who work for Battistelli would have staff believe that all is fine and dandy at the EPO and ILO is dealing effectively with staff complaints about the EPO (even if several years too late)



  11. EPO’s Georg Weber Continues Horrifying Trend of EPO Promoting Software Patents in Defiance of Directive, EPC, and Common Sense

    The EPO's promotion of software patents, even out in the open, is an insult to the notion that the EPO is adhering to or is bound by the rules upon which it maintains its conditional monopoly



  12. Protectionism v Sharing: How the US Supreme Court Decides Patent Cases

    As the US Supreme Court (SCOTUS) starts delivering some decisions we take stock of what's to come regarding patents



  13. Links 22/3/2017: GNOME 3.24, Wine-Staging 2.4 Released

    Links for the day



  14. The Battistelli Regime, With Its Endless Scandals, Threatens to Crash the Unitary Patent (UPC), Stakeholders Concerned

    The disdain and the growing impatience have become a huge liability not just to Battistelli but to the European Patent Office (EPO) as a whole



  15. The Photos the EPO Absolutely Doesn't Want the Public to See: Battistelli is Building a Palace Using Stakeholders' Money

    The Office is scrambling to hide evidence of its out-of-control spendings, which will leave the EPO out of money when the backlog is eliminated by many erroneous grants (or rejections)



  16. In the US Patent System, Evolved Tricks for Bypassing Invalidations of Software Patents and Getting Them Granted by the USPTO

    A roundup of news about patents in the US and how the patent microcosm attempts to patent software in spite of Alice (high-impact SCOTUS decision from 2014)



  17. “Then They Came For Me—And There Was No One Left To Speak For Me.”

    The decreasing number of people who cover EPO scandals (partly due to fear, or Battistelli's notorious "reign of terror") and a cause for hope, as well as a call for help



  18. As Expected, the Patent Microcosm is Already Interfering, Lobbying and Influencing Supreme Court Justices

    The US Supreme Court (SCOTUS) is preparing to deliver some important decisions on cases with broad ramifications, e.g. for patent scope, and those who make money from patent feuds are attempting to alter the outcome (which would likely restrict patent scope even further, based on these Justices' track record)



  19. Intellectual Ventures -- Like Microsoft (Which It Came From) -- Spreads Patents to Manifest a Lot of Lawsuits

    That worrisome strategy which is passage of patents to active (legally-aggressive) trolls seems to be a commonality, seen across both Microsoft and its biggest ally among trolls, which Microsoft and Bill Gates helped create and still fund



  20. What the Patent Microcosm is Saying About the EPO and the UPC

    Response to 3 law firms and today's output from them, which serves to inform or misinform the European public at times of Big Lies and fog of (patent) war, revealing the true nature of 21st century asymmetric patent warfare and lobbying



  21. Tough Day for the EPO's Media/Press/PR Team, Trying 'Damage Control' After Important Techrights Publications

    In an effort to save face and regain a sense of legitimacy the EPO publishes various things belatedly, and only after Techrights made these things publicly known and widely discussed



  22. Links 21/3/2017: PyPy Releases, Radeon RX Vega, Eileen Evans at Linux Foundation

    Links for the day



  23. In IAM, Asian Courts That Deliver Justice Are “Unfriendly” and Asian Patent Trolls Are Desirable

    Rebuttal or response to the latest pieces from IAM, which keeps promoting a culture of litigation rather than sharing, collaboration, negotiation, and open innovation



  24. At EPO “I Have the Feeling That Lowering Quality is Part of a Concerted Plan.”

    Growing concern about patent quality at the EPO -- a subject which causes managers to get rather nervous -- is now an issue at the forefront



  25. EPO Reduces the World to Just Seven Nations to Bolster an Illusion of Growing 'Demand' for European Patents

    The unscientific -- if not antiscientific -- attitude of the European Patent Office (EPO) continues to show with the arrival of yet more misleading 'infographics' (disinfographics would be a more suitable term)



  26. Letter to Angela Merkel Expresses Concerns About Impact of EPO Scandals on Germany and Its Image

    Dr. Angela Merkel, arguably the most powerful woman in the world, is being warned about the consequences of Germany ignoring (and hence facilitating) the abuses of Benoît Battistelli



  27. EPO Caricature: Low Patent Quality Not an Achievement

    A new cartoon about the legacy of Battistelli, which ruins both inventors and staff (examination) while handing money to abusers



  28. Are Lithuania and Latvia the Latest Additions to the List of Benoît Battistelli's Vassal States?

    Benoît Battistelli's 'back room' deals came at an interesting, strategic time and the Office uncharacteristically kept quiet about these



  29. Links 20/3/2017: Linux 4.11 RC3, OpenSSH 7.5 Released

    Links for the day



  30. Supposedly 'Pampered' Prisoners Are Still Prisoners of the EPO

    Response to those gross and familiar attempts to portray patent examiners, not politicians who trample all over them, as the cause of all the problems at the EPO


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts