Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Former contractor says FBI put back door in OpenBSD
ComputerWorld ^ | 12/15/10 | Robert McMillan

Posted on 12/15/2010 11:59:49 AM PST by LibWhacker

A former government contractor says that the FBI installed a number of back doors into the encryption software used by the OpenBSD operating system.

The allegations were made public Tuesday by Theo de Raadt, the lead developer in the OpenBSD project. DeRaadt posted an e-mail sent by the former contractor, Gregory Perry, so that the matter could be publicly scrutinized.

"The mail came in privately from a person I have not talked to for nearly 10 years," he wrote in his a posting to an OpenBSD discussion list. "I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public."

(Excerpt) Read more at computerworld.com ...


TOPICS: Computers/Internet
KEYWORDS: back; door; fbi; openbsd
Navigation: use the links below to view more comments.
first 1-2021-27 next last

1 posted on 12/15/2010 11:59:54 AM PST by LibWhacker
[ Post Reply | Private Reply | View Replies]

To: LibWhacker
If OpenBSD has it, the Linux kernel probably has it.
2 posted on 12/15/2010 12:03:34 PM PST by E. Pluribus Unum (DEFCON I ALERT: The federal cancer has metastasized. All personnel report to their battle stations.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: E. Pluribus Unum

Every OS has one, IMO.


3 posted on 12/15/2010 12:04:33 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: LibWhacker
Here's the original email:

http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

Scott Lowe (named in the email) denies being on the FBI payroll, as does another Scott Lowe that might have been confused with the first.

I haven't heard if anyone has examined the code committed by Jason Wright -- which is the person alleged to have written the code.

4 posted on 12/15/2010 12:07:11 PM PST by justlurking (The only remedy for a bad guy with a gun is a good WOMAN (Sgt. Kimberly Munley) with a gun)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

So much for the canard that open source operating systems are intrinsically more secure....


5 posted on 12/15/2010 12:07:23 PM PST by r9etb
[ Post Reply | Private Reply | To 1 | View Replies]

To: driftdiver

Yeah, that’s something I’ve always wondered about, esp. the free OS’s.


6 posted on 12/15/2010 12:09:51 PM PST by smokingfrog (But what do I know?)
[ Post Reply | Private Reply | To 3 | View Replies]

To: LibWhacker
Semi-rhetorical question:

How "open" is an open-source OS if the core code is encrypted?

7 posted on 12/15/2010 12:13:26 PM PST by DesertSapper (God, Family, Country . . . . . . . . . . and dead terrorists!!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: r9etb
Just think of it - a free OS. We're even gonna give you the source code. All except the kernel, that is.
Use with caution.
8 posted on 12/15/2010 12:16:51 PM PST by ComputerGuy (HM2/USN M/3/3 Marines RVN 66-67)
[ Post Reply | Private Reply | To 5 | View Replies]

To: LibWhacker

This is no problem if the FBI is only interested in catching terrorists. But if the administration decides to politicize the FBI and use it against political enemies, then we are in trouble.


9 posted on 12/15/2010 12:23:43 PM PST by Leftism is Mentally Deranged (Liberalism is against human nature. Practicing liberalism is detrimental to your mental stability.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

ping


10 posted on 12/15/2010 12:25:02 PM PST by LearnsFromMistakes (Yes, I am happy to see you. But that IS a gun in my pocket.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker
I know of the players involved here. It is highly dubious.

Besides, the OpenBSD code is open source and subject to intense scrutiny.

11 posted on 12/15/2010 12:28:59 PM PST by The Duke
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

12 posted on 12/15/2010 12:37:00 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Leftism is Mentally Deranged
But if the administration decides to politicize the FBI

IF? Since when has any government hesitated to use police power to its advantage?

13 posted on 12/15/2010 12:38:52 PM PST by mas cerveza por favor
[ Post Reply | Private Reply | To 9 | View Replies]

To: DesertSapper

What makes you say the “core code is encrypted?

As far as I know, it’s all plain text C source files and headers.

No?


14 posted on 12/15/2010 12:45:58 PM PST by Pessimist
[ Post Reply | Private Reply | To 7 | View Replies]

To: LibWhacker

Theo de Raadt a paranoid a-hole first class, but an obscenely highly skilled one. Its hard to know what to believe. However, he has posted this in the open, so the truth will be known eventually.


15 posted on 12/15/2010 12:52:16 PM PST by antiRepublicrat
[ Post Reply | Private Reply | To 1 | View Replies]

To: smokingfrog

Why especially the free ones? At least where we have source code, we can identify the breaches. With proprietary software, you’d never know.


16 posted on 12/15/2010 5:31:36 PM PST by zeugma (Ad Majorem Dei Gloriam)
[ Post Reply | Private Reply | To 6 | View Replies]

To: LibWhacker

Isn’t OS X based on freeBSD? If this is true it’s may also impact Mac OS X.


17 posted on 12/15/2010 5:36:16 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills.

We have fixed many simple and obvious careless programming errors in code and only months later discovered that the problems were in fact exploitable. (Or, more likely someone on BUGTRAQ would report that other operating systems were vulnerable to a `newly discovered problem', and then it would be discovered that OpenBSD had been fixed in a previous release). In other cases we have been saved from full exploitability of complex step-by-step attacks because we had fixed one of the intermediate steps.

** I guess it just depends upon the competency and trustworthiness of the people developing the code. **

18 posted on 12/15/2010 5:48:49 PM PST by smokingfrog (But what do I know?)
[ Post Reply | Private Reply | To 16 | View Replies]

To: ShadowAce; zeugma
Wow, the anti-open, anti-free, pro-proprietary folks are having a field day on this thread. Even got a sideways glancing blow at OS-X! Mis-information and innuendo abounding! Come and get it! Huzzah! Huzzah!

As though the shrouded-in-ignorance, secret, proprietary vendors, one of whom (I won't say whom, but their initials are "MS") came out a little while ago and admitted, "Nobody really understands what's going on inside the W____ operating system", somehow are doing any better??

And who believes that proprietary software is free of backdoors? Unlike open source, that has to be a complete act of faith! Let's see a show of hands...

Sheesh.

If there's any truth to this accusation, it'll get routed out fairly quickly and that will be the end of that. That's the whole point.

19 posted on 12/15/2010 8:45:38 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 12 | View Replies]

To: for-q-clinton
Isn’t OS X based on freeBSD? If this is true it’s may also impact Mac OS X.

This is a problem in OpenBSD. FreeBSD and NetBSD were both based on 386BSD from the early 90s. OS X is based on these. Theo de Raadt started OpenBSD as a fork from NetBSD in 1995 after he was kicked off the NetBSD project.

But more specifically, FreeBSD, NetBSD, OS X and to some extent Linux use one IPSEC implementation, while the OpenBSD project wrote its own. So, no, OS X isn't affected by this particular vulnerability.

20 posted on 12/16/2010 11:30:29 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 17 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-27 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson