Bonum Certa Men Certa

Former Chief Security Officer for Microsoft the Chairman of the Board of Firm Behind Heartbleed€®

Dagger in the heart of OpenSSL

Heart Bleed



Summary: A serious conflict of interests that nobody in the media is talking about; Codenomicon is headed by Microsoft's Howard A. Schmidt

SOMETHING fishy was in the news today (since early this morning), including articles from GNU/Linux-oriented journalists [1] and blogs [2], some of which pointed out that a vulnerability discovered and published irresponsibly by the firm headed by Microsoft's former Chief Security Officer (we wrote about his actions before) are already "patched by all Linux distros".



Now, looking at the site set up by his firm, you might not know this. It lists the names of many GNU/Linux distributions along with a nasty picture (the one above). This coordinated release (disclosure) of a vulnerability on the last day of Windows XP security patches (they are through unless one pays Microsoft a lot of money) is rather suspicious to us. It came with a trademark-like name, a dot-com Web site (yes .com), and soon we are guaranteed to see lots of FUD saying that GNU/Linux is not secure. We already know that the vulnerabilities industry is well inside Microsoft's board and at highest level (look at John Thompson from Symantec; he is now Microsoft's new chairman).

We don't need to wait for the Microsoft press or a whisper campaign to use Heartbleed€® to tell people (again) that Free software, Linux and GNU are very "bad" and are a danger for the Web (some suspect that this bug is the result of NSA intervention in code development -- a subject we'll tackle another day for sure).

"This is a man whose high-paying job required that he beats GNU/Linux at security."Jacon Appelbaum (of Tor) says that this release was coordinated (with a date and everything) but not responsible at all because even the OpenSSL site, the FBI's official site (whom Howard Schmidt worked with) and many more remain vulnerable. It should be noted that the flaw has existed for two years, so the timing of this disclosure is interesting. Not too long ago we showed what seemed like Microsoft's role in a campaign to paint GNU/Linux insecure and dangerous becuase of Windows XP's EOL. It was a baseless campaign of FUD, media manipulation, and distortion of facts, ignoring, as always, the elephant in the room (Windows).

For those who treat it like some innocent development at a random time in the news, remember that Howard A. Schmidt, the Chairman of the Board of Codenomicon, was the Chief Security Officer for Microsoft. He joined Codenomicon a year and a half ago. This is irresponsible disclosure and journalists who ignore the conflict of interests (namely Schmidt being the head after serving Microsoft) are equally irresponsible (for irresponsible journalism). They may unwittingly be playing a role in a "Scroogled"-like campaign.

Just go to Codenomicon's Web site and find it described in large fonts as "A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network" (in many pages). There are lots of pages like this one about involvement in Microsoft SDL.

So to summarise, what does Microsoft have to do with Heartbleed? We probably need to ask Howard Schmidt. This is a man whose high-paying job required that he beats GNU/Linux at security.

Related/contextual items from the news:



  1. Heartbleed: Serious OpenSSL zero day vulnerability revealed


  2. openssl heartbleed updates for Fedora 19 and 20


  3. Heartbleed, a serious OpenSSL bug; patched by all Linux distros
    A new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160) which may consist of our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. According to OpenSSL Security Advisory report Neel Mehta from Google Security has discovered this bug.




Recent Techrights' Posts

Firefox Has Fallen to 2% in New Zealand
At around 2%, at least in the US (2% or below this threshold), there's no longer an obligation to test sites for any Gecko-based browser
GNU/Linux in Kyrgyzstan: From 0.5% to 5% in Eight Years
the country is almost the size of the UK
Microsoft-Connected Sites Trying to Shift Attention Away From Microsoft's Megabreach Only Days Before Important If Not Unprecedented Grilling by the US Government?
Why does the mainstream media not entertain the possibility a lot of these talking points are directed out of Redmond?
 
4 Old Articles About Microsoft/IBM SystemD
old but still relevant
Winning Streak
Free software prevalence
Links 19/05/2024: Conflicts, The Press, and Spotify Lawsuit
Links for the day
GNU/Linux+ChromeOS at Over 7% in New Zealand
It's also the home of several prominent GNU/Linux advocates
libera.chat (Libera Chat) Turns 3 Today
Freenode in the meantime continues to disintegrate
[Teaser] Freenode NDA Expires in a Few Weeks (What Really Happened 3 Years Ago)
get ready
GNU/Linux is Already Mainstream, But Microsoft is Still Trying to Sabotage That With Illegal Activities and Malicious Campaigns of Lies
To help GNU/Linux grow we'll need to tackle tough issues and recognise Microsoft is a vicious obstacle
Slovenia's Adoption of GNU/Linux in 2024
Whatever the factor/s may be, if these figures are true, then it's something to keep an eye on in the future
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 18, 2024
IRC logs for Saturday, May 18, 2024
Links 19/05/2024: Profectus Beta 1.2
Links for the day
Site Archives (Not WordPress)
We've finally finished the work
[Meme] The EPO Delusion
on New Ways of Working
EPO Representatives Outline Latest Attacks on Staff
Not much has happened recently in terms of industrial action
Links 18/05/2024: Revisiting the Harms of Patent Trolls, Google Tries to Bypass (or Plagiarise) Sites Under the Guise of "AI"
Links for the day
Links 18/05/2024: BASIC Story, Site Feeds, and New in Geminispace
Links for the day
Justice for Victims of Online Abuse
The claims asserted or pushed forth by the harasser are categorically denied
[Meme] Senior Software Engineer for Windows
This is becoming like another Novell
Links 18/05/2024: Deterioration of the Net, North Korean IT Workers in the US
Links for the day
Windows in Lebanon: Down to 12%?
latest from statCounter
[Video] 'Late Stage Capitalism': Microsoft as an Elaborate Ponzi Scheme (Faking 'Demand' While Portraying the Fraud as an Act of Generosity and Demanding Bailouts)
Being able to express or explain the facts isn't easy because of the buzzwords
Links 18/05/2024: Caledonia Emergency Powers, "UK Prosecutor's Office Went Too Far in the Assange Case"
Links for the day
Microsoft ("a Dying Megacorporation that Does Not Create") and IBM: An Era of Dying Giants With Leadership Deficits and Corporate Bailouts (Subsidies From Taxpayers)
Microsoft seems to be resorting to lots of bribes and chasing of bailouts (i.e. money from taxpayers worldwide)
US Patent and Trademark Office Sends Out a Warning to People Who Do Not Use Microsoft's Proprietary Formats
They're punishing people who wish to use open formats
Links 18/05/2024: Fury in Microsoft Over Studio Shutdowns, More Gaming Layoffs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 17, 2024
IRC logs for Friday, May 17, 2024
Links 18/05/2024: KOReader, Benben v0.5.0 Progress Update, and More
Links for the day
[Meme] UEFI 'Secure' Boot Boiling Frog
UEFI 'Secure' Boot: You can just ignore it. You can just turn it off. You can hack on it as a workaround. Just use Windows dammit!
The Market Wants to Delete Windows and Install GNU/Linux, UEFI 'Secure' Boot Must Go!
To be very clear, this has nothing to do with security and those who insist that it is have absolutely no credentials
In the United States Of America the Estimated Share of Google Search Grew After Microsoft's Chatbot Hype (Which Coincided With Mass Layoffs at Bing)
Microsoft's chatbot hype started in late 2022
Techrights Will Categorically Object to Any Attempts to Deny Its Right to Publish Informative, Factual Material
we'll continue to publish about 20 pages per day while challenging censorship attempts
Links 17/05/2024: Microsoft Masks Layoffs With Return-to-office (RTO) Mandates, More YouTube Censorship
Links for the day
YouTube Progresses to the Next Level
YouTube is a ticking time bomb
Journalists and Human Rights Groups Back Julian Assange Ahead of Monday's Likely Very Final Decision
From the past 24 hours...
[Meme] George Washington and the Bill of Rights
Centuries have passed since the days of George Washington, but the principles are still the same
Daniel Pocock: "I've Gone to Some Lengths to Demonstrate How Corporate Bad Actors Have Used Amateur-hour Codes of Conduct to Push Volunteers Into Modern Slavery"
"As David explains, the Codes of Conduct should work the other way around to regulate the poor behavior of corporations who have been far too close to the Debian Suicide Cluster."
Video of Richard Stallman's Talk From Four Weeks Ago
2-hour video of Richard Stallman speaking less than a month ago
statCounter Says Twitter/X Share in Russia Fell From 23% to 2.3% in 3 Years
it seems like YouTube gained a lot
Journalist Who Won Awards for His Coverage of the Julian Assange Ordeals Excluded and Denied Access to Final Hearing
One can speculate about the true reason/s
Richard Stallman's Talk, Scheduled for Two Days Ago, Was Not Canceled But Really Delayed
American in Paris
3 More Weeks for Daniel Pocock's Campaign to Win a Seat in European Parliament Elections
Friday 3 weeks from now is polling day
Microsoft Should Have Been Fined and Sanctioned Over UEFI 'Lockout' (Locking GNU/Linux Out of New PCs)
Why did that not happen?
Gemini Links 16/05/2024: Microsoft Masks Layoffs With Return-to-office (RTO) Mandates, Cash Issues
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, May 16, 2024
IRC logs for Thursday, May 16, 2024
Ex-Red Hat CEO Paul Cormier Did Not Retire, He Just Left IBM/Red Hat a Month Ago (Ahead of Layoff Speculations)
Rather than retire he took a similar position at another company
Linux.com Made Its First 'Article' in Over and Month, It Was 10 Words in Total, and It's Not About Linux
play some 'webapp' and maybe get some digital 'certificate' for a meme like 'clown computing'