EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.03.14

GnuTLS Picked on by Firm of Microsoft’s ‘Former’ Security Chief, FUD Ensues Everywhere

Posted in Deception, Free/Libre Software, GNU/Linux, Microsoft, Security at 11:15 am by Dr. Roy Schestowitz

Telecommunication

Summary: Codenomicon (where the ‘former’ Chief Security Officer for Microsoft is now the Chairman of the Board) is back to smearing FOSS projects whilst ignoring back doors in proprietary software such as Apple and Microsoft operating systems

SO-CALLED ‘SECURITY’ firms should spend more time finding flaws in secret (and most likely broken-by-design) encryption, such as the nefarious NSA stuff in Microsoft software. If they cannot gain access to the code (never mind the build process), then they should assume it to be insecure, by default. NSA is all over proprietary software, but it hides behind secret deals and arrangements with a blanket of NDAs (PRISM for instance). There is a lot of stuff in secret code which is designed to subvert encryption; we already have evidence of it, thanks to Edward Snowden.

Earlier this year we saw some FUD thrown at GnuTLS [1, 2], despite the fact that — or because — flaws had already been patched. That’s what makes Free software so powerful; fixes are almost immediate.

Then there was the whole “Heartbleed” hype [1, 2, 3], which came from Codenomicon, a firm headed by Microsoft’s ‘former’ chief (who also has FBI history and probably knows how the FBI and Microsoft created their now-infamous back doors). The whole thing stinks very badly and we have already explained why.

Now there is this new attack on the reputation of GnuTLS. Guess who’s behind it? Here’s a quote: “Codenomicon, which found the Heartbleed flaw, discovered another SSL flaw, this time in the open-source GnuTLS library. GnuTLS is part of many Linux distros.

“Security firm Codenomicon has found a new Secure Sockets Layer (SSL) flaw in the GnuTLS open-source cryptographic library. Codenomicon rose to notoriety in April as the security firm that found and branded the Heartbleed flaw in the open-source OpenSSL cryptographic library.”

Codenomicon did not discover it. It was the opportunist. The flaw was discovered by another company (a person in Google), but Codenomicon marketed the flaw, hyped it all up (later bragging about the business it brought), and then disclosed it prematurely and irresponsibly, before all sorts of crucial sites had been patched. Codenomicon is a nasty Trojan horse in the security world and it has an agenda. As we showed before, Codenomicon is also a Microsoft partner, never mind the staff’s high-level connections to Microsoft.

The GnuTLS flaw which Codenomicon speaks about is already patched [1] and a Red Hat employee explains why — if anything (contrary to media reports [2]) — this demonstrates the advantage of Free software [3].

In other security news, the proprietary TrueCrypt is seemingly under some kind of fight from the outside (or infighting). Nobody seems to know for sure what’s going on there yet [4] (maybe a split among the developers or some coverup), but theories with supportive evidence get posted [5]. GNU/Linux distros drop TrueCrypt [6] as soon as possible. The Linux Foundation is still focused on OpenSSL [7,8] these days.

It should be noted that the likely cause for issues in TrueCrypt is US government overreach (back doors or request for back doors). These days, making encryption that works is seen like some kind of crime as if it directly facilitates crime [9]. It’s possible that a move to some place like Switzerland will help dodge these issues. Red Hat too should move to some place like Switzerland, for several reasons we wrote about before (security, not just software patents and trolls).

Finally, in some other security news, notice how Apple is deviating further away from standards [10,11] whilst attacking a Free/Open Source operating system (Android) over “security”, as if Apple with PRISM and back doors is somehow more secure than Android. How does Apple do all this? Well, citing some gossip bloggers from the CBS-owned tabloid ZDNet (CBS is paid by Apple), the CEO of Apple had this to say:

To illustrate his point, he quoted the title of a recent article by ZDNet’s Adrian Kingsley-Hughes, a self-described “big fan of Android.”

The article’s title? “Android fragmentation turning devices into a toxic hellstew of vulnerabilities” – and Cook’s slide of that quote added animated flames to the word “hellstew.”

Wait a second, Mr. Cook. Your operating system (core) has back doors which Apple designed and bragged about, never mind the NSA and PRISM. These back doors are now misused by non-government crackers. How can Cook claim security advantage with a straight face? The British press (above) ought to have pointed out these issues.

Speaking of British press, watch the Microsoft-controlled BBC spreading some FUD without naming Microsoft, even though only Microsoft is the culprit. One has to read many paragraphs before reaching the part where it says: “If your computer does not run Windows, stop right here. This does not affect you – but other problems might, so always keep your antivirus up to date.”

GNU/Linux does not require antivirus, unless it’s a server that serves files to Windows clients. But never mind all that, the BBC supports the antivirus myth (some antivirus companies do the same to Android), pretending that all platforms are not secure. The fact that this is a Microsoft-only problem should have been stated in the headline, but it’s not. Therein lies the typical bias of the BBC and some other Bill Gates- and/or Microsoft-funded press (BBC is funded by both). Microsoft is simply not being mentioned when there are Microsoft-only security problems, only when there is good news (promotion).

Watch out for FUD; lots of it exists, but it’s well concealed. A lot of it is bias by omission or bias by emphasis/selectivity.

Related/contextual items from the news:

  1. GnuTLS Vulnerability Closed in Ubuntu 14.04 LTS
  2. GnuTLS bug exposes Linux clients to server attacks

    The maintainers of GnuTLS, a secure communications library used in Red Hat, Ubuntu other Linux distributions, have released fixes for a critical bug affecting the client-side of the software.

  3. Just a thought

    I don’t fear the bugs that get fixed (in OpenSSL and now GnuTLS) in an open, transparent way we open source people do. I fear the bugs in proprietary stuff where I can never be sure if they get fixed and how. 

  4. TrueCrypt’s Mysterious Vanishing Act
  5. TrueCrypt warrant canary confirmed?

    Looking at the sudden new content on the TrueCrypt site, the most plausible explanation for me was that it was an attempt to tip people off that they had been tracked down and sent a National Security Letter, without actually breaking the law. Why else would they advocate using Apple’s disk encryption with no encryption selected? Why else would they advocate use of software from Microsoft, who we know cannot be trusted? It smelled like a warrant canary.

  6. Replace TrueCrypt

    Due to various concerns, TrueCrypt is about to be replaced in Tails, either by tcplay or cryptsetup.

  7. Announcing Rapid Progress on Core Infrastructure Initiative

    A month ago we announced the Core Infrastructure Initiative, a project to help fund critical open source projects that we all rely upon but that are in need of support. We moved quickly to organize the initiative and the industry reaction was swift and enthusiastic. I am proud to report on significant progress that I believe matches the quality of the reaction to the formation of the project.

  8. Linux Foundation will save OpenSSL with a little help from its friends
  9. US cybercrime laws being used to target security researchers

    Some of the world’s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure, amid fears American computer hacking laws are perversely making the web less safe to surf.

    Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have wielded it aggressively at anyone looking for vulnerabilities in the internet, criminalising work that’s largely benign.

  10. Apple Announces A New 3D API, OpenGL Competitor: Metal

    At Apple’s WWDC conference today they have just unveiled Metal, a new 3D graphics API to compete with OpenGL.

  11. Apple’s new Swift coding language hopes to lock down errors
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Great News: While IBM et al Try to Undermine Patent Reform the Supreme Court Deepens the Reform in TC Heartland Case

    In a unanimous decision, with the court ruling 8-0 against TC Heartland, the monkey business in East Texas (beneficial to patent trolls and large businesses that leverage software patents) may have just come to an end



  2. Speculations About Battistelli's End of Term, Campinos at EUIPO, and Failed UPC Ambitions

    Rumours and speculations surrounding the fate of the EPO's leadership now that the UPC gravy train is stuck again and Battistelli's protector, Jesper Kongstad, is about to leave



  3. Martijn van Dam is Wrong to Believe That Battistelli's Abuses Are Somehow Acceptable or Tolerable Because His Term is Possibly Ending

    Coverage of Martijn van Dam’s stance (he is the Dutch State Secretary for Economic Affairs) reveals that economic gain trumps ethics and justice, irrespective of what the law says



  4. Media and Staff Association Elections at EPO and WIPO Are Compromised

    A campaign of abuse (legal bullying) and gifting to the media, combined with a wide-ranging assault on critics who represent the interests of staff, have led WIPO and EPO down the route to totality



  5. New Documents Help Demonstrate That ILO Delivers Institutional Injustice to EPO Employees and Cushions Team Battistelli

    The International Labour Organisation Administrative Tribunal (ILOAT) delivers not justice but merely the illusion of justice, probably in defiance of Article 6 of the European Convention on Human Rights (ECHR)



  6. Leaked: 2017 European Inventor Award Finalists, or Stooges Whom the Tyrant Battistelli Exploits for PR Purposes and Media Manipulation

    The stupidest ceremony in Europe (turning serious science into something sketchy such as Eurovision) is disliked among EPO staff and is exploited by the person who destroys the EPO (Benoît Battistelli) to pretend all is fine and dandy, at huge expense to the Office (as extraordinary as about 5 million Euros for a ~2-hour show)



  7. EPO: Can the Staff Union of the European Patent Office (SUEPO) Still Save It?

    Genuine concerns about the slow process at the European Court of Human Rights (ECHR) and the lack of progress at ILO, which coincide with weakening of the unions and threat to jobs of patent examiners (leaving ordinary Europeans more vulnerable to meritless patent lawsuits)



  8. Links 21/5/2017: Linux 3.18.53, Tizen 4.0

    Links for the day



  9. Cloudflare's Enemy is Software Patents, Not Just One Software Patent or One Patent Troll

    With a bounty of $50,000, which is likely less than the cost of legal defense, Cloudflare looks for help with its own case rather than the underlying issues that need tackling worldwide



  10. Patent Laws -- and Especially Eligibility of Software Patents -- Are Being Hijacked by Large Corporations and Their Front Groups

    Intervention by large multinational corporations and their lawyers, front groups, etc. (like the classic lobbying model) gives room for concern in multiple continents where most software development is done



  11. Links 18/5/2017: Catching Up With the Past Three Days

    Links for the day



  12. The US Supreme Court Consults USPTO Director Michelle Lee Regarding the Patent Trial and Appeal Board (PTAB) Which is Invalidating Software Patents With CAFC's Approval

    Software patents continue to get knocked out by the Leahy-Smith America Invents Act (AIA) whose introduction of PTAB gave a helping hand to companies that are susceptible to abusive litigation (with bogus patents)



  13. IBM and Its Revolving Doors Lobby Are Plotting to Undermine Supreme Court Rulings to Restore Patentability of Software

    IBM has become so evil that it is now trying to steal democracy, label programmers "thieves", and basically attack the rule of law by extra-judicially overturning a Supreme Court decision



  14. 3 Years After the Alice Case at the Supreme Court the Plague of Software Patents is Easier to Cope With

    Litigation figures are down, rejection rates of software patents remain high, and only spin (e.g. cherry-picking) or constant lobbying can save those who used to profit from software patents



  15. The Attacks of Patent Trolls as Outlined in the Media This Past Week

    An outline of some of the latest troll cases to be aware of and their consequences too (e.g. software patents being used to literally shut down entire programs)



  16. Links 14/5/2017: Linux 4.12 RC1 and KDE Frameworks 5.34.0

    Links for the day



  17. Industry Giants Challenge Qualcomm's Patent Practices While the Federal Trade Commission (FTC) Closely Examines Such Behavior

    Scrutiny of Qualcomm's patent aggression and coercion -- scrutiny that can profoundly change the way software patents, SEPs and FRAND are viewed -- as seen in various amicus briefs (amici) from industry giants that are affected



  18. Professor Lisa Larrimore Ouellette Questions Whether Patents Work When Patent Scope is Too Broad

    Citing MIT economist (and MacArthur “genius”) Heidi Williams, Professor Lisa Larrimore Ouellette from Stanford challenges old myths and quotes: “we still have essentially no credible empirical evidence on the seemingly simple question of whether stronger patent rights—either longer patent terms or broader patent rights—encourage research investments.”



  19. OIN is Still a Distraction Unless We Want GNU/Linux to Coexist With Software Patents (Rather Than Eliminate Those)

    Another wave of media coverage by/for the Open Invention Network (OIN) necessitates a reminder of what OIN stands for and why it is not tackling the biggest problems which Free/Open Source software (FOSS) faces



  20. Links 13/5/2017: Neptune Plasma 5 ISO, a Shift to Free (FOSS) Databases

    Links for the day



  21. Countries With a Dozen European Patents Are an Easy Photo-Op 'Sell' for Battistelli While the EPO's Demise is Largely Ignored by the Patent Microcosm

    Behind the façade of legitimacy, the EPO suffers from an incompetent, insecure and delusional boss, whose actions will almost certainly lead to the collapse of both the Office and the entire Organisation (whose founding document he routinely shreds to pieces)



  22. Our Assessment: Unitary Patent (UPC) Will Crumble Along With Battistelli's Regime at the EPO

    A reflection and an opinion on where the EPO stands and what it means for the UPC, which doesn't seem to be going anywhere (it's all talk and lobbying)



  23. The European Patent Office Has a Long History/Track Record of 'Screwing' Contractors

    The European Patent Office (EPO) appears to have quite an extensive track record/reputation for ‘screwing’ contractors and then misusing immunity to get away with it



  24. Links 12/5/2017: Wine 2.8, Kdenlive 17.04.1, NHS Windows Syndrome

    Links for the day



  25. Links 11/5/2017: New OpenShot, GIMP, and GNOME (3.24.2)

    Links for the day



  26. The Sickness of the EPO – Part IX: Using Confidential Medical Records as a Weapon Against Staff

    In defiance/violation of labour laws and medical oaths etc. the EPO is passing around medical information, either for dismissal pretexts or a sort of blackmail -- a serious abuse in its own right



  27. The EPO is in Disarray and Additional Complaints to the European Court of Human Rights (ECHR) May Be Imminent

    Team Battistelli reaps what it has sown, as complaints are being made to a court with “47 member states [that] are contracting parties to the Convention,” (European Convention on Human Rights) according to Wikipedia



  28. By Promoting the UPC, in Defiance of Public Will, the EPO Has Become Patent Trolls' Best Friend

    The patent–industrial complex, aided by the EPO under Battistelli's iron-fisted reign, is trying to convince us that the UPC is coming soon and that it is desirable (it's neither of those things)



  29. Links 10/5/2017: Mesa 17.1, Git 2.13, Qt Creator 4.3 RC1, MINIX 3.4 RC6

    Links for the day



  30. Team UPC Still Twists and Fabricates Statements to Make It Seem Like Unitary Patent is Happening Soon

    The Unified Patent Court (UPC), a terrible system which was envisioned and covertly constructed by those who stand to benefit/profit from injunctions and trolling, is not going anywhere, but media which is dominated by Team UPC would have us believe otherwise


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts