On Thu, Jul 5, 2012 at 11:44 AM, knox j <[email protected]> wrote: > Whats your take on this: > http://www.osnews.com/story/24136/_FBI_Added_Secret_Backdoors_to_OpenBSD_IPSEC_/ > ? > Theo de raadt and FBI backdoor? >
Well I am not an OpenBSD deveploer neither am I an FBI professional. But I guess Athlaf or somebody already sent this to this list before me. So my take on this is as good as yours. Our sources are then the Internet. After this news was posted on the misc@ mailinglist by Theo de Raadt there were explantions and denials by developers and a call for auditing of that section of code. Others also audited the code and nothing was found according to the allegations. http://arstechnica.com/information-technology/2010/12/openbsd-code-audit-uncovers-bugs-but-no-evidence-of-backdoor/ If you want every detail you can dig http://marc.info/?l=openbsd-misc&r=1&w=2 I was alarmed at this news because we should not trust any man or project blindly. FBI is bigger than any open source project and they could covertly infiltrate any project with their own developers especially when open source projects does not conduct any background checking before employing people. I still continued to use OpenBSD as firewall since I don't use IPSEC. Later the fog was cleared and any day OpenBSD is my first choice for perimeter security and for many other tasks including desktop ( i started liking dragonfly too for a desktop a few years back ) But this incident has really shook me because OpenBSD was one of the project that audits code rigorusly. http://www.openbsd.org/security.html#process This kind of adding backdoor might be difficult in OpenBSD but it is pretty easy in linux because of the lack of thorough auditing. hope this helps --Siju _______________________________________________ Indian Libre User Group Cochin Mailing List http://www.ilug-cochin.org/mailing-list/ http://mail.ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org #[email protected]
