Language Selection

English French German Italian Portuguese Spanish

Developer defends claims of backdoors in OpenBSD

Filed under
Security
BSD

The former OpenBSD developer who has caused a stir by claiming that the FBI had, through certain other OpenBSD developers, planted backdoors in its cryptographic code, says he raised the matter only to encourage a source code audit of the OpenBSD project.

Gregory Perry made the claim in an email to OpenBSD founder Theo de Raadt who posted the mail along with his comments to the openbsd-tech mailing list.

Perry, chief executive of a company named GoVirtual, told iTWire: "I have absolutely, positively nothing to gain from making those statements to Theo, and only did so to encourage a source code audit of the OpenBSD Project based upon the expiry of my NDA with the FBI. Being in any limelight is not my bag at all."

An audit of the cryptographic code has commenced and de Raadt told iTWire yesterday that two bugs had been found.

Perry said he had sent a private email to de Raadt, urging him to perform a source code audit of the OpenBSD Project based upon the allegations contained within the mail.

rest here




More in Tux Machines

Red Hat News and More on the Negative Results

Android Leftovers

Canonical Releases AMD Microcode Updates for All Ubuntu Users to Fix Spectre V2

The Spectre microprocessor side-channel vulnerabilities were publicly disclosed earlier this year and discovered to affect billions of devices made in the past two decades. Unearthed by Jann Horn of Google Project Zero, the second variant (CVE-2017-5715) of the Spectre vulnerability is described as a branch target injection attack. The security vulnerability affects all microprocessors that use branch prediction and speculative execution function, and it can allow unauthorized memory reads via side-channel attacks if the system isn't patched. For example, a local attacker could use it to expose sensitive information, including kernel memory. Read more

PulseAudio 12 Open-Source Sound System Released with AirPlay, A2DP Improvements

Highlights of PulseAudio 12.0 include better latency reporting with the A2DP Bluetooth profile, which also improves A/V sync, more accurate latency reporting on AirPlay devices, the ability to prioritize HDMI output over S/PDIF output, HSP support for more Bluetooth headsets, and the ability to disable input and output on macOS. PulseAudio 12.0 also adds support for Steelseries Arctis 7 USB headset stereo output and Dell's Thunderbolt Dock TB16 speaker jack, a new "dereverb" option that can be used for the Speex echo canceller, a new module-always-source module, better detection of Native Instruments Traktor Audio 6, and improved digital input support for various USB sound cards. Read more