Page 1 of 12 12311 ... LastLast
Results 1 to 10 of 114

Thread: The FBI Paid OpenBSD Developers For Backdoors?

  1. #1
    Join Date
    Jan 2007
    Posts
    13,464

    Default The FBI Paid OpenBSD Developers For Backdoors?

    Phoronix: The FBI Paid OpenBSD Developers For Backdoors?

    Government organizations, whether they be from the United States, the European Union, or anywhere else for that matter, contributing to open-source projects is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can largely be attributed to the United State's National Security Agency (NSA). More organizations contributing to open-source isn't bad -- government or not -- when it's mutually beneficial work with good intentions. However, there are new allegations being made today about OpenBSD's networking stack, in particular it's IPsec code. The FBI allegedly paid OpenBSD developers to insert back-doors into the code-base...

    http://www.phoronix.com/vr.php?view=ODkxMw

  2. #2
    Join Date
    Aug 2010
    Posts
    59

    Default

    SELinux is full of security holes which I'm sure is the way the NSA intended it.

  3. #3
    Join Date
    Oct 2007
    Location
    Under the bridge
    Posts
    2,099

    Default

    Ouch. Can't say I'm terribly surprised, but ouch.

    OpenBSD is used in way too many servers, a thorough security audit must be performed ASAP (but will that be enough?)

  4. #4
    Join Date
    Jan 2010
    Posts
    159

    Default

    What crude ethics those developers must have ...

  5. #5

    Default

    The guy who sent the email had a NDA with the FBI that kept him from talking about this. Does that mean that he one of the people who implemented these backdoors?

  6. #6
    Join Date
    Sep 2010
    Posts
    66

    Default

    So I guess he'll be arrested on rape charges now? >.>

  7. #7
    Join Date
    Nov 2007
    Posts
    209

    Default

    Well, like ones said, 'with money you can buy anything.'

    ..and they said openBSD is secure

    oh well..

  8. #8
    Join Date
    Mar 2009
    Posts
    141

    Default

    How has this been in there for a decade without anyone noticing? Where's the code they're talking about? Was this only in some proprietary fork of BSD? This whole story sounds unlikely.

  9. #9
    Join Date
    Mar 2009
    Location
    Hellas
    Posts
    1,006

    Default

    IF this thing has a prossibility to be right, then imagine what happens inside the code of proprietary OSes...
    Just the idea makes me shiver...

  10. #10
    Join Date
    Aug 2007
    Location
    Poland
    Posts
    215

    Default

    So, it's now time to audit more carefully Linux source code...

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •