Language Selection

English French German Italian Portuguese Spanish

Allegations of OpenBSD Backdoors May be True, Updated

Filed under
Security
BSD

It was just last week that Theo de Raadt, OpenBSD founder and developer, posted an email that claimed the Federal Bureau of Investigations paid OpenBSD developers to leave backdoors in its IPSEC network security stack. Since then early audits have found some questionable code, contributors denied any wrongdoing, and the original source reaffirmed his allegations.

It'll take time to go through all the code but de Raadt said "two bugs in our cryptographic code" have already been found. "We are assessing the impact. We are also assessing the 'archeological' aspects of this," he added.

In further developments, de Raadt said yesterday that Angelos had worked on the cypto stack in question for four years when accepting a contract at NETSEC. Angelos "wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on. That crypto layer ontained the half-assed insecure idea of half-IV that the US govt was pushing at that time. Soon after his contract was over this was ripped out."

full story




Yes, no or who cares?

Very interesting how this is getting played out in the public arena.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Ubuntu GNOME 16.04.1 LTS Released but Still Doesn't Uses the GNOME 3.20 Stack

As we reported last week, Canonical published the first point release of its long-term supported Ubuntu 16.04 LTS (Xenial Xerus) operating system, offering users new installation mediums with all the updates made available since April 21, 2016. Read more

KDE Applications 16.08 Software Suite Is in Beta, Final Release Coming August 18

Now that the third and last maintenance update of the KDE Applications 16.04 software suite has debuted, it's time for us to take the Beta build of the next major KDE Applications release for a test drive. Read more

Android Leftovers

Lennart Poettering Announces systemd 231 Init System [sic] for GNU/Linux Distributions

Today, July 25, 2016, systemd creator Lennart Poettering has proudly announced the release and general availability of the systemd 231 init system for major GNU/Linux OSes. Bringing lots of fixes and numerous additions, systemd 231 is now the most advanced version of the modern and controversial init system that has been adopted in the last few years by more and more Linux kernel-based operating systems, including Fedora, Ubuntu, Arch Linux, openSUSE, Red Hat Enterprise Linux, and many others. Read more