Announcement

Collapse
No announcement yet.

The FBI Paid OpenBSD Developers For Backdoors?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Apopas
    replied
    Originally posted by XorEaxEax View Post
    Ahh so if something open source has been compromised then it somehow PROVES that it's not more secure than closed source? How
    did you reach that generalised conclusion (apart from either being stupid or just trolling) ?

    With open source you CAN audit, with closed source you CAN'T audit and thus you are totally at the mercy of your provider when it comes to security.
    +1
    And if you think that I prefer the Linux forums because I thought that the obvious things wouldn't need to be repeated again and again.

    Leave a comment:


  • Apopas
    replied
    Originally posted by deanjo View Post
    Well there goes another opensource myth. So much for "more eyes lead to more secure code" argument.
    It goes nowhere. If with so many eyes you have so many problems, imagine what holes in purpose dance under closed source projects.
    This incident proves that we must only accept opensource models BUT without stopping check them again and again.

    Leave a comment:


  • Apopas
    replied
    Originally posted by BlackStar View Post
    The only difference is that you (the evil attacker) cannot submit a patch directly to Microsoft unless you work there already.
    That's a different thing BlackStar. But anyway you understand what I mean, coz in later posts we agree with that...

    Leave a comment:


  • BlackStar
    replied
    Originally posted by crazycheese View Post
    Open-source is based on "public eyes" model.
    Yeah. And that's called trust.

    Closed source is based on trust(how that chip "secure" was called again?).
    No, closed-source is based on liability:
    - If a closed-source company releases code that steals user data, the user will sue that company.
    - If an unknown open-source developer contributes a patch that's found to be broken 2 years later (Debian anyone?), how exactly will you track him down? (You've never seen him, you have no name, no street address, no phone number, no nothing but an IP address - if that).

    Trust is a weakness.
    Absolutely.

    Leave a comment:


  • yogi_berra
    replied
    Originally posted by movieman View Post
    OH MY GOD! I FORGOT! I worked on a contract for Microsoft a decade ago and somoene told me that their brother's aunt's first cousin's boyfriend was paid by Richard Nixon to put a backdoor in Windows!

    Would anyone take that at all seriously even though Microsoft source is closed and no-one outside the company can even check to see whether such a back door exists? Yet people are ranting about the horrible security of an operating system where anyone who cares can trivially check the real, actual source code.
    You'd be surprised what people will take seriously. Some people actually bought the brooklyn bridge: http://www.nytimes.com/2005/11/27/ny...brid.html?_r=1

    Some people believe the September 11, 2001 Al Qaeda attacks were perpetrated by the U.S. Government: http://en.wikipedia.org/wiki/9/11_conspiracy_theories

    Some people believe the moon landings were faked: http://en.wikipedia.org/wiki/Moon_la...iracy_theories

    Some people actually believe that their email has won that lottery or that the counterfeit check cashing/money laundering scheme is legitimate.

    btw - http://scienceblogs.com/goodmath/200..._ritchie_a.php

    "Many eyes" is just a marketing line, it is not a security tool.

    Leave a comment:


  • crazycheese
    replied
    Originally posted by BlackStar View Post
    The main issue is that the open-source model is based on trust (or the illusion of trust).
    Open-source is based on "public eyes" model.
    Closed source is based on trust(how that chip "secure" was called again?).
    Trust is a weakness.

    Still, the situation is not so bad as in Syndicate Wars...

    I guess *BSD has once more confirmed they are useless.

    Leave a comment:


  • mugginz
    replied
    One can only hope the following is true.

    "OpenBSD/FBI allegations denied by named participants"
    http://www.itworld.com/open-source/1...ed-participant

    Leave a comment:


  • movieman
    replied
    Originally posted by deanjo View Post
    Well there goes another opensource myth. So much for "more eyes lead to more secure code" argument.
    The funny part is that no-one has actually demonstrated any proof of an actual back door. There's just an email saying 'someone paid someone to put a back door in the code', and suddenly everyone is running around shouting 'OH MY GOD! BSD SUCKS! OPEN SOURCE SUCKS!'

    And there's precisely zero actual evidence so far of an real, actual back door in the code.

    Wake me up when there's something more than a random email from a random person making random claims.

    OH MY GOD! I FORGOT! I worked on a contract for Microsoft a decade ago and somoene told me that their brother's aunt's first cousin's boyfriend was paid by Richard Nixon to put a backdoor in Windows!

    Would anyone take that at all seriously even though Microsoft source is closed and no-one outside the company can even check to see whether such a back door exists? Yet people are ranting about the horrible security of an operating system where anyone who cares can trivially check the real, actual source code.

    Leave a comment:


  • DarkFoss
    replied
    Originally posted by yogi_berra View Post
    No, no, it's sex by surprise.
    Hmm they could also plant child porn on his comp using another persons backdoor code

    Leave a comment:


  • XorEaxEax
    replied
    Originally posted by deanjo View Post
    Well there goes another opensource myth. So much for "more eyes lead to more secure code" argument.
    Ahh so if something open source has been compromised then it somehow PROVES that it's not more secure than closed source? How
    did you reach that generalised conclusion (apart from either being stupid or just trolling) ?

    With open source you CAN audit, with closed source you CAN'T audit and thus you are totally at the mercy of your provider when it comes to security.

    Leave a comment:

Working...
X