Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Permalink for comment 453701
To read all comments associated with this story, please click here.
Valhalla
Member since:
2006-01-24

And you obviously don't know what you are talking about if you think that code with a logic issue is easier to detect then code that does something completely different then it should.

Seriously, how long have you been programming and at what level? I programmed professionally for 8+ years (assembly, c, c++, perl, python). You can hide malicious code in logic issues aswell as using other techniques. For some examples (that I think you should be able to follow):

http://underhanded.xcott.com/?page_id=17

And this was in the crypto framework, which is quite advanced stuff and the mail mentioned key-leaking mechanisms. And no, it's not going to be any function call in the middle of the code called 'leak_keys()', I thought you were just trolling but it seems you are most likely very incompetent.

Edited 2010-12-15 15:58 UTC

Reply Parent Score: 3