Bonum Certa Men Certa
Coming Soon: Richard Stallman Interview for 30th GNU Anniversary | Another Financial 'Collapse' is Coming, We Need to Facilitate Banking Whistleblowers

Former Novell Staff Still Pushing the Linux Foundation Into Restricted Boot Territory, Ignoring the Real Threat (Back Doors)

Greg Kroah-Hartman
Photo by Sebastian Oliva



Summary: Back doors in code, embedded in blobs, and even shoehorned into encryption is the overlooked security threat, which gets pushed aside in favour of phantom threats which Microsoft 'sells' through former Novell staff (i.e. funded by Microsoft)

A MONTH or two ago we mostly ignored exaggerated (sexed-up) reports about something called "Hand of Thief". When there's a Windows security threat the press does not call out Windows, but when it relates to GNU/Linux then tabloids like ZDNet scream from the rooftops. This thing called "Hand of Thief" is basically a malicious program which GNU/Linux users need to install themselves in order for it to do malicious things. It is not a virus, it does not spread, and it hardly even uses social engineering to get itself installed. We cited some reports which stress these facts and now comes a belated one too [1]. LynuxWorks is now offering some "Linux rootkit detector" [2] as if rootkits on GNU/Linux are a common issue. In a sense, since the Linux Foundation seems to insist on helping UEFI restricted boot, we are led to the belief that bootkits are a common threat to Linux. As the Linux Foundation's site put it, as in the words of the employee it acquired from Novell:



Now that The Linux Foundation is a member of the UEFI.org group, I’ve been working on the procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.


Greg K-H has been working on all sorts of other kernel-level projects that help Microsoft. He did this while being paid by Novell, which was in turn being given money by Microsoft. That's the power of money. Other former Novell employees also helped promote UEFI restricted boot, as we showed before. Rogue influence by Novell in the Linux Foundation is a subject we have written about for half a decade, showing numerous examples.

The bigger security issue right now might be back doors, which might also exist in Linux, even in encryption form [3] (giving away passwords over the network for example), so hard-to-crack passwords [4] might not be enough. Microsoft's and Sony's network compromises sure reveal the massive financial effects of system intrusions, so this subject should not be taken lightly.

UEFI restricted boot is actually a security threat, not a security solution, especially when a signature is provided and managed by some rogue company in the United States -- one which has been secretly in bed with the NSA. With UEFI restricted boot, hardware can be bricked remotely. In a way, UEFI restricted boot deserves the name "unsecure boot". In some devices it can block the user from accessing his/her own computer. Nobody should promote such treacherous computing.

Related/contextual items from the news:



  1. Hand of Thief, Not
    Linux's biggest vulnerability is the software that users install with full "superuser" privileges. If you just install applications from your distro's official repository, that's not a problem. But if you download software from dubious web sites, or if you add a mysterious repository to your package manager, you're opening yourself up for an infection. Always, always make sure you know what software you are installing, why you are installing it, and where it's from.


  2. Linux rootkit detector adds hardware punch to security scanning
    LynuxWorks is stepping up the battle with the release of the first hardware-based rootkit detection system powered by the LynxSecure separation kernel. Called the RDS5201, it combats and detects stealthy advanced persistent threats. Built on the LynxSecure 5.2 separation kernel and hypervisor, this small form factor appliance has been designed to offer a unique detection capability that complements traditional security mechanisms as they try to protect against the growing number and complexity of cyber threats.


  3. RSA warns developers not to use RSA products
    In today's news of the weird, RSA (a division of EMC) has recommended that developers desist from using the (allegedly) 'backdoored' Dual_EC_DRBG random number generator -- which happens to be the default in RSA's BSafe cryptographic toolkit. Youch.
  4. How-to make hard-to-crack passwords you can easily remember


  5. Australian who boasted of hacking to plead not guilty to charges stemming from raid
    Dylan Wheeler, who claimed in February to have breached Microsoft's and Sony's networks, has not been charged with hacking




Coming Soon: Richard Stallman Interview for 30th GNU Anniversary | Another Financial 'Collapse' is Coming, We Need to Facilitate Banking Whistleblowers

Recent Techrights' Posts

IBM Culling Workers or Pushing Them Out (So That It's Not Framed as Layoffs), Red Hat Mentioned Repeatedly Only Hours Ago
We all know what "reorg" means in the C-suite
Free Software Foundation Subpoenaed by Serial GPL Infringers
These attacks on software freedom are subsidised by serial GPL infringers
Publicly Posting in Social Control Media About Oneself Makes It Public Information
sheer hypocrisy on privacy is evident in the Debian mailing lists
 
Embrace, Extend, Replace the Original (Or Just Hijack the Word 'Sudo')
First comment? A Microsoft employee
Gemini Links 02/05/2024: Firewall Rules Etiquette and Self Host All The Things
Links for the day
Red Hat/IBM Crybullies, GNOME Foundation Bankruptcy, and Microsoft Moles (Operatives) Inside Debian
reminder of the dangers of Microsoft moles inside Debian
PsyOps 007: Paul Tagliamonte wanted Debian Press Team to have license to kill
Reprinted with permission from disguised.work
IBM Raleigh Layoffs (Home of Red Hat)
The former CEO left the company exactly a month ago
Paul R. Tagliamonte, the Pentagon and backstabbing Jacob Appelbaum, part B
Reprinted with permission from disguised.work
Links 01/05/2024: Surveillance and Hadopi, Russia Clones Wikipedia
Links for the day
Links 01/05/2024: FCC Takes on Illegal Data Sharing, Google Layoffs Expand
Links for the day
Links 01/05/2024: Calendaring, Spring Idleness, and Ads
Links for the day
Paul Tagliamonte & Debian: White House, Pentagon, USDS and anti-RMS mob ringleader
Reprinted with permission from disguised.work
Jacob Appelbaum character assassination was pushed from the White House
Reprinted with permission from disguised.work
Why We Revisit the Jacob Appelbaum Story (Demonised and Punished Behind the Scenes by Pentagon Contractor Inside Debian)
If people who got raped are reporting to Twitter instead of reporting to cops, then there's something deeply flawed
Red Hat's Official Web Site is Promoting Microsoft
we're seeing similar things at Canonical's Ubuntu.com
Enrico Zini & Debian: falsified harassment claims
Reprinted with permission from disguised.work
European Parliament Elections 2024: Daniel Pocock Running as an Independent Candidate
I became aware that Daniel Pocock had decided to enter politics
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 30, 2024
IRC logs for Tuesday, April 30, 2024
[Meme] Sometimes Torvalds and RMS Agree on Things
hype around chatbots
[Video] Linus Torvalds on 'Hilarious' AI Hype: "I Hate the Hype" and "I Don't Want to be Part of the Hype", "You Need to Be a Bit Cynical About This Whole Hype Cycle"
Linus Torvalds on LLMs
Colin Watson, Steve McIntyre & Debian, Ubuntu cover-up mission after Frans Pop suicide
Reprinted with permission from disguised.work
Links 30/04/2024: Wireless Carriers Selling Customer Location Data, Facebook Posts Causing Trouble
Links for the day
Frans Pop suicide and Ubuntu grievances
Reprinted with permission from disguised.work
Links 30/04/2024: More Google Layoffs (Wide-Ranging)
Links for the day
Fresh Rumours of Impending Mass Layoffs at IBM Red Hat
"IBM filed a W.A.R.N with the state of North Carolina. That only means one thing."
Workers' Right to Disconnect Won't Matter If Such a Right Isn't Properly Enforced
I was always "on-call" and my main role or function was being "on-call" in case of incidents
Mark Shuttleworth's (MS's) Canonical is Promoting Microsoft This Week (Surveillance Slanted as 'Confidential')
Who runs Canonical these days? Why does Canonical help sell Windows?
A Discussion About Suicides in Science and Technology (Including Debian and the European Patent Office)
In Debian, there is a long history of deaths, suicides, and mysterious disappearances
Federal News Network is Corrupt, It Runs Propaganda Pieces for Microsoft
Federal News Network used to be OK some years ago
What Mark Shuttleworth and Canonical Can to Remedy the Damage Done to Frans Pop's Family
Mr. Shuttleworth and Canonical as a company can at the very least apologise for putting undue pressure
Amnesty International & Debian Day suicides comparison
Reprinted with permission from disguised.work
[Meme] A Way to Get No Real Work Done
Walter White looking at phone: Your changes could not be saved to device
Modern Measures of 'Productivity' Boil Down to Time Wasting and Misguided Measurements/Yardsticks
People are forgetting the value of nature and other human beings
Countries That Beat the United States at RSF's World Press Freedom Index (After US Plunged Some More)
The United States (US) was 17 when these rankings started in 2002
Record Productivity and Preserving People's Past on the Net
We're very productive these days, partly owing to online news slowing down (less time spent on curating Daily Links)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 29, 2024
IRC logs for Monday, April 29, 2024
Links 30/04/2024: Malaysian and Russian Governments Crack Down on Journalists
Links for the day
Frans Pop Debian Day suicide, Ubuntu, Google and the DEP-5 machine-readable copyright file
Reprinted with permission from disguised.work
Axel Beckert (ETH Zurich), the mentality of sexual violence on campus
Reprinted with permission from Daniel Pocock
[Meme] Russian Reversal
Mark Shuttleworth: In Soviet Russia's spacecraft... Man exploits peasants
Frans Pop & Debian suicide denial
Reprinted with permission from disguised.work
Hard Evidence Reinforces Suspicion That Mark Shuttleworth May Have Worked Volunteers to Death
Today we start re-publishing articles that contain unaltered E-mails