Announcement

Collapse
No announcement yet.

The FBI Paid OpenBSD Developers For Backdoors?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The FBI Paid OpenBSD Developers For Backdoors?

    Phoronix: The FBI Paid OpenBSD Developers For Backdoors?

    Government organizations, whether they be from the United States, the European Union, or anywhere else for that matter, contributing to open-source projects is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can largely be attributed to the United State's National Security Agency (NSA). More organizations contributing to open-source isn't bad -- government or not -- when it's mutually beneficial work with good intentions. However, there are new allegations being made today about OpenBSD's networking stack, in particular it's IPsec code. The FBI allegedly paid OpenBSD developers to insert back-doors into the code-base...

    http://www.phoronix.com/vr.php?view=ODkxMw

  • #2
    SELinux is full of security holes which I'm sure is the way the NSA intended it.

    Comment


    • #3
      Ouch. Can't say I'm terribly surprised, but ouch.

      OpenBSD is used in way too many servers, a thorough security audit must be performed ASAP (but will that be enough?)

      Comment


      • #4
        What crude ethics those developers must have ...

        Comment


        • #5
          The guy who sent the email had a NDA with the FBI that kept him from talking about this. Does that mean that he one of the people who implemented these backdoors?

          Comment


          • #6
            So I guess he'll be arrested on rape charges now? >.>

            Comment


            • #7
              Well, like ones said, 'with money you can buy anything.'

              ..and they said openBSD is secure

              oh well..

              Comment


              • #8
                How has this been in there for a decade without anyone noticing? Where's the code they're talking about? Was this only in some proprietary fork of BSD? This whole story sounds unlikely.

                Comment


                • #9
                  IF this thing has a prossibility to be right, then imagine what happens inside the code of proprietary OSes...
                  Just the idea makes me shiver...

                  Comment


                  • #10
                    So, it's now time to audit more carefully Linux source code...

                    Comment


                    • #11
                      wtf! when will US action will have any consequences? when will countries and ppl start to protest (successfully) against so called protectors of us democracy...
                      sorry... maybe i just watched "enemy of the state" yesterday. but still there are plans to murder Julian Assange but a nobel prize for its chinese counterpart. funny isnt it?

                      Comment


                      • #12
                        Originally posted by Decatf View Post
                        So I guess he'll be arrested on rape charges now? >.>
                        No, no, it's sex by surprise.

                        Comment


                        • #13
                          Пиздец...
                          Noone ever will know what resides on their machines, this is really sad, for reason of controling me, I'm not using win/mac, but there are holes everywhere and those are not just "bugs"...
                          Damn damn damn...

                          Comment


                          • #14
                            Originally posted by Smorg View Post
                            How has this been in there for a decade without anyone noticing? Where's the code they're talking about? Was this only in some proprietary fork of BSD? This whole story sounds unlikely.
                            Why has it been working?
                            Simply because open source does not work the way many are advertising it.

                            Hardly anyone looks at the code of others.
                            Often you have less than a handful of people maintaining a library or part of it. If you corrupt the lead of these people you could be settled. Not even talking about corrupting the whole group.

                            And even if a code review is done, often the people doing that don't have the time or lack of knowledge to completely analyze the changes.

                            Still I like the FOSS model, since it allows me to work on code I am interested in. Also if a security whole gets public the code is there for anyone to dig in, be it Red Hat for example who want to close it asap or anybody else.


                            Originally posted by BlackStar View Post
                            Ouch. Can't say I'm terribly surprised, but ouch.

                            OpenBSD is used in way too many servers, a thorough security audit must be performed ASAP (but will that be enough?)
                            "Security audit" is just a buzzword.
                            Who will work on that?
                            Often it is not that easy to understand other's code -- especially if you can't use their input -- let alone find security wholes. Now these wholes have been planted deliberately with its implementors having time to conceal that for more than a decade.


                            Only two remote holes in the default install, in a heck of a long time!

                            Comment


                            • #15
                              well, so much for openbsd's security claims.

                              but seriously, they agreed to cripple their own software? and nobody catched that?

                              this might cause quite a stir. i'd expect that now many more people will point their eyes towards similar open crypto solutions, looking for backdoors.

                              Comment

                              Working...
                              X