Language Selection

English French German Italian Portuguese Spanish

Allegations of OpenBSD Backdoors May be True, Updated

Filed under
Security
BSD

It was just last week that Theo de Raadt, OpenBSD founder and developer, posted an email that claimed the Federal Bureau of Investigations paid OpenBSD developers to leave backdoors in its IPSEC network security stack. Since then early audits have found some questionable code, contributors denied any wrongdoing, and the original source reaffirmed his allegations.

It'll take time to go through all the code but de Raadt said "two bugs in our cryptographic code" have already been found. "We are assessing the impact. We are also assessing the 'archeological' aspects of this," he added.

In further developments, de Raadt said yesterday that Angelos had worked on the cypto stack in question for four years when accepting a contract at NETSEC. Angelos "wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on. That crypto layer ontained the half-assed insecure idea of half-IV that the US govt was pushing at that time. Soon after his contract was over this was ripped out."

full story




Yes, no or who cares?

Very interesting how this is getting played out in the public arena.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

elementary OS News: New Wallpapers Added and No True HiDPI Support in This Cycle

It's been rather quiet on the elementary OS front in the past couple of months, with the exception of a new Beta version that was made available. Now we can see that some new wallpapers have been added to the distro, which might spice things up a little bit. Read more

OSS Watch: ‘Universities need to adapt to open source’

Computer Science students are not learning the skills they need for working in the modern free and open source-friendly of software development, says Scott Wilson, service manager at OSS Watch, a service for higher and further education institutions in the UK. “Institutions need to rethink how they teach computing, to ensure students can practice the craft of software development, such as the use of source control, issue tracking and test-driven development, rather than just programming languages.” Read more

Ubuntu MATE Donates Money to Tilda and Plank Projects

The Ubuntu MATE project receives donations from over the world, but the developers don't spend it all in one place. In fact, they also contribute to other projects and this month the two projects that received funds are Tilda and Plank. Read more

OpenBSD 5.7 highlights

The OpenBSD 5.7 release is still a month away, but the changes have been done for some time. The release page lists lots of changes, though certainly not all, and sometimes it’s hard to tell the big changes from the small changes. Annoying perhaps, but rewarding to someone who reads through the entire list looking for hidden gems. A few notes about changes I found personally interesting. Read more