EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.02.14

Red Hat Should Keep Its Distance From NSA Facilitator Microsoft

Posted in Microsoft, Red Hat, Security, Windows at 6:27 am by Dr. Roy Schestowitz

Dragonfly

Summary: Criticism of Red Hat’s increasing proximity to some of the very same bits of proprietary software which are accompanied by back doors (for the NSA)

THE DANGERS of Microsoft are very real, as a former foe of Microsoft, Novell, helped prove. Five years ago Red Hat consented to playing an active part in Microsoft VM hosts, despite knowing (even back then) about Microsoft’s relationship with the NSA, which meant that VMs running RHEL would be accessible (to the NSA) from the back door, Microsoft Windows.

There are many back doors in Windows and therefore in Hyper-V, which sits on top of Windows (back doors further down the stack). Microsoft tells the NSA about these back doors. To give the latest example of back doors, see this new report [2] which says: “Nearly 30 days after reports of a zero-day flaw being exploited in the wild, Microsoft will finally patch this critical vulnerability.”

Relying on Microsoft for technology means that one should also expect and accept back doors. A reader showed us this new article, claiming that “Mono [is] infecting Android,” but it’s not just Android. Even Red Hat is now making such mistakes, in addition to hiring from Microsoft for management of virtualisation. Based on [2,3], Red Hat now accommodates Microsoft .NET applications, despite them being proprietary and potential back doors. A week or so ago some speculated that Microsoft might buy Red Hat (one day) [4,5] and yesterday we found the article “Why Microsoft Will Pick Off Red Hat” (logic of investors, not technical people).

Microsoft is now knowingly abandoning hundreds of millions of Windows users, leaving them with permanent back doors [6,7], so why should Red Hat trust Microsoft .NET applications or anything that comes from Microsoft, including Hyper-V? Articles like [8-10] remind us that in GNU/Linux the main flaw is human error (not changing default passwords or not applying patches, which Red Hat is making easier to apply without any downtime [11]).

The bottom line is, Red Hat’s relationship with the NSA withstanding, it oughtn’t connect too much to Microsoft components like .NET and Hyper-V because these constitute back doors that jeopardise security of GNU/Linux users.

Related/contextual items from the news:

  1. Microsoft to Fix an Internet Explorer Zero-Day Flaw
  2. Red Hat Adds Microsoft .NET to Its OpenShift PaaS
  3. A Red Hat stunner: ‘Miccosoft .NET apps on OpenShift’ Yes, you read correctly

    On Wednesday, Working with Uhuru Software, Red Hat is now incorporate a rival Microsoft product – .NET – to its three-year-old OpenShift platform-as-a-service. Really? Red Hat even published a blog to explain what’s going on to those who might find the concept a bit unbelievable.

    Chris Morgan, the OpenShift Partner Ecosystem Technical Director for Red Hat, wrote the blog – and even he acknowledged the incredulity of it all that something from Microsoft, which for years has been an enemy of Red Hat, Linux and Open Source, would be incorporated into OpenShift.

  4. An Indecent Proposal: Microsoft and Red Hat?
  5. Reviews, Indecent Proposal, and Ubuntu Graduation

    Today brings two new reviews. Jesse Smith reviews Linux Mint Debian Edition 201403 in today’s Distrowatch Weekly and Jamie Watson posts his latest hands-on. Steven J. Vaughan-Nichols says folks don’t care about operating systems anymore. Matt Hartley has a few suggestions for those ready to graduate from Ubuntu. All this and more in tonight’s Linux news review.

    Jesse Smith tested the latest LMDE in this week’s Distrowatch Weekly. He found a few bugs but Smith says it “lives up to its description” of having “rough edges.” With all its “nasty surprises” Smith suggests folks just stick with the Ubuntu-based version of Mint. But see his full review for all the details.

  6. Perspective: Microsoft risks security reputation ruin by retiring XP

    A decade ago, Microsoft kicked off SDL, or Security Development Lifecycle, a now-widely-adopted process designed to bake security into software, and began building what has become an unmatched reputation in how a vendor writes more secure code, keeps customers informed about security issues, and backs that up with regular patches.

  7. Positive Feedback: M$ Uses XP To Publish The Insecurity Of Using That Other OS
  8. Flaws In People And Their Software
  9. Red Hat Risk Reflex (The Linux Security Flaw That Isn’t)

    News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a ‘major security problem’ has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that “GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification… An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid.” In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it’s all Linux’s fault. Or is it?

  10. Linux Bugs, Bugs Everywhere

    “We are seeing a lot of crypto bugs surfacing lately because these libraries are suddenly getting a lot of review thanks to Snowden’s revelations,” suggested blogger Chris Traver. “I think one has to separate the crypto bugs from others because they are occurring in a different context. “From what I have read about gnutls, though, it seems to me that this is probably the tip of the iceberg.”

  11. Introducing kpatch: Dynamic Kernel Patching

    In upstream development news, the kernel team here at Red Hat has been working on a dynamic kernel patching project called kpatch for several months. At long last, the project has reached a point where we feel it’s ready for a wider audience and are very excited to announce that we’ve released the kpatch code under GPLv2.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Michelle Lee, USPTO Director, Should Recognise That the Patent Microcosm is Her Enemy Which Hates Her

    The latest outburst from the patent microcosm, which has a temper issue and notorious disdain for judges it does not agree with, is more of what we have come to expect



  2. Battistelli is an Autocrat Above the Law and It's OK, Holland's High Council Says

    Battistelli's autocratic tendencies will not be challenged by Dutch authorities, in spite of sheer condemnation from many groups all across Europe and the entire world



  3. Beware Fake News About the Unitary Patent (UPC)

    The UPC is dead, deadlocked, stuck, in a limbo and so on; those who claim otherwise are merely lobbying (in disguise of "analysis" or "news")



  4. Shame on MapR for Pursuing Software Patents While Pretending to Stand for Free/Open Source Software

    The patents gold rush sees another company joining the 'fun', albeit this company should campaign hard against software patents rather than pursue any



  5. Doomsday Scenario in the Back Mirror as Michelle Lee Keeps Her Job (and Much-Needed Patent Reform) at the USPTO

    The future of patent reform, i.e. tackling overpatenting and patent trolls, looks somewhat more promising with today's confirmation of Lee's 'extended tenure' at the Office



  6. Links 19/1/2017: PulseAudio 10.0, Linux 4.9 Longterm Kernel

    Links for the day



  7. Corporate (Wall Street) Media Agrees That Brexit Dooms the Unitary Patent (UPC)

    The nonstop lies or the fake news about the UPC starting "real soon now" don't quite pass a reality check or a basic assessment based on fundamental concepts, such as the UPC's facilitation of subordination (to Europe) in the United Kingdom



  8. Farce of an 'Independence' for the Boards of Appeal as Another Ally of Benoît Battistelli Enters as Parasite Inside the 'Overseer'/Host

    The latest cluster of lies from the President of the European Patent Office (EPO) and direct refutation of false claims of independence for the Boards of Appeal, where the former Vice-Presidents can flock, just like the Mini Minion (Minnoye) of Battistelli



  9. Links 18/1/2017: Red Hat's OpenShift 3.4, Mozilla's New Logo/Branding

    Links for the day



  10. Union-Busting Action by Team Battistelli Takes Heavy Toll, Techrights Will Continue to Expose EPO Injustices to the World

    The Staff Union of the European Patent Office, SUEPO, which faced unprecedented and probably illegal (based on local laws) attacks, is being weakened by the worst President ever, whose own management team seems to be collapsing along with the institution he is destroying in just a few years



  11. A Lot More Fake News About the UPC, Trying to Convince People That the UK is Ratifying (It's Not, It Cannot)

    Response to some of the latest misleading (self-serving) whispers about the fate of the Unified Patent Court (UPC), which is in a deadlock due to Brexit



  12. Rumours Suggest That EPO Management is Aware of Decline in Patent Quality and is Thus Actively Lying About it to the Media/Public

    Whenever Battistelli brags about patent quality he may be consciously and deliberately lying through his teeth if the latest rumours are correct



  13. Links 17/1/2017: GIMP Plans, New Raspberry Pi Product

    Links for the day



  14. Resumption of EPO Propaganda ('Meet the President') Officially Starts Tomorrow

    Yet another one of these foolish 'Meet the President' stunts, scheduled to take place tomorrow morning



  15. Caricature: Battistelli's New Year's Resolution (More EPO Lies)

    The latest cartoon being circulated within the European Patent Office (EPO)



  16. Donald Trump Gives New Hope to Patent Aggressors and Patent Trolls

    Pessimism about the prospects of patent progress or patent reform in an age of staunchly pro-business Conservatives and glorification of protectionism



  17. More Fake News About the Unified Patent Court (UPC) Based on Lobbying Tactics From Bristows UPC and the Preparatory Committee

    Unified Patent Court (UPC) lobbying has gotten so bad that it now infiltrates general media outlets, where people are asked to just blindly assume that the UPC is coming and is inevitable, even though it's clearly in a limbo and is unlikely to see the light of day



  18. EPO Totally Silent for a Month, But Deep Inside There Are Serious Cracks

    The situation at the EPO seems to be pretty grim, even at the top-level management, and the EPO has gone into permanent silence mode



  19. Links 16/1/2017: Linux 4.10 RC4, Linux Mint 18.1 'Serena' KDE Edition Beta

    Links for the day



  20. 'Financial Director' Publishes Fake News About the Unitary Patent (UPC)

    Response to some of the latest UPC propaganda, which strives to misinform Financial Directors so as to enrich the author and his firm



  21. Independent and Untainted Web Sites About Patents Are Still Few and Rare

    Commentary about news sources that we rely on, as well as the known pitfalls or the vested interests deeply ingrained in them



  22. The 20% Rule: Patent Trolling Suffers Double-Digit Declines and Patent Troll Technicolor is Collapsing

    Significant demise or total catastrophe for the modus operandi (method) of going after companies with a pile of patents and threats of litigation



  23. US Supreme Court Did Not End Apple's Patent Disputes Over Android (Linux), More Cases Imminent

    An overview of some very recent news regarding the highest court in the United States, which has been dealing with cases that can determine the fate of Free/Open Source software in an age of patent uncertainty and patent thickets surrounding mobility



  24. Links 15/1/2017: Switching From OS X to GNU/Linux, Debian 8.7 Released

    Links for the day



  25. Number of New Patent Cases in the US Fell 25% Last Year, Thanks in Part to the Demise of Software Patent Trolls

    Litigation and prosecutions that rely on patents (failure to resolve disputes, e.g. by sharing ideas, out of court) is down very sharply, in part because firms that make nothing at all (just threaten and/or litigate) have been sinking after much-needed reform



  26. America Invents Act Improved Patent Quality, But Right Wingers Threaten to Make It Worse Again

    The past half a decade saw gradual improvement in assessment of patents in the United States, but there is a growing threat and pressure from the patent microcosm to restore patent maximalism and chaos



  27. PTAB -- Not Deterred by Courts -- Continues to Invalidate a Lot of Software Patents

    The Patent Trial and Appeal Board (PTAB) continues to make progress reforming the patent system by eliminating a lot of patents and setting an example (or new standards) for what is patent-eligible after Alice



  28. EPO Abuses Come Under Fire From Politicians in Luxembourg

    Luxembourg is the latest nation in which concerns about the EPO's serious abuses are brought up not only by the media but also by politicians



  29. Constitutionality as a Barrier and Brexit Barriers to UPC Keep the Whole Pipe Dream Deadlocked

    The UPC is still going nowhere fast, but the demise (or death) of the UPC as we know it must not be taken for granted



  30. Links 14/1/2017: Wine 2.0 RC5 and AryaLinux 2017 Released

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts