Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Permalink for comment 453587
To read all comments associated with this story, please click here.
UltraZelda64
Member since:
2006-12-05

It's real bad when a United States government agency can secretly bribe developers of an OS whose developers seemed to take pride in the fact that their code didn't have certain restrictions (ie, regarding cryptography) that it would be forced to contain if it was released in the US. So much for the "it came from Canada, the US can't touch it" claim--apparently it's just a completely false sense of security.

It's not just sad, but disturbing that this happened--to OpenBSD, of all the OSes. And even more so that this was planted in the OS ten f***ing years ago. Come on, really, the *other* developers never noticed this until an e-mail was sent to Theo just now? Now, I'm not slamming open source, so don't take it that way--but isn't open code supposed to prevent this kind of stuff? And such a security- and code-correctness-focused OS like OpenBSD didn't catch it?

This is extremely disturbing. I'm a US citizen, and let me be the first to say f*** you Government. And all ten of the OpenBSD developers that decided to take the bribe money secretly give the government extra power in a security-focused (or hell, ANY) OS.

And who knows what other OSes are affected, as the link says--considering it's open source and possibly shared with other operating systems. Or *if* they are really affected--hopefully it's just a bunch of bullshit.

Edited 2010-12-15 00:21 UTC

Reply Score: 2