EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.03.14

GnuTLS Picked on by Firm of Microsoft’s ‘Former’ Security Chief, FUD Ensues Everywhere

Posted in Deception, Free/Libre Software, GNU/Linux, Microsoft, Security at 11:15 am by Dr. Roy Schestowitz

Telecommunication

Summary: Codenomicon (where the ‘former’ Chief Security Officer for Microsoft is now the Chairman of the Board) is back to smearing FOSS projects whilst ignoring back doors in proprietary software such as Apple and Microsoft operating systems

SO-CALLED ‘SECURITY’ firms should spend more time finding flaws in secret (and most likely broken-by-design) encryption, such as the nefarious NSA stuff in Microsoft software. If they cannot gain access to the code (never mind the build process), then they should assume it to be insecure, by default. NSA is all over proprietary software, but it hides behind secret deals and arrangements with a blanket of NDAs (PRISM for instance). There is a lot of stuff in secret code which is designed to subvert encryption; we already have evidence of it, thanks to Edward Snowden.

Earlier this year we saw some FUD thrown at GnuTLS [1, 2], despite the fact that — or because — flaws had already been patched. That’s what makes Free software so powerful; fixes are almost immediate.

Then there was the whole “Heartbleed” hype [1, 2, 3], which came from Codenomicon, a firm headed by Microsoft’s ‘former’ chief (who also has FBI history and probably knows how the FBI and Microsoft created their now-infamous back doors). The whole thing stinks very badly and we have already explained why.

Now there is this new attack on the reputation of GnuTLS. Guess who’s behind it? Here’s a quote: “Codenomicon, which found the Heartbleed flaw, discovered another SSL flaw, this time in the open-source GnuTLS library. GnuTLS is part of many Linux distros.

“Security firm Codenomicon has found a new Secure Sockets Layer (SSL) flaw in the GnuTLS open-source cryptographic library. Codenomicon rose to notoriety in April as the security firm that found and branded the Heartbleed flaw in the open-source OpenSSL cryptographic library.”

Codenomicon did not discover it. It was the opportunist. The flaw was discovered by another company (a person in Google), but Codenomicon marketed the flaw, hyped it all up (later bragging about the business it brought), and then disclosed it prematurely and irresponsibly, before all sorts of crucial sites had been patched. Codenomicon is a nasty Trojan horse in the security world and it has an agenda. As we showed before, Codenomicon is also a Microsoft partner, never mind the staff’s high-level connections to Microsoft.

The GnuTLS flaw which Codenomicon speaks about is already patched [1] and a Red Hat employee explains why — if anything (contrary to media reports [2]) — this demonstrates the advantage of Free software [3].

In other security news, the proprietary TrueCrypt is seemingly under some kind of fight from the outside (or infighting). Nobody seems to know for sure what’s going on there yet [4] (maybe a split among the developers or some coverup), but theories with supportive evidence get posted [5]. GNU/Linux distros drop TrueCrypt [6] as soon as possible. The Linux Foundation is still focused on OpenSSL [7,8] these days.

It should be noted that the likely cause for issues in TrueCrypt is US government overreach (back doors or request for back doors). These days, making encryption that works is seen like some kind of crime as if it directly facilitates crime [9]. It’s possible that a move to some place like Switzerland will help dodge these issues. Red Hat too should move to some place like Switzerland, for several reasons we wrote about before (security, not just software patents and trolls).

Finally, in some other security news, notice how Apple is deviating further away from standards [10,11] whilst attacking a Free/Open Source operating system (Android) over “security”, as if Apple with PRISM and back doors is somehow more secure than Android. How does Apple do all this? Well, citing some gossip bloggers from the CBS-owned tabloid ZDNet (CBS is paid by Apple), the CEO of Apple had this to say:

To illustrate his point, he quoted the title of a recent article by ZDNet’s Adrian Kingsley-Hughes, a self-described “big fan of Android.”

The article’s title? “Android fragmentation turning devices into a toxic hellstew of vulnerabilities” – and Cook’s slide of that quote added animated flames to the word “hellstew.”

Wait a second, Mr. Cook. Your operating system (core) has back doors which Apple designed and bragged about, never mind the NSA and PRISM. These back doors are now misused by non-government crackers. How can Cook claim security advantage with a straight face? The British press (above) ought to have pointed out these issues.

Speaking of British press, watch the Microsoft-controlled BBC spreading some FUD without naming Microsoft, even though only Microsoft is the culprit. One has to read many paragraphs before reaching the part where it says: “If your computer does not run Windows, stop right here. This does not affect you – but other problems might, so always keep your antivirus up to date.”

GNU/Linux does not require antivirus, unless it’s a server that serves files to Windows clients. But never mind all that, the BBC supports the antivirus myth (some antivirus companies do the same to Android), pretending that all platforms are not secure. The fact that this is a Microsoft-only problem should have been stated in the headline, but it’s not. Therein lies the typical bias of the BBC and some other Bill Gates- and/or Microsoft-funded press (BBC is funded by both). Microsoft is simply not being mentioned when there are Microsoft-only security problems, only when there is good news (promotion).

Watch out for FUD; lots of it exists, but it’s well concealed. A lot of it is bias by omission or bias by emphasis/selectivity.

Related/contextual items from the news:

  1. GnuTLS Vulnerability Closed in Ubuntu 14.04 LTS
  2. GnuTLS bug exposes Linux clients to server attacks

    The maintainers of GnuTLS, a secure communications library used in Red Hat, Ubuntu other Linux distributions, have released fixes for a critical bug affecting the client-side of the software.

  3. Just a thought

    I don’t fear the bugs that get fixed (in OpenSSL and now GnuTLS) in an open, transparent way we open source people do. I fear the bugs in proprietary stuff where I can never be sure if they get fixed and how. 

  4. TrueCrypt’s Mysterious Vanishing Act
  5. TrueCrypt warrant canary confirmed?

    Looking at the sudden new content on the TrueCrypt site, the most plausible explanation for me was that it was an attempt to tip people off that they had been tracked down and sent a National Security Letter, without actually breaking the law. Why else would they advocate using Apple’s disk encryption with no encryption selected? Why else would they advocate use of software from Microsoft, who we know cannot be trusted? It smelled like a warrant canary.

  6. Replace TrueCrypt

    Due to various concerns, TrueCrypt is about to be replaced in Tails, either by tcplay or cryptsetup.

  7. Announcing Rapid Progress on Core Infrastructure Initiative

    A month ago we announced the Core Infrastructure Initiative, a project to help fund critical open source projects that we all rely upon but that are in need of support. We moved quickly to organize the initiative and the industry reaction was swift and enthusiastic. I am proud to report on significant progress that I believe matches the quality of the reaction to the formation of the project.

  8. Linux Foundation will save OpenSSL with a little help from its friends
  9. US cybercrime laws being used to target security researchers

    Some of the world’s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure, amid fears American computer hacking laws are perversely making the web less safe to surf.

    Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have wielded it aggressively at anyone looking for vulnerabilities in the internet, criminalising work that’s largely benign.

  10. Apple Announces A New 3D API, OpenGL Competitor: Metal

    At Apple’s WWDC conference today they have just unveiled Metal, a new 3D graphics API to compete with OpenGL.

  11. Apple’s new Swift coding language hopes to lock down errors
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 22/2/2018: Qt Roadmap for 2018, Calculate Linux 17.12.2

    Links for the day



  2. As Expected, Bristows and Others Already Lying About UPC Status in Germany, But Doing This Anonymously (to Dodge Accountability for Lies)

    In their characteristic fashion, firms that created the UPC for their self-enrichment purposes, along with publishers/writers who deem it their role to promote the UPC and set up lobbying events for the UPC, look for ways to downplay if not intentionally distort what happened in Germany yesterday



  3. Further Attacks on EPO Staff and the Appeal Boards; Former EPO Boards of Appeal Member Speaks About EPO Scandals

    In the process of devaluing EPO workers and perhaps preparing them for a large round of layoffs information is also revealed about further repressions against the independence of the Boards of Appeal



  4. End of the UPC Lobby and Withdrawal of UPCA May Seem Imminent

    The Unitary Patent fantasy (of mass litigation firms) is coming to an end; in fact, the German government and courts (Bundesverfassungsgericht to be specific) now deem the complaint to be admissible and thus likely legitimate in spite of many attempts to shoot it down



  5. EPO's Board 28 Spikes Article 53 in CA/3/18, Apparently After Battistelli Withdrew It

    The latest plot twist, as odd as that may seem, is that the attack on the rights of thousands of workers (many of whom are rumoured to be on their way out) is curtailed somewhat, at least for the time being



  6. Links 21/2/2018: Apper 1.0, New Fedora ISOs

    Links for the day



  7. Rumour: European Patent Office to Lay Off a Significant Proportion of Its Workforce

    While the Administrative Council of the EPO praises Battistelli for his financial accomplishments (as laughable as it may seem) a lot of families stuck in a foreign country may soon see their breadwinner unemployed, according to rumours



  8. The Patent Trolls' Lobby, Bristows and IAM Among Others, Downplays Darts-IP/IP2Innovate Report About Rising If Not Soaring Troll Activity in Europe

    Exactly like last year, as soon as IP2Innovate opens its mouth Bristows and IAM go into "attack dog" mode and promote the UPC, deny the existence or seriousness of patent trolls, and promote their nefarious, trolls-funded agenda



  9. Links 20/2/2018: Mesa 17.3.5, Qt 5.11 Alpha, Absolute 15.0 Beta 4, Sailfish OS 2.1.4 E.A., SuiteCRM 7.10

    Links for the day



  10. Replacing Patent Sharks/Trolls and the Patent Mafia With 'Icons' Like Thomas Edison

    The popular perceptions of patents and the sobering reality of what patents (more so nowadays) mean to actual inventors who aren't associated with global behemoths such as IBM or Siemens



  11. The Patent Trolls' Lobby is Distorting the Record of CAFC on PTAB

    The Court of Appeals for the Federal Circuit (CAFC), which deals with appeals from PTAB, has been issuing many decisions in favour of § 101, but those aren't being talked about or emphasised by the patent 'industry'



  12. Japan Demonstrates Sanity on SEP Policy While US Patent Policy is Influenced by Lobbyists

    Japan's commendable response to a classic pattern of patent misuse; US patent policy is still being subjected to never-ending intervention and there is now a lobbyist in charge of antitrust matters and a lawyer in charge of the US patent office (both Trump appointees)



  13. The Patent Microcosm's Embrace of Buzzwords and False Marketing Strives to Make Patent Examiners Redundant and Patent Quality Extremely Low

    Patent maximalists, who are profiting from abundance of low-quality patents (and frivolous lawsuits/legal threats these can entail), are riding the hype wave and participating in the rush to put patent systems at the hands of machines



  14. Today, at 12:30 CET, Bavarian State Parliament Will Speak About EPO Abuses (Updated)

    The politicians of Bavaria are prepared to wrestle with some serious questions about the illegality of the EPO's actions and what that may mean to constitutional aspects of German law



  15. Another Loud Warning From EPO Workers About the Decline of Patent Quality

    Yet more patent quality warnings are being issued by EPO insiders (examiners) who are seeing their senior colleagues vanishing and wonder what will be left of their employer



  16. Links 19/2/2018: Linux 4.16 RC2, Nintendo Switch Now Full-fledged GNU/Linux

    Links for the day



  17. PTAB Continues to Invalidate a Lot of Software Patents and to Stop Patent Examiners From Issuing Them

    Erasure of software patents by the Patent Trial and Appeal Board (PTAB) carries on unabated in spite of attempts to cause controversy and disdain towards PTAB



  18. The Patent 'Industry' Likes to Mention Berkheimer and Aatrix to Give the Mere Impression of Section 101/Alice Weakness

    Contrary to what patent maximalists keep saying about Berkheimer and Aatrix (two decisions of the Federal Circuit from earlier this month, both dealing with Alice-type challenges), neither actually changed anything in any substantial way



  19. Makan Delrahim is Wrong; Patents Are a Major Antitrust Problem, Sometimes Disguised Using Trolls Somewhere Like the Eastern District of Texas

    Debates and open disagreements over the stance of the lobbyist who is the current United States Assistant Attorney General for the Antitrust Division



  20. Patent Trolls Watch: Microsoft-Connected Intellectual Ventures, Finjan, and Rumour of Technicolor-InterDigital Buyout

    Connections between various patent trolls and some patent troll statistics which have been circulated lately



  21. Software Patents Trickle in After § 101/Alice, But Courts Would Not Honour Them Anyway

    The dawn of § 101/Alice, which in principle eliminates almost every software patent, means that applicants find themselves having to utilise loopholes to fool examiners, but that's unlikely to impress judges (if they ever come to assessing these patents)



  22. In Aatrix v Green Shades the Court is Not Tolerating Software Patents But Merely Inquires/Wonders Whether the Patents at Hand Are Abstract

    Aatrix alleges patent infringement by Green Shades, but whether the patents at hand are abstract or not remains to be seen; this is not what patent maximalists claim it to be ("A Valentine for Software Patent Owners" or "valentine for patentee")



  23. An Indoctrinated Minority is Maintaining the Illusion That Patent Policy is to Blame for All or Most Problems of the United States

    The zealots who want to patent everything under the Sun and sue everyone under the Sun blame nations in the east (where the Sun rises) for all their misfortunes; this has reached somewhat ludicrous levels



  24. Berkheimer Decision is Still Being Spun by the Anti-Section 101/Alice Lobby

    12 days after Berkheimer v HP Inc. the patent maximalists continue to paint this decision as a game changer with regards to patent scope; the reality, however, is that this decision will soon be forgotten about and will have no substantial effect on either PTAB or Alice (because it's about neither of these)



  25. Academic Patent Immunity is Laughable and Academics Are Influenced by Corporate Money (for Steering Patent Agenda)

    Universities appear to have become battlegrounds in the war between practicing entities and a bunch of parasites who make a living out of litigation and patent bubbles



  26. UPC Optimism Languishes Even Among Paid UPC Propagandists Such as IAM

    Even voices which are attempting to give UPC momentum that it clearly lacks admit that things aren't looking well; the UK is not ratifying and Germany make take years to look into constitutional barriers



  27. Bejin Bieneman Props Up the Disgraced Randall Rader for Litigation Agenda

    Randall Rader keeps hanging out with the litigation 'industry' -- the very same 'industry' which he served in a closeted fashion when he was Chief Judge of the Federal Circuit (and vocal proponent of software patents, patent trolls and so on)



  28. With Stambler v Mastercard, Patent Maximalists Are Hoping to Prop Up Software Patents and Damage PTAB

    The patent 'industry' is hoping to persuade the highest US court to weaken the Patent Trial and Appeal Board (PTAB), for PTAB is making patent lawsuits a lot harder and raises the threshold for patent eligibility



  29. Apple Discovers That Its Patent Disputes Are a Losing Battle Which Only Lawyers Win (Profit From)

    By pouring a lot of money and energy into the 'litigation card' Apple lost focus and it's also losing some key cases, as its patents are simply not strong enough



  30. The Patent Microcosm Takes Berkheimer v HP Out of Context to Pretend PTAB Disregards Fact-Finding Process

    In view or in light of a recent decision (excerpt above), patent maximalists who are afraid of the Patent Trial and Appeal Board (PTAB) try to paint it as inherently unjust and uncaring for facts


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts