PDA

View Full Version : FBI paid to have backdoors inserted into BSD



zer010
December 15th, 2010, 02:22 AM
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2


I have received a mail regarding the early development of the OpenBSD
IPSEC stack. It is alleged that some ex-developers (and the company
they worked for) accepted US government money to put backdoors into
our network stack, in particular the IPSEC stack. Around 2000-2001.Anyone else heard of this or can confirm it? What's the likely-hood of this
happening in Linux?
Edit: Title should read: FBI paid to have backdoors inserted into OpenBSD

amauk
December 15th, 2010, 02:27 AM
I find the idea of a secret backdoor in, what's arguably the most security-conscious (if not most secure) *nix OS, highly doubtful

More so that it apparently went undiscovered for 10 years

Even more so that after 10 years of active OS development, the backdoor is still there and functional

I suspect this whole thing is bogus, but anyway...

hansdown
December 15th, 2010, 02:32 AM
Thanks zer010.

That is interesting.

What now?

zer010
December 15th, 2010, 02:33 AM
True, it is only allegations of such activity. Scary thought either way.
http://www.osnews.com/story/24136/_FBI_Added_Secret_Backdoors_to_OpenBSD_IPSEC_

3Miro
December 15th, 2010, 02:35 AM
I find the idea of a secret backdoor in, what's arguably the most security-conscious (if not most secure) *nix OS, highly doubtful

More so that it apparently went undiscovered for 10 years

Even more so that after 10 years of active OS development, the backdoor is still there and functional

I suspect this whole thing is bogus, but anyway...

+1. 10 years with nobody finding this. At any rate, there should be more evidence if this thing is there, not just a random e-mail.

zer010
December 15th, 2010, 02:49 AM
It does seem unlikely for the reasons that have been given, but it'd be nice to know for sure... It's definitely a call for more inspection of what a lot/some of people take for granted

Dustin2128
December 15th, 2010, 05:35 AM
+1. 10 years with nobody finding this. At any rate, there should be more evidence if this thing is there, not just a random e-mail.
Well- meh, I'm sleepy. I'll let someone else describe the debian openssl thing.

handy
December 15th, 2010, 07:48 AM
It is a load of crap!

Too many eyes for too many years on this one.

Sef
December 15th, 2010, 08:13 AM
Locked. This just seems to be FUD. Here's an article refuting (http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant) the allegations.