Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

FBI 'Conspiracy' Infiltrated OpenBSD, Created Backdoors into Internet Networking Code

Comments

  • Closed Accounts Posts: 4,564 ✭✭✭Naikon


    Holy ****:eek:


  • Registered Users, Registered Users 2 Posts: 634 ✭✭✭loldog


    As I understand it, someone reviewing the source code wouldn't actually spot it, because of the way it's concealed. Is that right? Who knows what's lurking in Windows and OSX, eh?

    .


  • Registered Users, Registered Users 2 Posts: 218 ✭✭Tillotson


    Seems incredible. Why would the FBI NDA be limited to 10 years? If the NDA has expired why hasn't anyone else corroborated the story? Is it possible the backdoor survived 10 years of BSD code audits? Would the FBI not be better off looking for pre-existing vulnerabilities?


  • Closed Accounts Posts: 664 ✭✭✭Galen


    Software flaws don't negate "many eyes" in open source
    Bugs in Linux, OpenBSD are just human nature, not a flaw in the system

    The allegations from Greg Perry regarding backdoors allegedly placed within OpenBSD about a decade ago seem to be shifting more and more into the realm of fantasy as each day goes by.

    To date, Perry has not responded to my inquiry regarding his Dec. 11 e-mail to OpenBSD founder Theo de Raadt, nor to my knowledge has he responded publicly anywhere else. Meanwhile, the two (or three, depending on how you count it) people named in Perry's message to de Raadt as parties to this supposed backdoor activity, Scott Lowe and Jason Wright, have denied their involvement--the latter within the same [openbsd-tech] thread that started all this.

    Use link for rest of article http://www.itworld.com/open-source/131173/software-flaws-dont-negate-many-eyes-open-source


  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    I tend to agree with Schneider.
    I doubt this is true. One, it's a very risky thing to do. And two, there are more than enough exploitable security vulnerabilities in a piece of code that large. Finding and exploiting them is a much better strategy than planting them. But maybe someone at the FBI is that dumb.


  • Advertisement
  • Closed Accounts Posts: 5,082 ✭✭✭Pygmalion


    I tend to agree with Schneider.

    To be fair, OpenBSD has a ridiculously good record with that stuff.
    AFAIK (and wikipedia seems to confirm) there have been 2 remotely exploitable vulnerabilities discovered in the default install since late 90s.
    Not saying that these are the only two vulnerabilities that have ever existed there of course, but the fact that they're the only ones publicly known about imply that they aren't exactly common, or easy to find, and the fact that OpenBSD prides itself on this and puts a lot of effort into security IMO makes it a fairly good target, moreso than the other BSDs anyway.

    It's fairly easy for someone to say "It's a big project, it simply must be riddled with vulnerabilities", but this simply hasn't been shown to be true.

    That said, I don't believe there have been backdoors, and if there were they surely weren't disclosed just because the FBI didn't think a few years ahead when they made a ridiculously short NDA.


  • Registered Users, Registered Users 2 Posts: 1,889 ✭✭✭evercloserunion


    Pygmalion wrote: »
    That said, I don't believe there have been backdoors, and if there were they surely weren't disclosed just because the FBI didn't think a few years ahead when they made a ridiculously short NDA.
    I think the strangest part to me is the ten year NDA. The FBI would be well used to doing sinister stuff in secret, I'm sure it's not standard practice to allow agents to blabber to their hearts' content after ten years.


Advertisement