04.08.14

Gemini version available ♊︎

Former Chief Security Officer for Microsoft the Chairman of the Board of Firm Behind Heartbleed®

Posted in FUD, GNU/Linux, Security at 9:00 am by Dr. Roy Schestowitz

Dagger in the heart of OpenSSL

Heart Bleed

Summary: A serious conflict of interests that nobody in the media is talking about; Codenomicon is headed by Microsoft’s Howard A. Schmidt

SOMETHING fishy was in the news today (since early this morning), including articles from GNU/Linux-oriented journalists [1] and blogs [2], some of which pointed out that a vulnerability discovered and published irresponsibly by the firm headed by Microsoft’s former Chief Security Officer (we wrote about his actions before) are already “patched by all Linux distros”.

Now, looking at the site set up by his firm, you might not know this. It lists the names of many GNU/Linux distributions along with a nasty picture (the one above). This coordinated release (disclosure) of a vulnerability on the last day of Windows XP security patches (they are through unless one pays Microsoft a lot of money) is rather suspicious to us. It came with a trademark-like name, a dot-com Web site (yes .com), and soon we are guaranteed to see lots of FUD saying that GNU/Linux is not secure. We already know that the vulnerabilities industry is well inside Microsoft’s board and at highest level (look at John Thompson from Symantec; he is now Microsoft’s new chairman).

We don’t need to wait for the Microsoft press or a whisper campaign to use Heartbleed® to tell people (again) that Free software, Linux and GNU are very “bad” and are a danger for the Web (some suspect that this bug is the result of NSA intervention in code development — a subject we’ll tackle another day for sure).

“This is a man whose high-paying job required that he beats GNU/Linux at security.”Jacon Appelbaum (of Tor) says that this release was coordinated (with a date and everything) but not responsible at all because even the OpenSSL site, the FBI’s official site (whom Howard Schmidt worked with) and many more remain vulnerable. It should be noted that the flaw has existed for two years, so the timing of this disclosure is interesting. Not too long ago we showed what seemed like Microsoft's role in a campaign to paint GNU/Linux insecure and dangerous becuase of Windows XP's EOL. It was a baseless campaign of FUD, media manipulation, and distortion of facts, ignoring, as always, the elephant in the room (Windows).

For those who treat it like some innocent development at a random time in the news, remember that Howard A. Schmidt, the Chairman of the Board of Codenomicon, was the Chief Security Officer for Microsoft. He joined Codenomicon a year and a half ago. This is irresponsible disclosure and journalists who ignore the conflict of interests (namely Schmidt being the head after serving Microsoft) are equally irresponsible (for irresponsible journalism). They may unwittingly be playing a role in a “Scroogled”-like campaign.

Just go to Codenomicon’s Web site and find it described in large fonts as “A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network” (in many pages). There are lots of pages like this one about involvement in Microsoft SDL.

So to summarise, what does Microsoft have to do with Heartbleed? We probably need to ask Howard Schmidt. This is a man whose high-paying job required that he beats GNU/Linux at security.

Related/contextual items from the news:

  1. Heartbleed: Serious OpenSSL zero day vulnerability revealed
  2. openssl heartbleed updates for Fedora 19 and 20
  3. Heartbleed, a serious OpenSSL bug; patched by all Linux distros

    A new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160) which may consist of our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. According to OpenSSL Security Advisory report Neel Mehta from Google Security has discovered this bug.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. IRC Proceedings: Sunday, May 22, 2022

    IRC logs for Sunday, May 22, 2022

  2. Links 23/05/2022: Fedora 36 Reviewed

    Links for the day

  3. [Meme] It's My Working Party... And I'll Cry If I Want to!

    EPO President António Campinos is still not being held accountable for his Code of Conduct violations

  4. Links 22/05/2022: The 5.18 Kernel is Out

    Links for the day

  5. Gemini is Bigger Than Most People Care to Realise

    Geminispace has gotten to the point where it's too computationally expensive (or outright pricey) to study, let alone keep abreast of, Gemini capsules or the domain space as a whole

  6. Links 22/05/2022: Rock64 and Peppermint OS Release

    Links for the day

  7. [Meme] UPC is Always Next Year (and Next Year It'll Surely be the Year After That)

    The UPC will come “next year”, just like every year (since almost a decade ago) just because the lunatic promises so and crushes the law, quite frankly as usual, cusioned and protected by the UPC lobby

  8. UPC: Turning Patent Lawyers Into Liars and the Media Into Their Money-Grabbing Megaphone (Platform for Fake News)

    The above 26 screenshots (with necessary annotation added) hopefully illuminate the degree of deceit, manipulation, bribery and distortion of public discourse (fake news and advocacy of patently unlawful activities)

  9. Number of Working/Online Gemini Capsules, Known to Totally Legit Gemini Search (TLGS) and to Lupa, Exceeds 2,500

    Assuming that Lupa reduced its crawling capacity (this graph seems to confirm this), we’ve decided to aggregate data from 3 sources and assess the size of Geminispace; Lupa says it can see 1,947 active capsules, but there are many more it has not kept track of

  10. [Meme] Monopoly Tony

    The gentlest, kindest president the EPO ever had

  11. It Took Campinos Three or More Years to Undo Illegal Battistelli Actions on Boards of Appeal and Strike Regulations (Only After Losing at ILO-AT!), But He Does Not Mention That

    Let’s all remember that as the EPO‘s so-called ‘President’ António Campinos (Monopoly Tony) vigorously defended completely unlawful actions of Benoît Battistelli until courts compelled him to stop doing that (Strike Regulations); notice how, in the video above — a portion of this full clip from several months ago — he did not bother mentioning that for 3.5 years that he had “led” the Office the Boards of Appeal were in exile, in direct violation of the EPC, yet nobody is being held accountable for it

  12. IRC Proceedings: Saturday, May 21, 2022

    IRC logs for Saturday, May 21, 2022

  13. Links 22/05/2022: Free Software Developments in Bratislava

    Links for the day

  14. Gemini is the Direction the Paginated Internet Should Have Taken (Not Bloated Web With JavaScript and DRM)

    An update on Gemini and why you might wish to explore it (if you aren't using it already)

  15. EPO.org Now Openly Brags About Making Illegal Patents a Welcomed Part of the Examination Guidelines

    The EPO persists in illegal, unlawful agenda; it's even finding the audacity to advertise this in the official Web site

  16. Links 21/05/2022: Security Blunders and Microsoft Posturing

    Links for the day

  17. Links 21/05/2022: GitLab at Fedora and Pipewire in Next Ubuntu

    Links for the day

  18. Links 21/05/2022: HP Teams up with System76

    Links for the day

  19. IRC Proceedings: Friday, May 20, 2022

    IRC logs for Friday, May 20, 2022

  20. Links 20/05/2022: Thunderbird Revenue Rising

    Links for the day

  21. Outsourcing Sites to Social Control Media is an Outdated Mindset in 2022

    Centralised or federated censorship/filtering platforms (also known as "social [control] media" [sic]) aren't the way forward; we're therefore a little surprised that Linux Weekly News (LWN) bothers with that languishing bandwagon all of a sudden

  22. Links 20/05/2022: Plasma's Latest Beta in Kubuntu 22.04, Kapow 1.6.0 Released

    Links for the day

  23. Turkey's Migration to Pardus Linux and LibreOffice Explained 2 Months Ago in LibrePlanet

    This talk by Hüseyin GÜÇ was uploaded under the title “Real world GNU/Linux story from Istanbul”

  24. In Turkey, Windows Market Share is Down to Almost Nothing, 'Linux' is About Two Thirds of the Connected Devices

    Watch this graph of Windows going down from around 99.5% to just 11.55% this month

  25. The Lies and Delusions of António Campinos

    Monopolies and American corporations (and their lawyers) are a priority for today's EPO, Europe's second-largest institution

  26. Links 20/05/2022: Fedora BIOS Boot SIG

    Links for the day

  27. Links 20/05/2022: Oracle Linux 8.6 and VMware Security Crisis

    Links for the day

  28. IRC Proceedings: Thursday, May 19, 2022

    IRC logs for Thursday, May 19, 2022

  29. Links 19/05/2022: Rust 1.61.0 and Lots of Security FUD

    Links for the day

  30. EPO Eating Its Own (and Robbing Its Own)

    António Campinos is lying to his staff and losing his temper when challenged about it; Like Benoît Battistelli, who ‘fixed’ this job for his banker buddy (despite a clear lack of qualifications and relevant experience), he’s just robbing the EPO’s staff (even pensioners!) and scrubbing the EPC for ill-gotten money, which is in turn illegally funneled into financialization schemes

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts