EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.08.14

Former Chief Security Officer for Microsoft the Chairman of the Board of Firm Behind Heartbleed®

Posted in FUD, GNU/Linux, Security at 9:00 am by Dr. Roy Schestowitz

Dagger in the heart of OpenSSL

Heart Bleed

Summary: A serious conflict of interests that nobody in the media is talking about; Codenomicon is headed by Microsoft’s Howard A. Schmidt

SOMETHING fishy was in the news today (since early this morning), including articles from GNU/Linux-oriented journalists [1] and blogs [2], some of which pointed out that a vulnerability discovered and published irresponsibly by the firm headed by Microsoft’s former Chief Security Officer (we wrote about his actions before) are already “patched by all Linux distros”.

Now, looking at the site set up by his firm, you might not know this. It lists the names of many GNU/Linux distributions along with a nasty picture (the one above). This coordinated release (disclosure) of a vulnerability on the last day of Windows XP security patches (they are through unless one pays Microsoft a lot of money) is rather suspicious to us. It came with a trademark-like name, a dot-com Web site (yes .com), and soon we are guaranteed to see lots of FUD saying that GNU/Linux is not secure. We already know that the vulnerabilities industry is well inside Microsoft’s board and at highest level (look at John Thompson from Symantec; he is now Microsoft’s new chairman).

We don’t need to wait for the Microsoft press or a whisper campaign to use Heartbleed® to tell people (again) that Free software, Linux and GNU are very “bad” and are a danger for the Web (some suspect that this bug is the result of NSA intervention in code development — a subject we’ll tackle another day for sure).

“This is a man whose high-paying job required that he beats GNU/Linux at security.”Jacon Appelbaum (of Tor) says that this release was coordinated (with a date and everything) but not responsible at all because even the OpenSSL site, the FBI’s official site (whom Howard Schmidt worked with) and many more remain vulnerable. It should be noted that the flaw has existed for two years, so the timing of this disclosure is interesting. Not too long ago we showed what seemed like Microsoft's role in a campaign to paint GNU/Linux insecure and dangerous becuase of Windows XP's EOL. It was a baseless campaign of FUD, media manipulation, and distortion of facts, ignoring, as always, the elephant in the room (Windows).

For those who treat it like some innocent development at a random time in the news, remember that Howard A. Schmidt, the Chairman of the Board of Codenomicon, was the Chief Security Officer for Microsoft. He joined Codenomicon a year and a half ago. This is irresponsible disclosure and journalists who ignore the conflict of interests (namely Schmidt being the head after serving Microsoft) are equally irresponsible (for irresponsible journalism). They may unwittingly be playing a role in a “Scroogled”-like campaign.

Just go to Codenomicon’s Web site and find it described in large fonts as “A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network” (in many pages). There are lots of pages like this one about involvement in Microsoft SDL.

So to summarise, what does Microsoft have to do with Heartbleed? We probably need to ask Howard Schmidt. This is a man whose high-paying job required that he beats GNU/Linux at security.

Related/contextual items from the news:

  1. Heartbleed: Serious OpenSSL zero day vulnerability revealed
  2. openssl heartbleed updates for Fedora 19 and 20
  3. Heartbleed, a serious OpenSSL bug; patched by all Linux distros

    A new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160) which may consist of our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. According to OpenSSL Security Advisory report Neel Mehta from Google Security has discovered this bug.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. A Question of Debt: António Campinos, Lexology, Law Gazette, and Sam Gyimah

    Ineptitude in the media which dominates if not monopolises UPC coverage means that laws detrimental to everyone but patent lawyers are nowadays being pushed even by ministers (not just those whose clandestine vote is used/bought to steal democracy overnight)

  2. Science Minister Sam Gyimah and the EPO Are Eager to Attack Science by Bringing Patent Trolls to Europe/European Union and the United Kingdom

    Team UPC has managed to indoctrinate or hijack key positions, causing those whose job is to promote science to actually promote patent trolls and litigation (suppressing science rather than advancing it)

  3. USF Revisits EPO Abuses, Highlighting an Urgent Need for Action

    “Staff Representation Disciplinary Cases” — a message circulated at the end of last week — reveals the persistence of union-busting agenda and injustice at the EPO

  4. Links 14/11/2018: KDevelop 5.3, Omarine 5.3, Canonical Not for Sale

    Links for the day

  5. Second Day of EPOPIC: Yet More Promotion of Software Patents in Europe in Defiance of Courts, EPC, Parliament and Common Sense

    Using bogus interpretations of the EPC — ones that courts have repeatedly rejected — the EPO continues to grant bogus/fake/bunk patents on abstract ideas, then justifies that practice (when the audience comes from the litigation ‘industry’)

  6. Allegations That António Campinos 'Bought' His Presidency and is Still Paying for it

    Rumours persist that after Battistelli had rigged the election in favour of his compatriot nefarious things related to that were still visible

  7. WIPO Corruption and Coverup Mirror EPO Tactics

    Suppression of staff representatives and whistleblowers carries on at WIPO and the EPO; people who speak out about abuses are themselves being treated like abusers

  8. Links 13/11/2018: HPC Domination (Top 500 All GNU/Linux) and OpenStack News

    Links for the day

  9. The USPTO and EPO Pretend to Care About Patent Quality by Mingling With the Terms “Patent” and “Quality”

    The whole "patent quality" propaganda from EPO and USPTO management continues unabated; they strive to maintain the fiction that quality rather than money is their prime motivator

  10. Yannis Skulikaris Promotes Software Patents at EPOPIC, Defending the Questionable Practice Under António Campinos

    The reckless advocacy for abstract patents on mere algorithms from a new and less familiar face; the EPO is definitely eager to grant software patents and it explains to stakeholders how to do it

  11. The U.S. Chamber of Commerce is Working for Patent Trolls and Patent Maximalists

    The patent trolls' propagandists are joining forces and pushing for a patent system that is hostile to science, technology, and innovation in general (so as to enable a bunch of aggressive law firms to tax everybody)

  12. Team UPC, Fronting for Patent Trolls From the US, is Calling Facts “Resistance”

    The tactics of Team UPC have gotten so tastelessly bad and its motivation so shallow (extortion in Europe) that one begins to wonder why these people are willing to tarnish everything that's left of their reputation

  13. The Federal Circuit Bar Association (FCBA) Will Spread the Berkheimer Lie While Legal Certainty Associated With Patents Remains Low and Few Lawsuits Filed

    New figures regarding patent litigation in the United States (number of lawsuits) show a decrease by about a tenth in just one year; there's still no sign of software patents making any kind of return/rebound in the United States, contrary to lies told by the litigation 'industry' (those who profit from frivolous lawsuits/threats)

  14. Links 12/11/2018: Linux 4.20 RC2, Denuvo DRM Defeated Again

    Links for the day

  15. Automation of Searches Will Not Solve the Legitimacy Problem Caused by Patents Lust

    The false belief that better searches and so-called 'AI' can miraculously assess patents will simply drive/motivate bad decisions and already steers bad management towards patent maximalism (presumption of examination/validation where none actually exists)

  16. The Federal Circuit and PTAB Are Not Slowing Down; Patent Maximalists Claim It's 'Harassment' to Question a Patent's Validity

    There’s no sign of stopping when it comes to harassment of judges and courts; those who make a living from patent threats and litigation do anything conceivable to stop the ‘bloodbath’ of US patents which were never supposed to have been granted in the first place

  17. Patent Maximalists Will Latch Onto Return Mail v US Postal Service in an Effort to Weaken or Limit Post-Grant Reviews of US Patents

    An upcoming case, dealing with what governments can and cannot do with/to patents (specifically the US government and US patents), interests the litigation 'industry' because it loathes reviews of low-quality and/or controversial patents (these reviews discourage litigation or stop lawsuits early on in the cycle)

  18. Guest Post: EPO Spins Censorship of Staff Representation

    Another concrete example of Campinos' cynical story-telling

  19. Andrei Iancu and Laura Peter Are Two Proponents of Patent Trolls at the Top of the USPTO

    Patent offices do not seem to care about the law, about the courts, about judges and so on; all they care about is money (and litigation costs) and that’s a very major problem

  20. The Patent 'Industry' Wants Incitations and Feuds, Not Innovation and Collaboration

    The litigation giants and their drones keep insisting that they're interested in helping scientists; but sooner or later the real (productive) industry learns to kick them to the curb and work together instead of suing

  21. EPO 'Outsourcing' Rumours

    The EPO advertises jobs in Prague and Lisbon; this leads to speculations less than a year after António Campinos sent EU-IPO jobs to India (for cost reduction)

  22. Links 11/11/2018: Bison 3.2.1 and FreeBSD 12.0 Beta 4

    Links for the day

  23. Pro-Litigation Front Groups Like CIPA and Team UPC Control the EPO, Which Shamelessly Grants Software Patents

    With buzzwords and hype like "insurtech", "fintech", "blockchains" and "AI" the EPO (and to some degree the USPTO as well) looks to allow a very wide range of software patents; the sole goal is to grant millions of low-quality patents, creating unnecessary litigation in Europe

  24. Latest Loophole: To Get Software Patents From the EPO One Can Just Claim That They're 'on a Car'

    The EPO has a new 'study' (accompanied by an extensive media/PR campaign) that paints software as "SDV" if it runs on a car, celebrating growth of such software patents

  25. The Huge Cost of Wrongly-Granted European Patents, Recklessly Granted by the European Patent Office (EPO)

    It took 4 years for many thousands of people to have just one patent of Monsanto/Bayer revoked; what does that say about the impact of erroneous patent awards?

  26. Links 10/11/2018: Mesa 18.3 RC2, ‘Linux on DeX’ Beta and Windows Breaking Itself Again

    Links for the day

  27. Unified Patents Takes Aim at Velos Media SEPs, Passed From Patent Aggressor Qualcomm

    The latest endeavour from Unified Patents takes aim at notorious standard-essential patents (SEPs), which are not compatible with Free/Open Source software and are typically invalid as per 35 U.S.C. § 101 as well

  28. Stacked Panels of Front Groups Against PTAB and in Favour of Patents on Life/Nature

    So-called 'panels' where the opposition is occluded or excluded try to sell the impression that greatness comes from patent maximalism (overpatenting) rather than restriction based on merit and rational scope

  29. With Patent Trolls Like Finjan and Blackbird Tech out There, Microsoft in OIN Does Not Mean Safety

    With many patent trolls out there (Microsoft’s Intellectual Ventures alone has thousands of them) it’s not at all clear how Microsoft can honestly claim to have reached a “truce”; OIN deals with issues which last manifested/publicly revealed themselves a decade ago (Microsoft suing directly, not by proxy)

  30. Links 9/11/2018: Qt 5.12.0 Beta 4, Ubuntu On Samsung Galaxy Devices, Rust 1.30.1

    Links for the day

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts