Bonum Certa Men Certa
Coming Soon: Richard Stallman Interview for 30th GNU Anniversary | Another Financial 'Collapse' is Coming, We Need to Facilitate Banking Whistleblowers

Former Novell Staff Still Pushing the Linux Foundation Into Restricted Boot Territory, Ignoring the Real Threat (Back Doors)

Greg Kroah-Hartman
Photo by Sebastian Oliva



Summary: Back doors in code, embedded in blobs, and even shoehorned into encryption is the overlooked security threat, which gets pushed aside in favour of phantom threats which Microsoft 'sells' through former Novell staff (i.e. funded by Microsoft)

A MONTH or two ago we mostly ignored exaggerated (sexed-up) reports about something called "Hand of Thief". When there's a Windows security threat the press does not call out Windows, but when it relates to GNU/Linux then tabloids like ZDNet scream from the rooftops. This thing called "Hand of Thief" is basically a malicious program which GNU/Linux users need to install themselves in order for it to do malicious things. It is not a virus, it does not spread, and it hardly even uses social engineering to get itself installed. We cited some reports which stress these facts and now comes a belated one too [1]. LynuxWorks is now offering some "Linux rootkit detector" [2] as if rootkits on GNU/Linux are a common issue. In a sense, since the Linux Foundation seems to insist on helping UEFI restricted boot, we are led to the belief that bootkits are a common threat to Linux. As the Linux Foundation's site put it, as in the words of the employee it acquired from Novell:



Now that The Linux Foundation is a member of the UEFI.org group, I’ve been working on the procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.


Greg K-H has been working on all sorts of other kernel-level projects that help Microsoft. He did this while being paid by Novell, which was in turn being given money by Microsoft. That's the power of money. Other former Novell employees also helped promote UEFI restricted boot, as we showed before. Rogue influence by Novell in the Linux Foundation is a subject we have written about for half a decade, showing numerous examples.

The bigger security issue right now might be back doors, which might also exist in Linux, even in encryption form [3] (giving away passwords over the network for example), so hard-to-crack passwords [4] might not be enough. Microsoft's and Sony's network compromises sure reveal the massive financial effects of system intrusions, so this subject should not be taken lightly.

UEFI restricted boot is actually a security threat, not a security solution, especially when a signature is provided and managed by some rogue company in the United States -- one which has been secretly in bed with the NSA. With UEFI restricted boot, hardware can be bricked remotely. In a way, UEFI restricted boot deserves the name "unsecure boot". In some devices it can block the user from accessing his/her own computer. Nobody should promote such treacherous computing.

Related/contextual items from the news:



  1. Hand of Thief, Not
    Linux's biggest vulnerability is the software that users install with full "superuser" privileges. If you just install applications from your distro's official repository, that's not a problem. But if you download software from dubious web sites, or if you add a mysterious repository to your package manager, you're opening yourself up for an infection. Always, always make sure you know what software you are installing, why you are installing it, and where it's from.


  2. Linux rootkit detector adds hardware punch to security scanning
    LynuxWorks is stepping up the battle with the release of the first hardware-based rootkit detection system powered by the LynxSecure separation kernel. Called the RDS5201, it combats and detects stealthy advanced persistent threats. Built on the LynxSecure 5.2 separation kernel and hypervisor, this small form factor appliance has been designed to offer a unique detection capability that complements traditional security mechanisms as they try to protect against the growing number and complexity of cyber threats.


  3. RSA warns developers not to use RSA products
    In today's news of the weird, RSA (a division of EMC) has recommended that developers desist from using the (allegedly) 'backdoored' Dual_EC_DRBG random number generator -- which happens to be the default in RSA's BSafe cryptographic toolkit. Youch.
  4. How-to make hard-to-crack passwords you can easily remember


  5. Australian who boasted of hacking to plead not guilty to charges stemming from raid
    Dylan Wheeler, who claimed in February to have breached Microsoft's and Sony's networks, has not been charged with hacking




Coming Soon: Richard Stallman Interview for 30th GNU Anniversary | Another Financial 'Collapse' is Coming, We Need to Facilitate Banking Whistleblowers

Recent Techrights' Posts

Last Week's EPO Strike Was the Biggest (Highest Participation Rate), Hours Ago General Assembly Discussed Next (Growing) Intensity of Strikes
Well done and well attended
 
Gemini Links 23/03/2026: "Mandatory" Bad Things and Dangers of Perfection Aspirations
Links for the day
SLAPP Censorship - Part 20 Out of 200: All Roads Lead to Rome and to GAFAM Funding
Now about 10% into this series
Mass Layoffs at HashiCorp, IBM Hid Them
The media did not mention those layoffs
Microsoft Downgraded on Concerns (Lack of Growth) Amid Silent Layoffs in 2026
The press isn't functioning anymore
Links 23/03/2026: Gulf Water at Risk, Heatwave in Malaysia
Links for the day
Slop Means False, New Article by Cybershow
"We are living in a world that is rapidly divesting from reality."
Debianism election 2026 community poll created, everybody can vote
Reprinted with permission from Daniel Pocock
Links 23/03/2026: "Shocking Peter Thiel Antichrist Lectures", Robert Mueller Remembered
Links for the day
The Scandal Bigger Than IBM/Red Hat Layoffs is the de Facto "Media Blackout" About Those Layoffs
So we have a media crisis, aside from the economic crises
Gemini Links 23/03/2026: Geminispace/Elpher Enhancement and the Cerberus Cinco
Links for the day
Fear is Not a Legitimate Factor
Smart people know that trying to prevent moral people from doing the "Right Thing" will backfire
Fuel Autonomy and What It Teaches Us About Software Autonomy (or Software Freedom)
Need we wait until a "software Pearl Harbor" or protect ourselves proactively by weaning ourselves off of GAFAMware?
Scheduled Maintenance This Coming Wednesday
Other than that, all is the same and we carry on as usual
Most Press Articles About IBM Are LLM Slop, Sometimes With Slop Images
IBM basically laid off almost 1,000 people last week [...] At the moment about 75% of the 'articles' we see about IBM (in recent days) are some kind of slop
Links 23/03/2026: Security Breaches, Energy Shortages, Another SRA Scandal, and Patents on Nature
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 22, 2026
IRC logs for Sunday, March 22, 2026
Streisand Effect and Justice
This weekend this site has served over 8 million Web requests
Gemini Links 22/03/2026: "Woman of Tomorrow" and "First Steps in Geminispace"
Links for the day
SLAPP Censorship - Part 19 Out of 200: They Were Ill-prepared for Tough Questions in Cross-Examination
Very ill-prepared for the deteriorating situation caused by their clients' past behaviour towards many people, including high-profile figures who offered to testify
The Media Sold Out to Slop Bros
If you wish for the hype to stop, then stop participating in it
EPO Strike a Week From Now, After That Strikes Can Become Permanent
A week from tomorrow there will be another strike
The Only Non-IBM Staff in Fedora Council/Leadership Attacks Booting Freedom (Just Like the Master Wants)
Last week IBM laid off almost 1,000 people in Confluent and the media didn't write anything about it, so don't expect anyone in what's left of the media to comment on Fedora's demise and silent layoffs at Red Hat
Just Like a Founder of XBox Said, Microsoft XBox is Collapsing, Management Continue to Jump Ship
Nowadays Microsoft tries to promote this idea that Windows is XBox and XBox is Windows
Links 22/03/2026: Slop Triggers Emergency at Meta, Energy Prices Rise Sharply
Links for the day
Links 22/03/2026: Microsoft 'Open' 'AI' in Legal Trouble (Plagiarism, Distortion, Misrepresentation); Facebook/Meta Kills Off "Horizon Worlds"
Links for the day
Racism Dressed Up as "Choice"
Racism is rampant at IBM
Probably an All-Time Record
Our investment in our own SSG is paying off
Your Site Should Implement Its Own Search (Before It's Too Late)
GAFAM was never trustworthy
Gemini Links 22/03/2026: LLM Slop Attacks USENET, Announcing Pig (New Game in Gemini Protocol)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 21, 2026
IRC logs for Saturday, March 21, 2026
SLAPP Censorship - Part 18 Out of 200: Third Parties Funding Attacks on the Messengers, Lawsuits Against GAFAM-Critical Voices That Uphold Real National Security
Women are like kryptonite to them
Never Trust People Who Write Their Own Wikipedia Pages (Vanity Pages About Themselves) or Ask Friends to Do So. Also: Jono Bacon is Married to Microsoft.
We'd hardly be the first to point out Wikipedia isn't what it seems
No Tolerance for Attacks on Family Members
Being a Free software activist ought not lead to "collateral damage" like attacks on family members, including doxing
Sirius Open Source is Just a Zombie Firm With Shell Entities
Many companies fake their health and their size
Communities Can Only Survive When Trust Prevails
PCLinuxOS is still a vibrant and authentic community
Techrights Was Always a Community Site
The harder we're attacked, the more people participate in the site
Maintenance Reminder
We'll carry on publishing
Behind the PR Smokescreen and Microsoft-Sponsored Chaff, Microsoft Layoffs in "AI" Alleged This Month
In an age when ~1,000 simultaneous layoffs aren't enough to receive any media coverage, what can we expect remaining publishers to tell us about Microsoft layoffs in 2026?
EPO "Cocaine Communication Manager" - Part VIII - Mobbing and Silencing of Dissenting Staff
that's the very cornerstone of functional democracies with real opposition parties
Bluewashing at Confluent: Some Workers to Leave Within 3 Months (IBM Mass Layoffs)
Is the "era of AI" an era when none of the media will mention over 800 layoffs? [...] There's a lesson here about the state of the contemporary media, not just IBM and bluewashing
Microsoft OpenAI, Drowning in Debt and Forced to Make Significant Cuts (as Reports Reveal This Month), Does Hiring Disguised as "Takeovers" to Fake Value or Alleged Potential
Remember what happened to Skype last year
Reader Shares Recent Memes on Slop and 'Coding' by LLMs
"just some funny memes I thought were relevant to current coverage."
Slop Does Not Replace Art, It Contaminates Everything With Reckless Nonsense
many Computer Scientists do not want programs to get contaminated by slop
Coders Don't Just Reject 'Vibe Coding' Because They're "Luddites", They Just Know the True Cost of Slop
if some programmer says slop sucks, don't rush to assume selfishness or defence of one's occupation
When Nobody Else Covers the News
There's an obvious "media blackout" regarding the mass layoffs
Links 21/03/2026: David Botstein Dies, Slop as Censorship Apparatus
Links for the day
Links 21/03/2026: Metastablecoin Fragmentation and Crescent Moon
Links for the day
Gemini Links 21/03/2026: Historic Ada Docs; The Lurking LLM on the SmolNet
Links for the day
HSBC the Latest Failed Bank Using Slop as Excuse for Its Financial Failure
"HSBC is planning on cutting as many as 20,000 jobs in the near future as the company allies with AI revolution."
Invitation to General Assembly After 1,200 EPO Workers Participated in the Demonstration 3 Days Ago
"the strike of 19 March was also very well followed."
A/Prof Susan G Kleinmann, Enkelena Haxhija & Debian-private risk to MIT
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, March 20, 2026
IRC logs for Friday, March 20, 2026