Language Selection

English French German Italian Portuguese Spanish

Allegations of OpenBSD Backdoors May be True, Updated

Filed under
Security
BSD

It was just last week that Theo de Raadt, OpenBSD founder and developer, posted an email that claimed the Federal Bureau of Investigations paid OpenBSD developers to leave backdoors in its IPSEC network security stack. Since then early audits have found some questionable code, contributors denied any wrongdoing, and the original source reaffirmed his allegations.

It'll take time to go through all the code but de Raadt said "two bugs in our cryptographic code" have already been found. "We are assessing the impact. We are also assessing the 'archeological' aspects of this," he added.

In further developments, de Raadt said yesterday that Angelos had worked on the cypto stack in question for four years when accepting a contract at NETSEC. Angelos "wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on. That crypto layer ontained the half-assed insecure idea of half-IV that the US govt was pushing at that time. Soon after his contract was over this was ripped out."

full story




Yes, no or who cares?

Very interesting how this is getting played out in the public arena.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Librem 5 Phone Progress Report

  • Librem 5 Phone Progress Report – The First of Many More to Come!
    First, let me apologize for the silence. It was not because we went into hibernation for the winter, but because we were so busy in the initial preparation and planning of a totally new product while orienting an entirely new development team. Since we are more settled into place now, we want to change this pattern of silence and provide regular updates. Purism will be giving weekly news update posts every Tuesday, rotating between progress on phone development from a technology viewpoint (the hardware, kernel, OS, etc.) and an art of design viewpoint (UI/UX from GNOME/GTK to KDE/Plasma). To kickoff this new update process, this post will discus the technological progress of the Librem 5 since November of 2017.
  • Purism Eyeing The i.MX8M For The Librem 5 Smartphone, Issues First Status Update
    If you have been curious about the state of Purism's Librem 5 smartphone project since its successful crowdfunding last year and expedited plans to begin shipping this Linux smartphone in early 2019, the company has issued their first status update.

Benchmarking Retpoline-Enabled GCC 8 With -mindirect-branch=thunk

We have looked several times already at the performance impact of Retpoline support in the Linux kernel, but what about building user-space packages with -mindirect-branch=thunk? Here is the performance cost to building some performance tests in user-space with -mindirect-branch=thunk and -mindirect-branch=thunk-inline. Read more

An introduction to Inkscape for absolute beginners

Inkscape is a powerful, open source desktop application for creating two-dimensional scalable vector graphics. Although it's primarily an illustration tool, Inkscape is used for a wide range of computer graphic tasks. The variety of what can be done with Inkscape is vast and sometimes surprising. It is used to make diagrams, logos, programmatic marketing materials, web graphics, and even for paper scrapbooking. People also draw game sprites, produce banners, posters, and brochures. Others use Inkscape to draft web design mockups, detail layouts for printed circuit boards, or produce outline files to send to laser cutting equipment. Read more

Behind the scenes with Pop!_OS Linux

In October, Linux PC maker System76 released its homegrown version of Linux, Pop!_OS, giving users the choice between its legacy Ubuntu operating system or the new Pop!_OS flavor of Linux. Recently Opensource.com gave away a System76 laptop with Pop!_OS installed, which made me curious about the company and this new version of Linux, so I spoke with Cassidy James Blaede, Pop!_OS's user experience (UX) designer. Blaede joined System76 in 2014, fresh out of college at the University of Northern Iowa and marriage to his wife, Katie. While in college, he co-founded the elementary OS project and interned at UX consultancy Visual Logic, both of which influenced his work for System76. He started at System76 as a front-end developer and was later promoted to UX architect. Read more