EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Former Chief Security Officer for Microsoft the Chairman of the Board of Firm Behind Heartbleed®

Posted in FUD, GNU/Linux, Security at 9:00 am by Dr. Roy Schestowitz

Dagger in the heart of OpenSSL

Heart Bleed

Summary: A serious conflict of interests that nobody in the media is talking about; Codenomicon is headed by Microsoft’s Howard A. Schmidt

SOMETHING fishy was in the news today (since early this morning), including articles from GNU/Linux-oriented journalists [1] and blogs [2], some of which pointed out that a vulnerability discovered and published irresponsibly by the firm headed by Microsoft’s former Chief Security Officer (we wrote about his actions before) are already “patched by all Linux distros”.

Now, looking at the site set up by his firm, you might not know this. It lists the names of many GNU/Linux distributions along with a nasty picture (the one above). This coordinated release (disclosure) of a vulnerability on the last day of Windows XP security patches (they are through unless one pays Microsoft a lot of money) is rather suspicious to us. It came with a trademark-like name, a dot-com Web site (yes .com), and soon we are guaranteed to see lots of FUD saying that GNU/Linux is not secure. We already know that the vulnerabilities industry is well inside Microsoft’s board and at highest level (look at John Thompson from Symantec; he is now Microsoft’s new chairman).

We don’t need to wait for the Microsoft press or a whisper campaign to use Heartbleed® to tell people (again) that Free software, Linux and GNU are very “bad” and are a danger for the Web (some suspect that this bug is the result of NSA intervention in code development — a subject we’ll tackle another day for sure).

“This is a man whose high-paying job required that he beats GNU/Linux at security.”Jacon Appelbaum (of Tor) says that this release was coordinated (with a date and everything) but not responsible at all because even the OpenSSL site, the FBI’s official site (whom Howard Schmidt worked with) and many more remain vulnerable. It should be noted that the flaw has existed for two years, so the timing of this disclosure is interesting. Not too long ago we showed what seemed like Microsoft's role in a campaign to paint GNU/Linux insecure and dangerous becuase of Windows XP's EOL. It was a baseless campaign of FUD, media manipulation, and distortion of facts, ignoring, as always, the elephant in the room (Windows).

For those who treat it like some innocent development at a random time in the news, remember that Howard A. Schmidt, the Chairman of the Board of Codenomicon, was the Chief Security Officer for Microsoft. He joined Codenomicon a year and a half ago. This is irresponsible disclosure and journalists who ignore the conflict of interests (namely Schmidt being the head after serving Microsoft) are equally irresponsible (for irresponsible journalism). They may unwittingly be playing a role in a “Scroogled”-like campaign.

Just go to Codenomicon’s Web site and find it described in large fonts as “A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network” (in many pages). There are lots of pages like this one about involvement in Microsoft SDL.

So to summarise, what does Microsoft have to do with Heartbleed? We probably need to ask Howard Schmidt. This is a man whose high-paying job required that he beats GNU/Linux at security.

Related/contextual items from the news:

  1. Heartbleed: Serious OpenSSL zero day vulnerability revealed
  2. openssl heartbleed updates for Fedora 19 and 20
  3. Heartbleed, a serious OpenSSL bug; patched by all Linux distros

    A new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160) which may consist of our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. According to OpenSSL Security Advisory report Neel Mehta from Google Security has discovered this bug.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 20/3/2018: GStreamer 1.14.0, Freespire 3.0, Endless OS 3.3.13

    Links for the day

  2. BIO, MDMA and PhRMA Are Pushing the PTAB-Hostile STRONGER Patents Act While IAM and Patently-O Continue to Bash PTAB

    The patent microcosm, which compares the Board to the above (crude analogy from Judge Rader and other patent extremists), is still trying to kill inter partes reviews (IPRs), in effect overlooking its own hypocrisy on the matter (they don’t want patent justice, they just want to metaphorically ‘shoot down’ the judges)

  3. 35 U.S.C. § 101 is Still Effectively Tackling Software Patents in the US, But Patent Law Firms Lie/Distort to 'Sell' These Anyway

    The assertion that software patents are still worth pursuing in 2018 is based on carefully-constructed spin which mis-frames several court decisions and underplays/downplays/ignores pretty much everything that does not suit the narrative

  4. Battistelli's EPO Became Extremely Reliant on China for Distraction and on Endless Supply of Applications (Supply Which Doesn't Exist)

    Discussion about the EPO granting machine (or patent-printing machine) and figures the way EPO management would rather the public won't ever see them; the concept that China means redemption for this patent system is as laughable as always

  5. The US International Trade Commission (USITC) Against Comcast, Courtesy of the Intellectual Ventures-Connected Rovi

    The USITC/ITC, which mostly serves to impose embargoes (sometimes in shocking defiance of PTAB decisions), is being invoked by a firm connected to the world’s largest patent troll, Intellectual Ventures

  6. Tinder/Match Group Uses Software Patents to Sue a Rival, Obviously Choosing to Sue in Texas

    Software patents are being used for leverage, but only those which were likely granted before Alice and only in courts at districts somewhere around Texas

  7. Links 19/3/2018: Linux 4.16 RC6, Atom 1.25, antiX 17.1, GNU Mcron 1.1

    Links for the day

  8. From PTAB Bashing to Federal Circuit (CAFC) Bashing: How the Patent 'Industry' Sells Software Patents

    The latest tactics of the patent microcosm are just about as distasteful as last month's (or last year's), with focus shifting to the courts and few broadly-misinterpreted patent cases (mainly Finjan, Berkheimer, and Aatrix)

  9. Patent Maximalists Keep Coming Up With New Terms and Buzzwords to Bypass the Practical Ban on Software Patents

    The fightback against Section 101 and the US Supreme Court (notably Alice) seems to concentrate on old and new buzzwords, such as "Software as a Medical Device" ("SaMD") or "Fourth Industrial Revolution" ("4IR"), which the EPO recently paid European media to spread and promote

