Posted on 12/15/2010 11:59:49 AM PST by LibWhacker
A former government contractor says that the FBI installed a number of back doors into the encryption software used by the OpenBSD operating system.
The allegations were made public Tuesday by Theo de Raadt, the lead developer in the OpenBSD project. DeRaadt posted an e-mail sent by the former contractor, Gregory Perry, so that the matter could be publicly scrutinized.
"The mail came in privately from a person I have not talked to for nearly 10 years," he wrote in his a posting to an OpenBSD discussion list. "I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public."
(Excerpt) Read more at computerworld.com ...
Every OS has one, IMO.
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
Scott Lowe (named in the email) denies being on the FBI payroll, as does another Scott Lowe that might have been confused with the first.
I haven't heard if anyone has examined the code committed by Jason Wright -- which is the person alleged to have written the code.
So much for the canard that open source operating systems are intrinsically more secure....
Yeah, that’s something I’ve always wondered about, esp. the free OS’s.
How "open" is an open-source OS if the core code is encrypted?
This is no problem if the FBI is only interested in catching terrorists. But if the administration decides to politicize the FBI and use it against political enemies, then we are in trouble.
ping
Besides, the OpenBSD code is open source and subject to intense scrutiny.
IF? Since when has any government hesitated to use police power to its advantage?
What makes you say the “core code is encrypted?
As far as I know, it’s all plain text C source files and headers.
No?
Theo de Raadt a paranoid a-hole first class, but an obscenely highly skilled one. Its hard to know what to believe. However, he has posted this in the open, so the truth will be known eventually.
Why especially the free ones? At least where we have source code, we can identify the breaches. With proprietary software, you’d never know.
Isn’t OS X based on freeBSD? If this is true it’s may also impact Mac OS X.
We have fixed many simple and obvious careless programming errors in code and only months later discovered that the problems were in fact exploitable. (Or, more likely someone on BUGTRAQ would report that other operating systems were vulnerable to a `newly discovered problem', and then it would be discovered that OpenBSD had been fixed in a previous release). In other cases we have been saved from full exploitability of complex step-by-step attacks because we had fixed one of the intermediate steps.
** I guess it just depends upon the competency and trustworthiness of the people developing the code. **
As though the shrouded-in-ignorance, secret, proprietary vendors, one of whom (I won't say whom, but their initials are "MS") came out a little while ago and admitted, "Nobody really understands what's going on inside the W____ operating system", somehow are doing any better??
And who believes that proprietary software is free of backdoors? Unlike open source, that has to be a complete act of faith! Let's see a show of hands...
Sheesh.
If there's any truth to this accusation, it'll get routed out fairly quickly and that will be the end of that. That's the whole point.
This is a problem in OpenBSD. FreeBSD and NetBSD were both based on 386BSD from the early 90s. OS X is based on these. Theo de Raadt started OpenBSD as a fork from NetBSD in 1995 after he was kicked off the NetBSD project.
But more specifically, FreeBSD, NetBSD, OS X and to some extent Linux use one IPSEC implementation, while the OpenBSD project wrote its own. So, no, OS X isn't affected by this particular vulnerability.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.