Announcement

Collapse
No announcement yet.

The FBI Paid OpenBSD Developers For Backdoors?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • cl333r
    replied
    You do know that Microsoft can (and will) give them the stripped version of code without the security back-doors, don't you?

    Leave a comment:


  • BlackStar
    replied
    Originally posted by cl333r View Post
    Since in windows the code doesn't have to hide (since window$ is closed source) such code might even have a dedicated API, i.e. the "Windows Spying API", just kidding..
    You do know that Microsoft customers can request access to the Windows source-code for security audits, don't you? This is kind of a necessity, give that Windows is occasionally used in security-critical places.

    Not saying that deliberate backdoors aren't there, but they are probably well-hidden in non-apparent places (like the header and random padding of encrypted packets). This kind of stuff is almost impossible to detect without forehand knowledge.

    Leave a comment:


  • cl333r
    replied
    Since in windows the code doesn't have to hide (since window$ is closed source) such code might even have a dedicated API, i.e. the "Windows Spying API", just kidding..

    Leave a comment:


  • cl333r
    replied
    Also remember that Google is working with the CIA (more likely with other organizations too), Microsoft with NSA (likely with other orgs too), OpenBSD is and has been compromised for a decade too. All of this is virtually impossible to fix because it's either closed source or those who injected bad code certainly made sure it's not easily discoverable, and IMHO Linux is compromised too because it amounts for like 50% of all servers and common sense implies that the USA government couldn't possibly leave Linux alone since it's the 500 pounds gorilla in the server market.
    In short, de facto, no matter how bad it sounds, the current state of security is a joke, and btw I'm sure Window$ has even more (much more!) CIA/NSA/FBI back-doors spying crap.

    Leave a comment:


  • Naib
    replied
    WAsn't someone paid to not disclose a SAMBA bug quite a while ago?

    Leave a comment:


  • linux5850
    replied
    One thing everyone should do is learn how useless SELinux is.

    Here is one video:

    "Linux 2.6.31 perf_counter x86/x64 Local Root Exploit with SELinux user_u defeat and disabling"
    http://www.youtube.com/watch?v=KvREwhfQmbc

    and here is the guys Youtube channel. Phoronix should interview him.

    http://www.youtube.com/user/spendergrsec

    Leave a comment:


  • BlackStar
    replied
    Originally posted by Apopas View Post
    Why not? Who can stop me from adding backdoors in my proprietary code?
    The only difference is that you (the evil attacker) cannot submit a patch directly to Microsoft unless you work there already.

    The fact is that users with high security requirements cannot reasonably trust either open-source or closed-source code without a security audit. This is generally simpler to perform on open-source software and you benefit from the fact that multiple eyes have looked at the source code before (security through transparency, all crypto is based on this).

    Exactly. That's what we get from that. If such things happen in open code, we can not, never ever, trust code we can't see. That's why is the most stupid thing ever that the greek army (and a lot of others) uses windows as it's main platform
    I'd say that the OS is the least of the problems with this army but yeah, building all government infrastructure on closed-source code controlled by another country is probably not the brightest idea.

    Leave a comment:


  • Apopas
    replied
    Originally posted by BlackStar View Post
    No, not really.
    Why not? Who can stop me from adding backdoors in my proprietary code?

    This means you can't trust it, period.
    Exactly. That's what we get from that. If such things happen in open code, we can not, never ever, trust code we can't see. That's why is the most stupid thing ever that the greek army (and a lot of others) uses windows as it's main platform

    Leave a comment:


  • curaga
    replied
    It's been said that OpenSwan and FreeSwan do not contain this code.

    @Blackstar:

    Sex by surprise charges, not rape

    Leave a comment:


  • 0e8h
    replied
    Wow the kind of story that matters. Thanks for reporting this.

    Leave a comment:

Working...
X