EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.08.14

Former Chief Security Officer for Microsoft the Chairman of the Board of Firm Behind Heartbleed®

Posted in FUD, GNU/Linux, Security at 9:00 am by Dr. Roy Schestowitz

Dagger in the heart of OpenSSL

Heart Bleed

Summary: A serious conflict of interests that nobody in the media is talking about; Codenomicon is headed by Microsoft’s Howard A. Schmidt

SOMETHING fishy was in the news today (since early this morning), including articles from GNU/Linux-oriented journalists [1] and blogs [2], some of which pointed out that a vulnerability discovered and published irresponsibly by the firm headed by Microsoft’s former Chief Security Officer (we wrote about his actions before) are already “patched by all Linux distros”.

Now, looking at the site set up by his firm, you might not know this. It lists the names of many GNU/Linux distributions along with a nasty picture (the one above). This coordinated release (disclosure) of a vulnerability on the last day of Windows XP security patches (they are through unless one pays Microsoft a lot of money) is rather suspicious to us. It came with a trademark-like name, a dot-com Web site (yes .com), and soon we are guaranteed to see lots of FUD saying that GNU/Linux is not secure. We already know that the vulnerabilities industry is well inside Microsoft’s board and at highest level (look at John Thompson from Symantec; he is now Microsoft’s new chairman).

We don’t need to wait for the Microsoft press or a whisper campaign to use Heartbleed® to tell people (again) that Free software, Linux and GNU are very “bad” and are a danger for the Web (some suspect that this bug is the result of NSA intervention in code development — a subject we’ll tackle another day for sure).

“This is a man whose high-paying job required that he beats GNU/Linux at security.”Jacon Appelbaum (of Tor) says that this release was coordinated (with a date and everything) but not responsible at all because even the OpenSSL site, the FBI’s official site (whom Howard Schmidt worked with) and many more remain vulnerable. It should be noted that the flaw has existed for two years, so the timing of this disclosure is interesting. Not too long ago we showed what seemed like Microsoft's role in a campaign to paint GNU/Linux insecure and dangerous becuase of Windows XP's EOL. It was a baseless campaign of FUD, media manipulation, and distortion of facts, ignoring, as always, the elephant in the room (Windows).

For those who treat it like some innocent development at a random time in the news, remember that Howard A. Schmidt, the Chairman of the Board of Codenomicon, was the Chief Security Officer for Microsoft. He joined Codenomicon a year and a half ago. This is irresponsible disclosure and journalists who ignore the conflict of interests (namely Schmidt being the head after serving Microsoft) are equally irresponsible (for irresponsible journalism). They may unwittingly be playing a role in a “Scroogled”-like campaign.

Just go to Codenomicon’s Web site and find it described in large fonts as “A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network” (in many pages). There are lots of pages like this one about involvement in Microsoft SDL.

So to summarise, what does Microsoft have to do with Heartbleed? We probably need to ask Howard Schmidt. This is a man whose high-paying job required that he beats GNU/Linux at security.

Related/contextual items from the news:

  1. Heartbleed: Serious OpenSSL zero day vulnerability revealed
  2. openssl heartbleed updates for Fedora 19 and 20
  3. Heartbleed, a serious OpenSSL bug; patched by all Linux distros

    A new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160) which may consist of our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. According to OpenSSL Security Advisory report Neel Mehta from Google Security has discovered this bug.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. OSI Did Not Guard the Open Source Brand; Now Its Own Name, Open Source Initiative, is Being 'Diluted' and “Open Source” is Almost Meaningless

    The term or the brand “Open Source” is becoming worthless because those who use it typically engage in production of proprietary software falsely marketed as “Open Source” (that's what openwashing is inherently about)

  2. Microsoft is Not an Open Source Authority But an Opponent of Open Source

    Various outlets that are closely connected to Microsoft are trying to convince us that Microsoft is now 'king' of Open Source; nothing could be further from the truth however

  3. Links 22/9/2019: KMyMoney 5.0.7, Lennart's Latest Plan

    Links for the day

  4. Summits of Open Bear Traps: The Open Core Summit and Other 'Open' Events That Actually Attack Software Freedom

    Conferences that call themselves "open" something are sometimes nothing but an attack on openness (not to mention freedom) and promotion of FUD about Free/Open Source software (FOSS); there's an ample set of examples to that effect

  5. Openwashing Report: 'Open Source' Without Any or Most of the Benefits

    The cheapening of the term "Open Source" continues; sooner or later everything out there will be called "open" irrespective of what it really is

  6. Patent Extremism is Not Normal and Not an Innocent Mindset

    Reflection upon the sad state of the European patent system and how media turns a blind eye to it; worldwide, in general, the discussion about patents is being warped by the litigation giants, whose sole goal is to maximise the number of lawsuits/shakedowns (personal gain)

  7. Links 22/9/2019: LLVM 9.0.0 and FreeBSD 12.1 Beta

    Links for the day

  8. Links 21/9/2019: Plasma 5.17 Beta in Kubuntu, Cockpit 203

    Links for the day

  9. IBM Cannot Become a True Friend of Free Software Because of Its Current Patent Policy

    IBM needs to quit bullying people/companies with software patents; that would help towards appeasement of IBM critics and sceptics

  10. When Patent 'Professionals' Sound Like Children Who Learned to Parrot Some Intentionally-Misleading Buzzwords, Myths and Lies

    With buzzwords like "AI" and misleading terms like "IP" the litigation zealots are trying to convince themselves (and the public) that software is a physical thing and a "property" which needs "protecting" from "theft"; it doesn't seem to bother these people that copyright law already covers software

  11. The European Parliament Needs to Become More Outspoken About EPO Abuses

    There are few encouraging signs in Europe right now because the EPO's disregard for patent law (striving to just grant as many patents as possible) earned it much-needed backlash from the European Parliament

  12. Links 19/9/2019: German Federal Ministry of the Interior Wants FOSS, Top Snaps Named

    Links for the day

  13. Buying the Voices of 'Linux' People to Repeat Microsoft's Talking Points While Removing Our Icons and Leaders (Calling Them Sexist)

    The dirty games leveraged by several companies including Microsoft target charismatic people who are essential for morale and leadership; these tactics aren't particularly novel

  14. When the EPO Sees Itself as Above European Law, Grants Patents in Defiance of the EPC (Its Founding Document) and Violates Staff's Labour Rights/Protections (International Law)

    The absurd state of affairs at the EPO has reached the point where laws at every level are being violated and even judges are being threatened or vainly ignored; the EU is belatedly trying to tackle these issues, which have actually cost its credibility a great deal and threaten the perception of Rule of Law at multiple levels

  15. Links 19/9/2019: Samba 4.11.0 and Kubernetes 1.16

    Links for the day

  16. Update on Koch v EPO: Internal Appeals Committee (IAC) Composition Still Likely Illegal

    An important EPO case, concerning a dismissed staff representative, shows what ILO-AT and the EPO's Internal Appeals Committee boil down to

  17. Links 18/9/2019: Fedora Linux 31 Beta, PCLinuxOS 2019.09 Update

    Links for the day

  18. Links 17/9/2019: CentOS 7.7 and Funtoo Linux 1.4 Released

    Links for the day

  19. EPO is Not European

    Internationalists and patent trolls are those who stand to benefit from the 'globalisation' of low-quality and law-breaking patents such as patents on algorithms, nature and life itself; the EPO isn't equipped to serve its original goals anymore

  20. The EPO's Central Staff Committee and SUEPO (Staff Union) Respond to “Fascist Bills” Supported by EPO President António Campinos

    Raw material pertaining to the latest Campinos "scandal"; what Campinos said, what the Central Staff Committee (CSC) said, and what SUEPO said

  21. Storm Brewing in the European Patent Office After a Hot Summer

    Things aren't rosy in EPOnia (to say the least); in fact, things have been getting a lot worse lately, but the public wouldn't know judging by what media tells the public (almost nothing)

  22. Why I Once Called for Richard Stallman to Step Down

    Guest post from the developer who recently authored "Getting Stallman Wrong Means Getting The 21st Century Wrong"

  23. As Richard Stallman Resigns Let's Consider Why GNU/Linux Without Stallman and Torvalds Would be a Victory to Microsoft

    Stallman has been ejected after a lot of intentionally misleading press coverage; this is a dark day for Software Freedom

  24. Links 16/9/2019: GNU Linux-libre 5.3, GNU World Order 13×38, Vista 10 Breaks Itself Again

    Links for the day

  25. Links 16/9/2019: Qt Quick on Vulkan, Metal, and Direct3D; BlackWeb 1.2 Reviewed

    Links for the day

  26. Richard Stallman's Controversial Views Are Nothing New and They Distract From Bill Gates' Vastly Worse Role

    It's easier to attack Richard Stallman (RMS) using politics (than using his views on software) and media focus on Stallman's personal views on sexuality bears some resemblance to the push against Linus Torvalds, which leans largely on the false perception that he is sexist, rude and intolerant

  27. Links 16/9/2019: Linux 5.3, EasyOS Releases, Media Backlash Against RMS

    Links for the day

  28. Openwashing Report on Open Networking Foundation (ONF): When Open Source Means Collaboration Among Giant Spying Companies

    Massive telecommunications oligopolies (telecoms) are being described as ethical and responsible by means of openwashing; they even have their own front groups for that obscene mischaracterisation and ONF is one of those

  29. 'Open Source' You Cannot Run Without Renting or 'Licensing' Windows From Microsoft

    When so-called ‘open source’ programs strictly require Vista 10 (or similar) to run, how open are they really and does that not redefine the nature of Open Source while betraying everything Free/libre software stands for?

  30. All About Control: Microsoft is Not Open Source But an Open Source Censor/Spy and GitHub/LinkedIn/Skype Are Its Proprietary Censorship/Surveillance Tools

    All the big companies which Microsoft bought in recent years are proprietary software and all of the company’s big products remain proprietary software; all that “Open Source” is to Microsoft is “something to control and censor“

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts