EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.08.14

Former Chief Security Officer for Microsoft the Chairman of the Board of Firm Behind Heartbleed®

Posted in FUD, GNU/Linux, Security at 9:00 am by Dr. Roy Schestowitz

Dagger in the heart of OpenSSL

Heart Bleed

Summary: A serious conflict of interests that nobody in the media is talking about; Codenomicon is headed by Microsoft’s Howard A. Schmidt

SOMETHING fishy was in the news today (since early this morning), including articles from GNU/Linux-oriented journalists [1] and blogs [2], some of which pointed out that a vulnerability discovered and published irresponsibly by the firm headed by Microsoft’s former Chief Security Officer (we wrote about his actions before) are already “patched by all Linux distros”.

Now, looking at the site set up by his firm, you might not know this. It lists the names of many GNU/Linux distributions along with a nasty picture (the one above). This coordinated release (disclosure) of a vulnerability on the last day of Windows XP security patches (they are through unless one pays Microsoft a lot of money) is rather suspicious to us. It came with a trademark-like name, a dot-com Web site (yes .com), and soon we are guaranteed to see lots of FUD saying that GNU/Linux is not secure. We already know that the vulnerabilities industry is well inside Microsoft’s board and at highest level (look at John Thompson from Symantec; he is now Microsoft’s new chairman).

We don’t need to wait for the Microsoft press or a whisper campaign to use Heartbleed® to tell people (again) that Free software, Linux and GNU are very “bad” and are a danger for the Web (some suspect that this bug is the result of NSA intervention in code development — a subject we’ll tackle another day for sure).

“This is a man whose high-paying job required that he beats GNU/Linux at security.”Jacon Appelbaum (of Tor) says that this release was coordinated (with a date and everything) but not responsible at all because even the OpenSSL site, the FBI’s official site (whom Howard Schmidt worked with) and many more remain vulnerable. It should be noted that the flaw has existed for two years, so the timing of this disclosure is interesting. Not too long ago we showed what seemed like Microsoft's role in a campaign to paint GNU/Linux insecure and dangerous becuase of Windows XP's EOL. It was a baseless campaign of FUD, media manipulation, and distortion of facts, ignoring, as always, the elephant in the room (Windows).

For those who treat it like some innocent development at a random time in the news, remember that Howard A. Schmidt, the Chairman of the Board of Codenomicon, was the Chief Security Officer for Microsoft. He joined Codenomicon a year and a half ago. This is irresponsible disclosure and journalists who ignore the conflict of interests (namely Schmidt being the head after serving Microsoft) are equally irresponsible (for irresponsible journalism). They may unwittingly be playing a role in a “Scroogled”-like campaign.

Just go to Codenomicon’s Web site and find it described in large fonts as “A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network” (in many pages). There are lots of pages like this one about involvement in Microsoft SDL.

So to summarise, what does Microsoft have to do with Heartbleed? We probably need to ask Howard Schmidt. This is a man whose high-paying job required that he beats GNU/Linux at security.

Related/contextual items from the news:

  1. Heartbleed: Serious OpenSSL zero day vulnerability revealed
  2. openssl heartbleed updates for Fedora 19 and 20
  3. Heartbleed, a serious OpenSSL bug; patched by all Linux distros

    A new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160) which may consist of our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. According to OpenSSL Security Advisory report Neel Mehta from Google Security has discovered this bug.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 18/9/2018: Qt 5.12 Alpha , MAAS 2.5.0 Beta, PostgreSQL CoC

    Links for the day



  2. Today's European Patent Office (EPO) Works for Large, Foreign Pharmaceutical Companies in Pursuit of Patents on Nature, Life, and Essential/Basic Drugs

    The never-ending insanity which is patents on DNA/genome/genetics and all sorts of basic things that are put together like a recipe in a restaurant; patents are no longer covering actual machinery that accomplishes unique tasks in complicated ways, typically assembled from scratch by humans; some supposed 'inventions' are merely born into existence by the natural splitting of organisms or conception (e.g. pregnancy)



  3. The EPO Has Quit Pretending That It Cares About Patent Quality, All It Cares About is Quantity of Lawsuits

    A new interview with Roberta Romano-Götsch, as well as the EPO's promotion of software patents alongside CIPA (Team UPC), is an indication that the EPO has ceased caring about quality and hardly even pretends to care anymore



  4. Qualcomm's Escalating Patent Wars Have Already Caused Massive Buybacks (Loss of Reserves) and Loss of Massive Clients

    Qualcomm's multi-continental patent battles are an effort to 'shock and awe' everyone into its protection racket; but the unintended effect seems to be a move further and further away from 'Qualcomm territories'



  5. Links 17/9/2018: Torvalds Takes a Break, SQLite 3.25.0 Released

    Links for the day



  6. The Patent Trial and Appeal Board (PTAB) Helps Prevent Frivolous Software Patent Lawsuits

    PTAB with its quality-improving inter partes reviews (IPRs) is enraging patent maximalists; but by looking to work around it or weaken it they will simply reduce the confidence associated with US patents



  7. Abstract Patents (Things One Can Do With Pen and Paper, Sometimes an Abacus) Are a Waste of Money as Courts Disregard Them

    A quick roundup of patents and lawsuits at the heart of which there's little or no substance; 35 U.S.C. § 101 renders these moot



  8. “Blockchain” Hype and “FinTech”-Like Buzzwords Usher in Software Patents Everywhere, Even Where Such Patents Are Obviously Bunk

    Not only the U.S. Patent and Trademark Office (USPTO) embraces the "blockchain" hype; business methods and algorithms are being granted patent 'protection' (exclusivity) which would likely be disputed by the courts (if that ever reaches the courts)



  9. Qualcomm's Patent Aggression Threatens Rationality of Patent Scope in Europe and Elsewhere

    Qualcomm's dependence on patent taxes (so-called 'royalties' associated with physical devices which it doesn't even make) highlights the dangers now known; the patent thicket has grown too "thick"



  10. Months After Oil States the Patent Maximalists Are Still Desperate to Crush PTAB in the Courts, Not Just in Congress and the Office

    Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) improve patent quality and are therefore a threat to those who profit from spurious feuding and litigation; they try anything they can to turn things around



  11. IAM, Watchtroll and the EPO Still Spread the Mentality of Patent Maximalism

    The misguided idea that the objective (overall) should be to grant as many monopolies as possible (to spur a lot of litigation) isn't being challenged in echo chamber 'events', set up and sponsored by think tanks and pressure groups of the litigation 'industry'



  12. Watchtroll and Other Proponents of Patent Trolls Are Trying to Change the Law Outside the Courts in Order to Bypass Patent Justice

    35 U.S.C. § 101 (Section 101) voids almost every software patent — a reality that even the most zealous patent professionals have come to grips with and their way of tackling this ‘problem’ is legislative, albeit nowhere near successful (so far)



  13. Links 16/9/2018: Windows Plays 'Nice' Again, Elisa Music Player 0.3 Beta and Latte Dock 0.8.1

    Links for the day



  14. Slamming Courts and Judges Won't Help the Patent Maximalists; It Can Only Make Things Worse

    Acorda Therapeutics sees its stock price dropping 25% after finding out that its patent portfolio isn't solid, as affirmed by the Federal Circuitn(CAFC); the only way out of this mess is a pursuit of a vastly improved patent quality, thorough patent examination which then offers legal certainty



  15. Patent Trolls Are Still Active and Microsoft is Closely Connected to Many of Them

    A roundup of patent trolls' actions in the United States; Microsoft is connected to a notably high number of these



  16. Advancements in Automobile Technology Won't be Possible With Patent Maximalism

    Advancements in the development of vehicles are being discouraged by a thicket of patents as dumb (and likely invalid) as claims on algorithms and mere shapes



  17. Battistelli “Has Deeply Hurt the Whole Patent Profession, Examiners as Well as Agents” and Also the Image of France

    A French perspective regarding Battistelli's reign at the EPO, which has not really ended but manifests itself or 'metastasises' through colleagues of Battistelli (whom he chose) and another French President (whom he also chose)



  18. António Campinos Needs to Listen to Doctors Without Borders (MSF) et al to Salvage What's Left of Public Consent for the EPO

    Groups including Doctors Without Borders/Médecins Sans Frontières (MSF) and Médecins du Monde (MdM) have attempted to explain to the EPO, with notoriously French-dominated leadership, that it’s a mistake to work for Gilead at the expense of the public; but António Campinos is just another patent maximalist



  19. The Max Planck Institute's Determination on UPC's (Unitary Patent) Demise is Only “Controversial” in the Eyes of Rabid Members of Team UPC

    Bristows keeps lying like Battistelli; that it calls a new paper "controversial" without providing any evidence of a controversy says a lot about Bristows LLP, both as a firm and the individuals who make up the firm (they would not be honest with their clients, either)



  20. Links 15/9/2018: Wine 3.16, Overwatch's GNU/Linux (Wine) 'Ban', New Fedora 28 Build, and Fedora 29 Beta Delay

    Links for the day



  21. Max Planck Institute Pours More Water on the Dying Unitary Patent (UPC)

    The Max Planck Institute gives another sobering reality check for Team UPC to chew on; there's still no sign of any progress whatsoever for the UPC because even Team UPC appears to have given up and moved on



  22. EPO Seals Many Death Sentences With Acceptance of EP 2604620

    Very disappointing news as EP 2604620 withstands scrutiny, assuring that a lot of poor people will not receive much-needed, life-saving treatments



  23. Links 13/9/2018: Compiz Comeback, 'Life is Strange: Before the Storm'

    Links for the day



  24. Now We Have Patents on Rooms. Yes, Rooms!

    The shallow level of what nowadays constitutes "innovation" and merits getting a patent for a couple of decades



  25. EPO Granted a Controversial European Patent (Under Battistelli) Which May Literally Kill a Lot of People

    The EPO (together with CIPA) keeps promoting software patents; patents that are being granted by the EPO literally put lives at risk and have probably already cost a lot of lives



  26. Links 13/9/2018: Parrot 4.2.2, Sailfish OS Nurmonjoki, Eelo Beta

    Links for the day



  27. Patents on Life at the EPO Are a Symptom of Declining Patent Quality

    When even life and natural phenomena are deemed worthy of a private monopoly it seems clear that the sole goal has become patenting rather than advancement of science and technology; media that's controlled by the patent 'industry', however, fails to acknowledge this and plays along with privateers of nature



  28. Defending the World's Most Notorious Patent Trolls in an Effort to Smear the Patent Trial and Appeal Board (PTAB) is an Utterly Poor Strategy

    The 'case' for patent maximalism is very weak; those who spent years if not decades promoting patent maximalism have resorted to attacks on judges, to defense of trolls like Intellectual Ventures, defense of patent scams, and ridiculous attempts to call victims of patent trolls "trolls"



  29. The Belated Demise of Propaganda Sites of the Litigation 'Industry'

    Sites that promote the interests of Big Litigation (patent trolls, patent law firms etc.) are ebbing away; in the process they still mothball the facts and push propaganda instead



  30. Links 11/9/2018: OpenSSL 1.1.1, Alpine Linux 3.8.1, Copyright Fight in EU

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts