Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Permalink for comment 453613
To read all comments associated with this story, please click here.
Member since:

Also, libraries, assemblers, parser generators, etc., must also be checked.

Don't forget the kernel. Compiler binaries could be clean on disk, but compromised when loaded into memory. The kernel binary is clean too, but that was compromised by the boot loaded, which was in turn compromised by the BIOS. And that came about because the software controlling the manufacturing plant was compromised to embed the hack into every chip that came out.

Just how paranoid do you want to be? Because taking precautions is good, but it's the first step on the road to madness.

Reply Parent Score: 5