  10. News About Patents is Often Just Advertisements Composed Directly or Indirectly by Companies That Sell Patents and Patent Services

    Infomercials are still dominant among news about patents, in effect drowning out the signal (real journalism) and instead pushing agenda that is detached from reality, pertinent facts, objective assessment, public interest and so on

  11. Blocks and Paywalls Won't Protect the Patent Trolls' Lobby From Scrutiny/Fact-Checking

    Joff Wild and Benoît Battistelli have much in common, including patent maximalism and chronic resistance to facts (or fact-checking)

  12. China Has Become Very Aggressive With Patents

    China now targets other Asian countries/firms -- more so than Western firms -- with patent lawsuits; we expect this to get worse in years to come

  13. UPC/Battistelli Booster IAM Blames Brexit Rather Than EPO Abuses

    While the EPO is collapsing due to mismanagement the boosters of Team Battistelli would rather deflect and speak about Brexit, which is itself partly motivated by such mismanagement

  14. European Commission Again Urged to Tackle Abuses at the European Patent Office (EPO)

    Rina Ronja Kari is the latest MEP attempting to compel the Commission to actually do something about the EPO other than turning a blind eye

  15. Links 18/3/2018: Wine 3.4, Wine-Staging 3.4, KDE Connect 1.8 for Android

    Links for the day

  16. TXED Courts Are Causing Businesses to Leave the District, Notably For Fear That Having Any Operations Based There is a Legal Liability

    A discussion about the infamous abundance of patent cases in the Eastern District of Texas (TXED/EDTX) and what this will mean for businesses that have branches or any form of operations there (making them subjected to lawsuits in that district even after TC Heartland)

  17. PTAB Hatred is So Intense Among the Patent 'Industry' That Even Scammers Are Hailed as Champions If They Target PTAB

    The patent microcosm is so eager to stop the Patent Trial and Appeal Board (PTAB) that it's supporting sham deals (or "scams") and exploits/distorts the voice of the new USPTO Director to come up with PTAB-hostile catchphrases

  18. The Patent 'Industry' is Increasingly Mocking CAFC and Its Judges Because It Doesn't Like the Decisions

    Judgmental patent maximalists are still respecting high courts only when it suits them; whenever the outcome is not desirable they're willing to attack the legitimacy of the courts and the competence of judges, even resorting to racist ad hominem attacks if necessary

  19. The Patent Trial and Appeal Board (PTAB) Carries on Enforcing § 101, Invalidating Software Patents and Upsetting the Patent 'Industry' in the Process

    A quick report on where PTAB stands at the moment, some time ahead of the Oil States decision (soon to come from the US Supreme Court)

  20. Luxembourg Can Become a Hub of Patent Trolls If the EPO Carries on With Its 'Reforms', Even Without the UPC

    With or without the Unified Patent Court (UPC), which is the wet dream of patent trolls and their legal representatives, the EPO's terrible policies have landed a lot of low-quality patents on the hands of patent trolls (many of which operate through city-states that exist for tax evasion -- a fiscal environment ripe for shells)

  21. The Patent 'Printing Machine' of the EPO Will Spawn Many Lawsuits and Extortions (Threats of Lawsuits), in Effect Taxing Europe

    The money-obsessed, money-printing patent office, where the assembly line mentality has been adopted and patent-printing management is in charge, is devaluing or diluting the pool of European Patents, more so with restrictions (monetary barriers) to challenging bad patents

  22. Links 17/3/2018: Varnish 6, Wine 3.4

    Links for the day

  23. Deleted EPO Tweets and Promotion of Software Patents Amid Complaints About Abuse and Demise of Patent Quality

    Another ordinary day at the EPO with repressions of workforce, promotion of patents that aren't even allowed, and Team UPC failing to get its act together

  24. Guest Post: Suspected “Whitewashing” Operations by Željko Topić in Croatia

    Articles about EPO Vice-President Željko Topić are disappearing and sources indicate that it’s a result of yet more SLAPP from him

  25. Monumental Effort to Highlight Decline in Quality of European Patents (a Quarter of Examiners Sign Petition in Spite of Fear), Yet Barely Any Press Coverage

    he media in Europe continues to be largely apathetic towards the EPO crisis, instead relaying a bunch of press releases and doctored figures from the EPO; only blogs that closely follow EPO scandals bothered mentioning the new petition

  26. Careful Not to Conflate UPC Critics With AfD or Anti-EU Elements

    The tyrannical Unified Patent Court (UPC) is being spun as something that only fascists would oppose after the right-wing, anti-EU politicians in Germany express strong opposition to it

  27. Links 15/3/2018: Qt Creator 4.6 RC, Microsoft Openwashing

    Links for the day

  28. PTAB Continues to Increase Capacity Ahead of Oil States; Patent Maximalists Utterly Upset

    The Patent Trial and Appeal Board (PTAB) sees the number of filings up to an almost all-time high and efforts to undermine PTAB are failing pretty badly -- a trend which will be further cemented quite soon when the US Supreme Court (quite likely) backs the processes of PTAB

  29. Patent Maximalists Are Still Trying to Create a Patent Bubble in India

    Litigation maximalists and patent zealots continue to taunt India, looking for an opportunity to sue over just about anything including abstract ideas because that's what they derive income from

  30. EPO Staff Has Just Warned the National Delegates That EPO's Decline (in Terms of Patent Quality and Staff Welfare) Would Be Beneficial to Patent Trolls

    The staff of the EPO increasingly recognises the grave dangers of low-quality patents -- an issue we've written about (also in relation to the EPO) for many years


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time


Recent Posts