EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.08.14

Former Chief Security Officer for Microsoft the Chairman of the Board of Firm Behind Heartbleed®

Posted in FUD, GNU/Linux, Security at 9:00 am by Dr. Roy Schestowitz

Dagger in the heart of OpenSSL

Heart Bleed

Summary: A serious conflict of interests that nobody in the media is talking about; Codenomicon is headed by Microsoft’s Howard A. Schmidt

SOMETHING fishy was in the news today (since early this morning), including articles from GNU/Linux-oriented journalists [1] and blogs [2], some of which pointed out that a vulnerability discovered and published irresponsibly by the firm headed by Microsoft’s former Chief Security Officer (we wrote about his actions before) are already “patched by all Linux distros”.

Now, looking at the site set up by his firm, you might not know this. It lists the names of many GNU/Linux distributions along with a nasty picture (the one above). This coordinated release (disclosure) of a vulnerability on the last day of Windows XP security patches (they are through unless one pays Microsoft a lot of money) is rather suspicious to us. It came with a trademark-like name, a dot-com Web site (yes .com), and soon we are guaranteed to see lots of FUD saying that GNU/Linux is not secure. We already know that the vulnerabilities industry is well inside Microsoft’s board and at highest level (look at John Thompson from Symantec; he is now Microsoft’s new chairman).

We don’t need to wait for the Microsoft press or a whisper campaign to use Heartbleed® to tell people (again) that Free software, Linux and GNU are very “bad” and are a danger for the Web (some suspect that this bug is the result of NSA intervention in code development — a subject we’ll tackle another day for sure).

“This is a man whose high-paying job required that he beats GNU/Linux at security.”Jacon Appelbaum (of Tor) says that this release was coordinated (with a date and everything) but not responsible at all because even the OpenSSL site, the FBI’s official site (whom Howard Schmidt worked with) and many more remain vulnerable. It should be noted that the flaw has existed for two years, so the timing of this disclosure is interesting. Not too long ago we showed what seemed like Microsoft's role in a campaign to paint GNU/Linux insecure and dangerous becuase of Windows XP's EOL. It was a baseless campaign of FUD, media manipulation, and distortion of facts, ignoring, as always, the elephant in the room (Windows).

For those who treat it like some innocent development at a random time in the news, remember that Howard A. Schmidt, the Chairman of the Board of Codenomicon, was the Chief Security Officer for Microsoft. He joined Codenomicon a year and a half ago. This is irresponsible disclosure and journalists who ignore the conflict of interests (namely Schmidt being the head after serving Microsoft) are equally irresponsible (for irresponsible journalism). They may unwittingly be playing a role in a “Scroogled”-like campaign.

Just go to Codenomicon’s Web site and find it described in large fonts as “A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network” (in many pages). There are lots of pages like this one about involvement in Microsoft SDL.

So to summarise, what does Microsoft have to do with Heartbleed? We probably need to ask Howard Schmidt. This is a man whose high-paying job required that he beats GNU/Linux at security.

Related/contextual items from the news:

  1. Heartbleed: Serious OpenSSL zero day vulnerability revealed
  2. openssl heartbleed updates for Fedora 19 and 20
  3. Heartbleed, a serious OpenSSL bug; patched by all Linux distros

    A new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160) which may consist of our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. According to OpenSSL Security Advisory report Neel Mehta from Google Security has discovered this bug.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 23/7/2016: Leo Laporte on GNU/Linux, Dolphin Emulator’s Vulkan Completion

    Links for the day



  2. Links 22/7/2016: Wine 1.9.15, KaOS 2016.07 ISO

    Links for the day



  3. Haar Mentioned as Likely Site of Appeal Boards as Their Eradication or Marginalisation Envisioned by UPC Proponent Benoît Battistelli

    Not only the Staff Union of the European Patent Office (SUEPO) is under severe attack and possibly in mortal danger; the increasingly understaffed Boards of Appeal too are coming under attack and may (according to rumours) be sent to Haar, a good distance away from Munich and the airport (half an hour drive), not to mention lack of facilities for visitors from overseas



  4. EPO Attaché Albert Keyack Viewed as Somewhat of a Mole, Reporting From the US Embassy in Brazil Until Shortly Before the Temer Coup

    Public responses to the role played by Albert Keyack on behalf of the United States inside the European [sic] Patent Office



  5. EPO Insiders Explain Why the EPO's Examination Quality Rapidly Declines and Will Get Even Worse Because of Willy Minnoye

    Public comments from anonymous insiders serve to highlight a growing crisis inside the European Patent Office (EPO), where experienced/senior examiners are walking away and leaving an irreplaceable bunch of seats (due to high experience demands)



  6. Patents Roundup: BlackBerry, Huawei, PTAB, GAO, Aggressive Universities With Patents, and Software Patents in Europe

    Various bits and pieces of news regarding patents and their fast-changing nature in the United States nowadays



  7. Glimpse at Patent Systems Across the World: Better Quality Control at the USPTO Post-America Invents Act (2011), Unlike the EPO Post-Battistelli (2010)

    While the EPO reportedly strives to eliminate pendency and appeal windows altogether (rubberstamping being optimal performance as per the yardstick du jour), the USPTO introduces changes that would strengthen the system and shield innovation, not protect the business model of serial litigants



  8. Blockstream Has No Patents, But Pledges Not to Sue Using Patents

    Blockstream says that it comes in peace when it comes to software patents, which triggers speculations about coming Blockchain patent wars



  9. Links 21/7/2016: Ubuntu 16.04.1 LTS, Linux Mint 18 “Sarah” Xfce Beta

    Links for the day



  10. Links 21/7/2016: An Honorary Degree for Alan Cox, Looks Back at DebConf16

    Links for the day



  11. EPO USA: Under Battistelli, the 'European' Patent Office Emulates All the Mistakes of the USPTO

    Conservative Benoît Battistelli is trying to impose on the European Patent Office various truly misguided policies and he viciously attacks anyone or anything that stands in his way, including his formal overseers



  12. Links 19/7/2016: ARM and Opera Buyout

    Links for the day



  13. Large Corporations' Software Patenting Pursuits Carry on in Spite of Patent Trolls That Threaten Small Companies the Most

    With unconvincing excuses such as OIN, large corporations including IBM continue to promote software patents in the United States, even when public officials and USPTO officials work towards ending those



  14. Battistelli Has Implemented De Facto EPO Coup to Remove Oversight, Give Himself Total Power, and Allegedly Give UPC Gifts (Loot) to French Officials

    Benoît Battistelli's agenda at the EPO is anything but beneficial to the EPO and suspicions that Battistelli's overall agenda is transitioning to the UPC to further his goals grow feet



  15. EPO Social [sic] Report is a Big Pile of Lies That Responsible Journalists Must Ignore

    A reminder of where the EPO stands on social issues and why the latest so-called 'social' report is nothing but paid-for propaganda for Battistelli's political ambitions



  16. Links 18/7/2016: Vista 10 a Failure, FreeType 2.7

    Links for the day



  17. Exploiting Perceived Emergencies/Disasters, Suspending the Rule of Law, and Suspending Judges: How Erdoğan is Like Battistelli, Except the Coup

    Pretexts for crackdown on law-abiding people or figureheads who are remote and independent the hallmark not only of Erdoğan but also the EPO's President, Benoit Battistelli



  18. The Impotence of Gene Quinn

    Attacking the enforcer of Alice v CLS because it's doing harm to his source of income, which makes him angry



  19. After the FTI Consulting-EPO Reputation Laundering Deal's Expansion in Germany Süddeutsche Zeitung 'Forgets' That the EPO Even Exists

    Relative apathy if not complete silence regarding the EPO at Süddeutsche Zeitung following reports of FTI Consulting's deal expansion (media positioning in Germany), with hundreds of thousands of Euros (EPO budget) thrown at the controversial task



  20. Benoît Battistelli and Persistratos

    Reminds you of someone?



  21. Whistleblower Protection Desperately Needed at the European Patent Office

    EPO scandals are not publicly accessible or known to many people and not many such scandals are known at all because people are afraid of Battistelli's Fabius Maximus strategies



  22. Microsoft and Its Patent Minions at Nokia Still Have Patent Stacking Ambitions Against Android/Linux OEMs

    Weaponisation of European companies for the sake of artificial elevation of prices (patent taxes) a growing issue for Free/Open Source software (FOSS) and those behind it are circulating money among themselves not for betterment of products but for the crippling of FOSS contenders



  23. [ES] ¿Que si la EPO Bajo Battistelli Se Arruina Sin Posibilidad de Reparación Como la UPC?

    La última evidencia alrededor del hundimiénto de la reputación de la Epo y su calidad de trabajo, así como la caída del sistema que Battistelli trata forzadamente de imponer (una carrera al fondo)



  24. [ES] La EPO de Battistelli, Quién Quiebra la Ley, Subvierte el Curso de la Justicia y Rechaza Obedecer las Ordenes de la Corte Dice lo Impensable en Medio de los Actos de Terror

    Los terribles ataques hace un dia en Francia están siéndo explotados por el caradura de Benoît Battistelli para comedia negra o un verdaderamente absurda afirmación en la sección de “noticias” de la EPO



  25. [ES] La EPO de Battistelli Continúa Cortejando a Officiales de Países Pequeños y su Propaganda de Beneficiar a las “PYMEs de Aquellos Países”

    El caradura de Benoît Battistelli prosigue desfilando en los países pequeños que tienen delegados al Consejo Administrativo (CA) y los explota para propaganda barata, no sólo para que lo apoyen en las reuniónes del CA



  26. Links 17/7/2016: Lithuanian Police Switches to GNU/Linux, Blockchain on LinuxONE

    Links for the day



  27. This is Why Benoît Battistelli Has 0% Approval Rating Among 'His' Staff at the EPO

    The EPO expresses solidarity regarding (mostly) French people but does so only in English as the real purpose is to manipulate the media and justify the EPO's sheer abuses and unprecedented oppression against staff



  28. Law Professors Try to Put an End to Patent Trolls So Patent Trolls-Funded IAM 'Magazine' Complains

    Many professors suggest a method of stopping patent trolls (restrictions on venue shifting), so patent trolls-funded propaganda sites and think tanks strike back and distract even further, putting forth a wish list or a 'reform' that's designed to give them more money and incredibly protectionist power



  29. The Importance of the Patent Trial and Appeal Board (PTAB) and High-Quality Patents (Not Software Patents)

    Strong patents rather than strong patent enforcement (i.e. ease of legal abuse) help discern the difference between successful economies and self-destructive economies



  30. With 'Friends' Like IBM and Its 'Open' Invention Network We Legitimise Software Patents Rather Than End Them

    Another reminder of where IBM stands on patent policy and what this means to those who rely on IBM for sheltering of Free/Open Source software (FOSS) or small businesses (SMEs) in a post-Alice era


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts