EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

02.24.14

The Increasing Danger of Back Doors in Standards and Binary Blobs

Posted in Apple, GNU/Linux, Microsoft, Security at 9:06 am by Dr. Roy Schestowitz

Summary: The risk of back doors in GNU/Linux comes not from source code but from blobs, back room deals, the build process, and bogus standards with weaknesses cleverly shoehorned into them

IT HAS BEEN a while since we last wrote about Mr. Srinivasan from Microsoft-Novell. Suffice to say, Novell did a lot for Microsoft and some former staff of Novell continues to work for Microsoft (either directly or indirectly). One gift from Novell to Microsoft was OOXML inside FOSS/OOo. Another was Mono and let’s not forget intrusion into Linux itself. Robert Pogson goes as far as saying that Microsoft “Hacked Linux!”

“My configuration,” Pogson argues, “has CONFIG_HYPERV not set. The code in question is Copyright 2010, Novell (mshyperv.c), and Copyright 2009, M$ (vmbus_drv.c). K. Y. Srinivasan is listed as one of the authours on both. I’m not about to run that other OS on Beast, but thank you, Thomas Gleixner, for fixing things.” (see this link)

Performance issues overlook the much bigger problem — a problem which we addressed several times before. We already know that the NSA is pursuing back doors in Linux [1, 2, 3, 4] and as we pointed out before, the NSA might already have some.

incidentally, as we have shown before, Yahoo was fighting against NSA surveillance in court. When Microsoft took over Yahoo it became apparent that Yahoo stopped fighting and soon became part of PRISM. While some new reports suggest that Yahoo might be ready to escape Microsoft “Yahoo is still in NSA’s pocket though even if they break free of Microsoft,” explains iophk.

Likewise, even if Linux does not engage with Microsoft, the code from Microsoft remains stuck inside Linux and even if there are no back doors in the code itself, this connects to a system, Hyper-V, which is developed by a back doors specialist (Microsoft). There are binary-level back doors from which to access GNU/Linux systems because if the host machine runs Windows, then we already know that the NSA has access. A nearby company that I once visited, UKFast (the UK’s largest ‘cloud’ provider), runs GNU/Linux servers under HyperV, based on what they told me. How insane is that?! GCHO must love it!

Adding to some concerns about back doors, NSA ally and PRISM partner Apple turns out to have hidden a back door. As Think Progress puts it, “Apple quietly released a major update Friday to fix a security glitch in its iOS 7 systems. But independent security experts say the seemingly routine update covers up what arguably could be Apple’s biggest security lapse, exposing iPhone, iPad and iPod Touch users to hackers.”

Whether it’s a back door or just direct access does not matter, but it enables Apple to dance around important questions. It works across several Apple platforms, even desktop platforms [1].

As iophk put it, in relation to this other new article [2] “Potential problems with an official back door in HTTP 2.0, though only in a proposed draft so far. But because of the ways certificates are currently (mis-)managed, this kind of interception of HTTPS is already easy.”

“See one example with four steps,” he added, pointing to [3] from the OpenBSD mailing lists.

It’s not as though GNU/Linux is immune to back doors (Debian has some new security advisories [4,5]), but at least with access to source code the back doors remain very shallow and too risky/difficult for malicious/covert entities to hide. It’s when proprietary software gets added that we lose the ability to ascertain security and privacy.

Related/contextual items from the news:

  1. Apple SSL Vulnerability Affects OSX Too
  2. No, I Don’t Trust You! — One of the Most Alarming Internet Proposals I’ve Ever Seen

    If you care about Internet security, especially what we call “end-to-end” security free from easy snooping by ISPs, carriers, or other intermediaries, heads up! You’ll want to pay attention to this.

    You’d think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven’t authorized, that a plan to formalize a mechanism for ISP and other “man-in-the-middle” snooping would be laughed off the Net.

    But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft “Explicit Trusted Proxy in HTTP/2.0″ (14 Feb 2014) haven’t gotten the message.

    What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping.

  3. relayd SSL interception

    This mail includes a quite detailed explanation of the attached diff that adds support for SSL Interception (“SSL-MITM”) to relayd. If you don’t want to read the story, just skip to the configuration example and diff below.

  4. Debian: 2862-1: chromium-browser: Multiple vulnerabilities
  5. Debian: 2861-1: file: denial of service
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Staff Union of the EPO (SUEPO) Willing to Work With Campinos But Foresees Difficulties

    New message from SUEPO regarding Battistelli's successor of choice (Campinos)



  2. Links 18/10/2017: GTK+ 3.92, Microsoft Bug Doors Leaked

    Links for the day



  3. The Darker Past of the Next President of the EPO - Part I: Introduction

    Some new details about Mr. Campinos, who is Battistelli’s successor at the EPO



  4. Confessions of EPO Insiders Reveal That European Patents (EPs) Have Lost Their Legitimacy/Value Due to Battistelli's Policies

    A much-discussed topic at the EPO is now the ever-declining quality of granted patents, which make or break patent offices because quality justifies high costs (searches, applications, renewals and so on)



  5. Patent Firms From the United States Try Hard to Push the Unitary Patent (UPC), Which Would Foment Litigation Wars in Europe

    The UPC push seems to be coming from firms which not only fail to represent public interests but are not even European



  6. In the Age of Alice and PTAB There is No Reason to Pursue Software Patents in the United States (Not Anymore)

    The appeal board in the US (PTAB) combined with a key decision of the Supreme Court may mean that even at a very low cost software patents can be invalidated upon demand (petition) and, failing that, the courts will invalidate these



  7. IAM is Wrong, the Narrative Isn't Changing, Except in the Battistelli-Funded (at EPO's Expense) Financial Times

    The desperate attempts to change the narrative in the press culminate in nothing more than yet another misleading article from Rana Foroohar and some rants from Watchtroll



  8. The Federal Circuit Continues Squashing Software Patents

    Under the leadership of Sharon Prost the Court of Appeals for the Federal Circuit (CAFC) continues its war on software patents, making it very hard to remember the last time it tolerated any



  9. SUEPO Representatives Like Elizabeth Hardon Vindicated as Battistelli's Detrimental Effect on Patent Quality is Widely Confirmed

    Feedback regarding the awful refusal to acknowledge patent quality crisis at the EPO as well as the appointment of a President so close to Battistelli (who most likely assures continuation of his policies)



  10. Links 17/10/2017: KDE Frameworks 5.39.0, Safe Browsing in Epiphany

    Links for the day



  11. Judge Bryson Rules Against Allergan After It Used Native American Tribes to Dodge Scrutiny of Patents (IPRs); Senator Hatch Does Not Understand IPRs

    Having attempted to dodge inter partes reviews (IPRs) by latching onto sovereign immunity, Allergan loses a key case and Senator Hatch is meanwhile attempting to water down IPRs albeit at the same time bemoaning patent trolls (which IPRs help neutralise)



  12. Rumours That António Campinos Initially Had No Competition at All (for Battistelli's Succession) Are Confirmed

    Succession at the EPO (mostly French) shows that there's little room for optimism and Battistelli's people are too deeply entrenched in the upper echelons of the EPO



  13. EPO Stakeholders Complain That the New Chairman Does Not Grasp the Issues at the EPO (or Denies These)

    Some information from inside the EPO’s Administrative Council, whose Chairman is denying (at least to himself) some of the core issues that render the EPO less competitive in the international market



  14. Another Misleading Article Regarding Patents From Rana Foroohar at the Financial Times

    In an effort to promote the agenda of patent maximalists, many of whom are connected to the Financial Times, another deceiving report comes out



  15. Monika Ermert's Reports About the Crisis at the EPO and IP Kat's Uncharacteristically Shallow Coverage

    News from inside the Council shows conflict regarding the quality of European Patents (granted by the EPO under pressure from top-level management)



  16. Patent Troll VirnetX a Reminder to Apple That Software Patents Are a Threat to Apple Too

    VirnetX, a notorious patent troll, is poised to receive a huge sum of money from Apple and Qualcomm is trying to ban Apple products, serving to remind Apple of the detrimental impact of patents on Apple itself



  17. Links 16/10/2017: Linux 4.14 RC5, Debian 9.2.1, End of LibreOffice Conference 2017

    Links for the day



  18. The Systematic Erosion of Workers' Rights and Holidays at the EPO Goes Years Back

    The legitimacy of the staff's concerns at the EPO, having seen basic labour safeguards being shredded to pieces by Battistelli for a number of years (predating even the escalation of the conflict)



  19. Articles in English and German Speak About the Decline in Quality of European Patents (Granted by the EPO)

    Heise and The Register, two sites that have closely watched EPO affairs for a number of years, speak about the real problem which is declining patent quality (or rushed examination) -- a recipe for frivolous litigation in Europe



  20. Software Patents and Patent Trolls Not a Solved Issue, But the US is Getting There

    A media survey regarding software patents, which are being rejected in the US in spite of all the spin from law firms and bullies such as IBM



  21. US Patent Trolls Are Leaving and the Eastern District of Texas Sees Patent Cases Falling by More Than Half

    The decline of patent aggression in the US and the patent microcosm's response to Justices, having ruled in TC Heartland, curtailing patent trolls



  22. Qualcomm's Nightmares Are Getting Worse as Antitrust Questions Are Raised and Assessed

    Qualcomm is getting itself deeper in trouble as fines pile up and its multi-billion dollar dispute with Apple isn't getting it anywhere



  23. Forget About Apple; Two of the Leading Phone Makers (Samsung and Huawei) Are Bickering Over Patents

    Massive Android OEMs, Huawei and Samsung, are in a big patent dispute and this time, for a change, China is a legal battleground



  24. Tim Heberden From the Glasshouse Advisory is Throwing Stones in a Glasshouse to Create Patent Litigation

    IAM's latest lobbying, aided by the patent microcosm, for a climate of feuds and disputes (to line the pockets of the litigation 'industry')



  25. Access to Medicine is More Important Than Patents

    Some of the latest news about patents that impede/deny access to crucial medication; strategic litigation from the generics sector, seeking to invalidate patents and then offer low-cost alternatives



  26. Links 14/10/2017: Windows Breaks Dutch Law, Wine 2.19 Released

    Links for the day



  27. The Patent Trial and Appeal Board (PTAB) Supported by Congress, a Federal Judge, Soon to be Supported by the Supreme Court Too?

    The Patent Trial and Appeal Board is still widely defended, except by the patent microcosm which likes (and profits from) patent trolls and litigation Armageddon



  28. Patents Are Turning BlackBerry and Nokia, Which Used Android, Into Anti-Android Fronts That Tax Android OEMs

    The Canadian BlackBerry has sued BLU in the US only to compel it to pay 'protection' money; Nokia's patents are being scattered to trolls, which are doing something similar (without risking litigation themselves)



  29. The Unified Patent Court (UPC) is Rotting Like the European Patent Office

    The Unitary Patent litigation pipe dreams (or prosecution/trolling fast lane), which Battistelli's EPO long relied on, turn out to be the road to nowhere



  30. Lying and Faking Now a Standard Procedure at the European Patent Office

    The European Patent Organisation (EPO) under the leadership (or chairmanship) of Christoph Ernst continues to relay lies from Battistelli's Office, SUEPO rejects these, the Office lies about SMEs, prioritises Microsoft (again), and probably buys fake Twitter "followers"


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts