Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Permalink for comment 453712
To read all comments associated with this story, please click here.
ichi
Member since:
2007-03-06

And you obviously don't know what you are talking about if you think that code with a logic issue is easier to detect then code that does something completely different then it should.


If you were to put a backdoor in some program you wouldn't insert a "backdoor code", which could be easily spotted, but place a concealed bug that you can exploit later. A bug inside a piece of code that other than that does exactly what it's supposed to do.

As such, in the event it was found, it would be indistinguishable from any other bug, and because it's deliberately concealed it'd be harder to find.

Which leads to believe that maybe, just maybe, someone could actually have fixed that backdoor already (if it's true that it was placed to begin with). If some dev had found it he wouldn't have gone "OMG A BACKDOOR!!!" but just fix it the same as with any other bug.

Reply Parent Score: 3