1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking.org

The FBI Paid OpenBSD Developers For Backdoors?

BSD

Published on 14 December 2010 07:55 PM EST
Written by Michael Larabel in BSD
113 Comments

Government organizations, whether they be from the United States, the European Union, or anywhere else for that matter, contributing to open-source projects is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can largely be attributed to the United State's National Security Agency (NSA). More organizations contributing to open-source isn't bad -- government or not -- when it's mutually beneficial work with good intentions. However, there are new allegations being made today about OpenBSD's networking stack, in particular it's IPsec code. The FBI allegedly paid OpenBSD developers to insert back-doors into the code-base.

OpenBSD's Theo de Raadt brought to light via an email from Gregory Perry, the former CTO of NETSEC, that the FBI paid several open-source developers to compromise the IPSEC stack. "the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC."

This code has been in OpenBSD for a decade now, but Gregory Perry's Non-Disclosure Agreement with the FBI has finally expired, which is now allowing him to speak on the matter. Gregory also goes on with further details, "This is also probably the reason why you lost your DARPA funding, they more than likely caught wind of the fact that those backdoors were present and didn't want to create any derivative products based upon the same...This is also why several inside FBI folks have been recently advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments, for example Scott Lowe is a well respected author in virtualization circles who also happens top be on the FBI payroll, and who has also recently published several tutorials for the use of OpenBSD VMs in enterprise VMware vSphere deployments."

The email can be read here. This story is still developing.

Latest Linux Hardware Reviews
  1. Overclocking The AMD AM1 Athlon & Sempron APUs
  2. AMD Athlon 5350 / 5150 & Sempron 3850 / 2650
  3. Upgraded Kernel & Mesa Yield A Big Boost For Athlon R3 Graphics
  4. AMD Athlon 5350 APU On Linux
Latest Linux Articles
  1. A Quick Look At GCC 4.9 vs. LLVM Clang 3.5
  2. Are AMD Athlon/Sempron APUs Fast Enough For Steam On Linux?
  3. AMD Athlon's R3 Graphics: RadeonSI Gallium3D vs. Catalyst
  4. GCC 4.9 Compiler Optimization Benchmarks For Faster Binaries
Latest Linux News
  1. Maynard: A Lightweight Wayland Desktop
  2. Chromium Browser Going Through Growing Pains In Ubuntu 14.04
  3. KDE 4.13 Is Being Released Today With New Features
  4. Trying Out Radeon R9 290 Graphics On Open-Source
  5. Intel Broadwell GT3 Graphics Have Dual BSD Rings
  6. Early Linux 3.15 Benchmarks Of Intel Core i7 + Radeon
  7. Red Hat Releases Its RHEL 7 Release Candidate
  8. New Features Coming To Xubuntu 14.04 LTS
  9. NVIDIA Officially Releases CUDA 6
  10. Google Releases An AutoFDO Converter For Perf In LLVM
  11. Fedora 21 To Evaluate Remote Journal Logging, 64-bit ARM Emulation
  12. Star Citizen Will Be Coming To Linux
Latest Forum Discussions
  1. The GNOME Foundation Is Running Short On Money
  2. Linux Kernel Developers Fed Up With Ridiculous Bugs In Systemd
  3. Bye bye BSD, Hello Linux: A Sys Admin's Story
  4. New tool for undervolt/overclock AMD K8L and K10 processors
  5. How to enable opengl 3.3 on r9 270?
  6. R290x sound problems
  7. radeon-profile: tool for changing profiles and monitoring some GPU parameters
  8. Torvalds Is Unconvinced By LTO'ing A Linux Kernel