Language Selection

English French German Italian Portuguese Spanish

Allegations of OpenBSD Backdoors May be True, Updated

Filed under
Security
BSD

It was just last week that Theo de Raadt, OpenBSD founder and developer, posted an email that claimed the Federal Bureau of Investigations paid OpenBSD developers to leave backdoors in its IPSEC network security stack. Since then early audits have found some questionable code, contributors denied any wrongdoing, and the original source reaffirmed his allegations.

It'll take time to go through all the code but de Raadt said "two bugs in our cryptographic code" have already been found. "We are assessing the impact. We are also assessing the 'archeological' aspects of this," he added.

In further developments, de Raadt said yesterday that Angelos had worked on the cypto stack in question for four years when accepting a contract at NETSEC. Angelos "wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on. That crypto layer ontained the half-assed insecure idea of half-IV that the US govt was pushing at that time. Soon after his contract was over this was ripped out."

full story




Yes, no or who cares?

Very interesting how this is getting played out in the public arena.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Leftovers: Software

today's howtos

Leftovers: Gaming

Can Marten Mickos make 'Linux for the cloud' work for HP?

Hewlett-Packard didn’t just buy cloudy startup Eucalyptus Systems to build its fledgling OpenStack cloud biz, it also bought Marten Mickos, the firm’s Finnish CEO. HP isn’t the first to pay for Mickos' expertise - that was Sun Microsystems, when it acquired his venture previous venture, MySQL AB, for $1bn in 2008. Read more