EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


The Increasing Danger of Back Doors in Standards and Binary Blobs

Posted in Apple, GNU/Linux, Microsoft, Security at 9:06 am by Dr. Roy Schestowitz

Summary: The risk of back doors in GNU/Linux comes not from source code but from blobs, back room deals, the build process, and bogus standards with weaknesses cleverly shoehorned into them

IT HAS BEEN a while since we last wrote about Mr. Srinivasan from Microsoft-Novell. Suffice to say, Novell did a lot for Microsoft and some former staff of Novell continues to work for Microsoft (either directly or indirectly). One gift from Novell to Microsoft was OOXML inside FOSS/OOo. Another was Mono and let’s not forget intrusion into Linux itself. Robert Pogson goes as far as saying that Microsoft “Hacked Linux!”

“My configuration,” Pogson argues, “has CONFIG_HYPERV not set. The code in question is Copyright 2010, Novell (mshyperv.c), and Copyright 2009, M$ (vmbus_drv.c). K. Y. Srinivasan is listed as one of the authours on both. I’m not about to run that other OS on Beast, but thank you, Thomas Gleixner, for fixing things.” (see this link)

Performance issues overlook the much bigger problem — a problem which we addressed several times before. We already know that the NSA is pursuing back doors in Linux [1, 2, 3, 4] and as we pointed out before, the NSA might already have some.

incidentally, as we have shown before, Yahoo was fighting against NSA surveillance in court. When Microsoft took over Yahoo it became apparent that Yahoo stopped fighting and soon became part of PRISM. While some new reports suggest that Yahoo might be ready to escape Microsoft “Yahoo is still in NSA’s pocket though even if they break free of Microsoft,” explains iophk.

Likewise, even if Linux does not engage with Microsoft, the code from Microsoft remains stuck inside Linux and even if there are no back doors in the code itself, this connects to a system, Hyper-V, which is developed by a back doors specialist (Microsoft). There are binary-level back doors from which to access GNU/Linux systems because if the host machine runs Windows, then we already know that the NSA has access. A nearby company that I once visited, UKFast (the UK’s largest ‘cloud’ provider), runs GNU/Linux servers under HyperV, based on what they told me. How insane is that?! GCHO must love it!

Adding to some concerns about back doors, NSA ally and PRISM partner Apple turns out to have hidden a back door. As Think Progress puts it, “Apple quietly released a major update Friday to fix a security glitch in its iOS 7 systems. But independent security experts say the seemingly routine update covers up what arguably could be Apple’s biggest security lapse, exposing iPhone, iPad and iPod Touch users to hackers.”

Whether it’s a back door or just direct access does not matter, but it enables Apple to dance around important questions. It works across several Apple platforms, even desktop platforms [1].

As iophk put it, in relation to this other new article [2] “Potential problems with an official back door in HTTP 2.0, though only in a proposed draft so far. But because of the ways certificates are currently (mis-)managed, this kind of interception of HTTPS is already easy.”

“See one example with four steps,” he added, pointing to [3] from the OpenBSD mailing lists.

It’s not as though GNU/Linux is immune to back doors (Debian has some new security advisories [4,5]), but at least with access to source code the back doors remain very shallow and too risky/difficult for malicious/covert entities to hide. It’s when proprietary software gets added that we lose the ability to ascertain security and privacy.

Related/contextual items from the news:

  1. Apple SSL Vulnerability Affects OSX Too
  2. No, I Don’t Trust You! — One of the Most Alarming Internet Proposals I’ve Ever Seen

    If you care about Internet security, especially what we call “end-to-end” security free from easy snooping by ISPs, carriers, or other intermediaries, heads up! You’ll want to pay attention to this.

    You’d think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven’t authorized, that a plan to formalize a mechanism for ISP and other “man-in-the-middle” snooping would be laughed off the Net.

    But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft “Explicit Trusted Proxy in HTTP/2.0″ (14 Feb 2014) haven’t gotten the message.

    What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping.

  3. relayd SSL interception

    This mail includes a quite detailed explanation of the attached diff that adds support for SSL Interception (“SSL-MITM”) to relayd. If you don’t want to read the story, just skip to the configuration example and diff below.

  4. Debian: 2862-1: chromium-browser: Multiple vulnerabilities
  5. Debian: 2861-1: file: denial of service
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. With Software Patents in Europe (and Pushes for the Same Thing in Australia and India) Patent Trolls Now Come to Europe, Attack Android/Linux

    Worst-case scenarios are becoming a reality as Android backers officially attacked by patent trolls using standard-essential patents in London, England

  2. New Information on Limbo in the Enlarged Board, Courtesy of Illegal Actions by the EPO's Benoît Battistelli

    Battistelli's bullying of people whom he is not even allowed to bully turns out to have gone on for a lot longer than promised, and there is no sign of light at the end of this tunnel

  3. Microsoft Customers Complain About 'Inevitable' Vista 10 Because Microsoft Nearly Forces Botched 'Upgrades'

    In a desperate effort to spread Vista 10, sometimes even against people's will, Microsoft really upsets loyal customers, who are eventually eager to explore alternatives

  4. Dr. Ingve Björn Stjerna Explains Why the UPC (“Unitary Patent“ System) is an Undemocratic Sham Whilst UPC Silently Advanced by Patent Lawyers and Politicians

    European patent laws are being covertly overridden so as to allow broader scope of litigation, higher financial damages, speedy injunctions, and even software patents; the European public is intentionally kept in the dark about it, hence kept unable to express scepticism or issue truly effective objections

  5. IRC Proceedings: September 13th, 2015 – October 3rd, 2015

    Many IRC logs

  6. Article Explains Why SUEPO Went Silent Well Over a Week Ago: Nobody is Allowed to Talk to Journalists Without Permission From Battistelli

    More threats from Benoît Battistelli (threats of termination and legal actions on top of it) help hide the abuses of Battistelli and his fellow thugs at the EPO

  7. A Linux World: After Billions of Dollars in Losses Microsoft Changes How It Reports Financial Results

    The abusive monopolist is trying very hard to hide its growing difficulties, especially in an effort to bamboozle non-technical shareholders who cannot understand how Linux has essentially taken over

  8. Microsoft Continues to Extort Linux and Android OEMs Using Software Patents, This Time ASUS (Forced to Pre-Install Microsoft Spyware With OOXML)

    A roundup of news illustrating that Microsoft is still very much in a total war against Android, (mis)using federal regulators and even software patents to get its way

  9. Links 4/10/2015: Linux 4.2.3 , 4.1.10; MPlayer 1.2 released

    Links for the day

  10. Links 2/10/2015: Qubes 3.0, Linux.Wifatch

    Links for the day

  11. Microsoft-Connected Firm Net Applications Used to Mislead About Vista 10 Share and Mock GNU/Linux

    People who are connected to Microsoft (some being former staff) link to a firm that is connected to Microsoft in order to create the illusion that Vista 10 market share grew to 6.63%

  12. Chairman of the Enlarged Board of Appeal (EBoA) and EPO Vice-President of DG3 Suspiciously on Unlimited Sick Leave After Benoît Battistelli's Unprecedented Attacks on Other EBoA Staff

    Rumours suggest that Benoît Battistelli's affairs at the EPO may have something to do with Wim Van der Eijk's longterm absence

  13. Microsoft's Secret Special Relationship With EPO Illustrates Serious Corruption at Microsoft and the EPO

    A big story about the EPO and Microsoft working in a sort of collusion-type setup so as to serve Microsoft's patent agenda, which involves aggression, even against European software that is Free (as in freedom)

  14. Links 1/10/2015: LFS 7.8, Calculate Linux 15 Released

    Links for the day

  15. The 'Microsoft Loves Linux' Baloney is Still Being Floated in the Media While Microsoft Attacks Linux With Patents, New Lawsuits Reported

    Despite Microsoft's continued assault on Linux and on Android (using software patents, which it still discreetly lobbies for), some figures in the media are perpetually peddling the Microsoft-serving lie that 'Microsoft loves Linux'

  16. The Microsoft Botnet Goes Bonkers and ATMs Running Windows Spew Out Cash

    The terrible security (by design) of Microsoft Windows is causing all sorts of very serious and collectively expensive issues

  17. Black Duck Continues to Pile FUD on Free/Libre Software

    Having spent nearly a decade promoting the fear of Free software licensing, Black Duck now does the same regarding Free software security

  18. Links 30/9/2015: New Kernels, Nexus Devices

    Links for the day

  19. Links 28/9/2015: Last News Catchup Before Resumption

    Links for the day

  20. Links 25/9/2015: GNU/Linux in Indian Government, NeoKylin in China

    Links for the day

  21. Süddeutsche Zeitung Explains Imminent Federal Scrutiny Against Battistelli's EPO in Germany

    The German newspaper Süddeutsche Zeitung reveals that actions by the German government may be imminent against the EPO's cliquish management, including its ringleader Benoît Battistelli

  22. EPO Managers, Patent Lawyers, Commissioners and Other Non-Technical Personnel Tackle Democracy, Alter Laws in Bulk and in Secret

    The reckless assault on European democracies and long-established laws across Europe are now lucidly demonstrated when it comes to patents

  23. Europe's Acceptance of and Resistance to Software Patents, Courtesy of Corporate Front Groups and Courtrooms Respectively

    A snapshot of recent developments and upcoming developments in Europe, regarding software patents in particular

  24. German Press Explains EPO Investigation Unit (I.U.), Struggles to Openly Speak to the Secretive EPO

    The secretive Investigation/Investigative Unit (I.U.) of the European Patent Office (EPO) is further studied/explored by a recent article from junge Welt, an old and well-established German newspaper (since 1947)

  25. Links 24/9/2015: GNOME 3.18, Fedora 23 Beta, New Firefox

    Links for the day

  26. Translation Needed of Article About EPO Threats Against SUEPO's Elizabeth Hardon

    A call for translation of an important article that may help shed light on the modus operandi of the Investigation/Investigative Unit of the EPO, which works with Control Risks Group (CRG), the 'British Blackwater'

  27. Media Filled With Spin and Lies Amid Microsoft's Admission of Internal Usage (and Modification) of GNU/Linux

    Further analysis of Microsoft's admission that it uses Linux internally and the media's poorly-researched response to that

  28. EPO Management Justifies Censorship (Even of Journalists) Using Its Vice-President Željko Topić

    The Topić connection to EPO-imposed and universally-induced censorship not just of news sites but also sites which speak about the censorship itself, or dare question the integrity of the EPO's management

  29. Changes at Techrights

    A few short notes on how we are going to re-align the site with disruptive trends, notably patents-related

  30. EPO President Benoît Battistelli Compared to Famous Criminals on European Television

    The Belgian TV network featured a show which was making fun of Battistelli earlier this month


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time


Recent Posts