Language Selection

English French German Italian Portuguese Spanish

Allegations of OpenBSD Backdoors May be True, Updated

Filed under
Security
BSD

It was just last week that Theo de Raadt, OpenBSD founder and developer, posted an email that claimed the Federal Bureau of Investigations paid OpenBSD developers to leave backdoors in its IPSEC network security stack. Since then early audits have found some questionable code, contributors denied any wrongdoing, and the original source reaffirmed his allegations.

It'll take time to go through all the code but de Raadt said "two bugs in our cryptographic code" have already been found. "We are assessing the impact. We are also assessing the 'archeological' aspects of this," he added.

In further developments, de Raadt said yesterday that Angelos had worked on the cypto stack in question for four years when accepting a contract at NETSEC. Angelos "wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on. That crypto layer ontained the half-assed insecure idea of half-IV that the US govt was pushing at that time. Soon after his contract was over this was ripped out."

full story




Yes, no or who cares?

Very interesting how this is getting played out in the public arena.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Building a Healthy Web to Hand to Future Generations

The Mozilla project is dedicated to tackling these challenges. Our community makes Firefox products that are loved and used the world over, all in service of our mission to protect the Web. We are also hard at work teaching thousands more people how to help build the Web, developing innovative open source technologies for others to leverage, protecting individual privacy and establishing technical standards. Read more

Linus Torvalds Launches Linux Kernel 3.19 RC1, One of the Biggest So Far

The first Linux kernel Release Candidate has been made available in the 3.19 branch and it looks like it's one of the biggest ones so far. Linux Torvalds surprised everyone with an early launch, but it's easy to understand why. Read more

Advocacy group: ‘ICT procurement is broken’

Public administrations in the EU are hindering competition by asking for specific brands and products when procuring software solutions, says OpenForum Europe, an organisation campaigning for an open, competitive ICT market. “No progress has been made in recent years. In fact the practice of referring to brand names in public procurement has become more widespread”, OFE says. Read more

7-Way Linux Graphics Card Comparison With Civilization Beyond Earth

The performance of Civilization: Beyond Earth on Linux is quite demanding. The OpenBenchmarking.org test profile of Civilization Beyond Earth uses roughly the high image quality settings and for this article the tests were done at 1920 x 1080. As the results are about to show, even with modern graphics cards, it's quite a chore putting out a decent frame-rate at 1080p for this strategy game. Read more