04.08.14

Former Chief Security Officer for Microsoft the Chairman of the Board of Firm Behind Heartbleed®

Posted in FUD, GNU/Linux, Security at 9:00 am by Dr. Roy Schestowitz

Dagger in the heart of OpenSSL

Heart Bleed

Summary: A serious conflict of interests that nobody in the media is talking about; Codenomicon is headed by Microsoft’s Howard A. Schmidt

SOMETHING fishy was in the news today (since early this morning), including articles from GNU/Linux-oriented journalists [1] and blogs [2], some of which pointed out that a vulnerability discovered and published irresponsibly by the firm headed by Microsoft’s former Chief Security Officer (we wrote about his actions before) are already “patched by all Linux distros”.

Now, looking at the site set up by his firm, you might not know this. It lists the names of many GNU/Linux distributions along with a nasty picture (the one above). This coordinated release (disclosure) of a vulnerability on the last day of Windows XP security patches (they are through unless one pays Microsoft a lot of money) is rather suspicious to us. It came with a trademark-like name, a dot-com Web site (yes .com), and soon we are guaranteed to see lots of FUD saying that GNU/Linux is not secure. We already know that the vulnerabilities industry is well inside Microsoft’s board and at highest level (look at John Thompson from Symantec; he is now Microsoft’s new chairman).

We don’t need to wait for the Microsoft press or a whisper campaign to use Heartbleed® to tell people (again) that Free software, Linux and GNU are very “bad” and are a danger for the Web (some suspect that this bug is the result of NSA intervention in code development — a subject we’ll tackle another day for sure).

“This is a man whose high-paying job required that he beats GNU/Linux at security.”Jacon Appelbaum (of Tor) says that this release was coordinated (with a date and everything) but not responsible at all because even the OpenSSL site, the FBI’s official site (whom Howard Schmidt worked with) and many more remain vulnerable. It should be noted that the flaw has existed for two years, so the timing of this disclosure is interesting. Not too long ago we showed what seemed like Microsoft's role in a campaign to paint GNU/Linux insecure and dangerous becuase of Windows XP's EOL. It was a baseless campaign of FUD, media manipulation, and distortion of facts, ignoring, as always, the elephant in the room (Windows).

For those who treat it like some innocent development at a random time in the news, remember that Howard A. Schmidt, the Chairman of the Board of Codenomicon, was the Chief Security Officer for Microsoft. He joined Codenomicon a year and a half ago. This is irresponsible disclosure and journalists who ignore the conflict of interests (namely Schmidt being the head after serving Microsoft) are equally irresponsible (for irresponsible journalism). They may unwittingly be playing a role in a “Scroogled”-like campaign.

Just go to Codenomicon’s Web site and find it described in large fonts as “A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network” (in many pages). There are lots of pages like this one about involvement in Microsoft SDL.

So to summarise, what does Microsoft have to do with Heartbleed? We probably need to ask Howard Schmidt. This is a man whose high-paying job required that he beats GNU/Linux at security.

Related/contextual items from the news:

  1. Heartbleed: Serious OpenSSL zero day vulnerability revealed
  2. openssl heartbleed updates for Fedora 19 and 20
  3. Heartbleed, a serious OpenSSL bug; patched by all Linux distros

    A new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160) which may consist of our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. According to OpenSSL Security Advisory report Neel Mehta from Google Security has discovered this bug.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2014/04/08/howard-schmidt-codenomicon/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. IRC Proceedings: Friday, April 16, 2021

    IRC logs for Friday, April 16, 2021

  2. Hate Letter Against FSF (Concern Trolls): 1415 Committers, Letter in Support of FSF (With Its Founder Back): 5116

    Taking into account people who asked for their names to be removed from the defamatory hate letter (inciting people, based on falsehoods), it's not impossible that the support letter really triples or quadruples it in terms of number of signatures

  3. Richard Stallman: Sharing is Good... We Need to Legalise It

    Dr. Richard Stallman, the Free Software Foundation's founder, explains his take on copyright and the artificial restriction being used against sharing

  4. Nadine Strossen and Hannah Wolfman-Jones Rebut Accusations Against Stallman and Choose Him as Coauthor

    "Here are her thoughts and the response she received from Nadine, extracted verbatim with their permission from the original article"

  5. Links 17/4/2021: GNOME 40 in Tumbleweed, Devuan 4.0 Alpha, Kate Editor Makes a Leap

    Links for the day

  6. EPO Staff Union Takes the EPO 'to Court' (the ILO's Tribunal, as the EPO Cannot be Taken to a Proper Court)

    The Staff Union of the EPO (SUEPO) Committees are preparing a legal battle over unlawful and unjust measures taken collectively against hard-working (overworked during pandemic) members of staff; the European public should support them

  7. The Latest Anti-RMS Coup Attempt Targets the GNU Project (Because the FSF Coup Has Clearly Failed) by Infringing and Disregarding Trademark Conventions

    A fake "GNU" (not the original GNU, just riding the coattails of the name "GNU") is trying to find/gain traction and we must oppose it because it's an extension of the very same coup attempt (same plotters) that manufactured a whole bunch of libel to incite people and blackmail the Free Software Foundation (FSF)

  8. Links 16/4/2021: Mozilla Dumping FTP, Corporations Still Concern-Trolling FSF

    Links for the day

  9. The EFF Attacks Software Freedom and Promotes Fake Privacy Linked to Microsoft

    Only weeks after attacking Software Freedom (the ad hominem way, which is easier) the EFF endorses a Microsoft-linked privacy abuse, misframing it as some sort of privacy champion

  10. Richard Stallman on How Corporate Media Limits What People Are Allowed to Think and Say (Updated)

    What the founder of the FSF told yours truly a number of years ago about the behaviour of corporate (funded and controlled by corporations) media

  11. Exposing Hard Truths is the First Step or the Path Towards Justice

    A reflection and a moment taken to set aside tribalism (shallow differences based on allegiances of personal comfort), for we need look back at actual facts — however inconvenient at times — and consider the reality of the situation

  12. IRC Proceedings: Thursday, April 15, 2021

    IRC logs for Thursday, April 15, 2021

  13. [Meme] Laundering Bribes as 'Cooperation Money'

    Germany has financial interest in ensuring that EPO abuses carry on and nobody holds the EPO accountable

  14. Articles in Support of Richard Stallman

    Reproduced with permission

  15. EPOLeaks on Misleading the Bundestag -- Part 20: Taking Stock

    Benoît Battistelli's legacy at the EPO is a legacy of corruption and cover-up; we take stock of how illegality was defended and persists to this day

  16. Links 15/4/2021: Zorin OS 16 Beta and Pushing Linux to GitHub- and Microsoft-Connected Rust

    Links for the day

  17. [Meme] Enemies With Common Interests

    The Software Freedom Movement (or Free Software Movement) has many enemies; some of them just hide in the shadows or speak out through shadowy front groups/NGOs that they semi-officially sponsor

  18. [Meme] Germany's Red Cash Cow

    EPO brings a lot of money to the German state. But at what cost to citizens and Germany’s public image?

  19. EPOLeaks on Misleading the Bundestag -- Part 19: The Deafening Silence of the Media

    "There has been speculation that Maas might have had his own political interest in protecting Battistelli and the Balkan Express because of certain allegations about financial irregularities involving the German Patents and Trademark Office (DPMA) which were doing the rounds at the time."

  20. The Indirection Game

    How to attack institutions and concepts by personifying them, then proceeding to character assassination based on lies and deliberate distortions

  21. Links 15/4/2021: LXQt 0.17, Proxmox Backup Server 1.1

    Links for the day

  22. The Patent Battles in Europe Are Connected to the War on GNU/Linux (as a Community-Led Effort)

    Monoplisers of GNU and Linux want us to think that OIN is the solution while they actively lobby for software patents in Europe and the people in charge of Europe’s second-largest institution and Europe’s largest patent office help them; this long video contains thoughts about news from the past couple of days

  23. Richard Stallman: Freedom is the Goal (Updated)

    What Richard Stallman (RMS) told me in person on his trip here

  24. IRC Proceedings: Wednesday, April 14, 2021

    IRC logs for Wednesday, April 14, 2021

  25. EPOLeaks on Misleading the Bundestag -- Part 18: Zero Tolerance for “Lawless Zones”?

    "It comes as no surprise that Maas appeared as a guest of honour at the European Inventor of the Year Boondoggle in Berlin in 2014 where he was seen on stage clapping along with the EPO President."

  26. Richard Stallman's Honors and Awards (and Why He Resigned in 2019)

    Reproduced with permission

  27. Links 14/4/2021: Alpine Releases and X.Org Server 1.20.11 Release (Security)

    Links for the day

  28. Links 14/4/2021: EasyOS Dunfell 2.7, Tor Browser 10.5a14

    Links for the day

  29. EPOLeaks on Misleading the Bundestag -- Part 17: Jawohl, Herr Minister!

    A French-German co-production of "Yes, Minister!" starring Raimund Lutz, Heiko Maas and Christoph Ernst. Directed by Benoît Battistell.

  30. Over 1,000 EPO Workers Initiate Legal Challenge Against the EPO's Attack on Salaries (in Defiance of Assurances Made to Workers Who Relocate to Another Country With Whole Families)

    The EPO’s attack on workers and pensioners isn’t going ahead without challenge; while the “Mafia” (what EPO workers call the management) loots the organisation it takes away money from the workers — i.e. from besieged folks who do all the work and face growing workloads during a pandemic

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts