Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Permalink for comment 453734
To read all comments associated with this story, please click here.
by mrstep on Wed 15th Dec 2010 20:22 UTC in reply to "FOIA"
Member since:

This is essentially the problem any company (or end user!) should have with open source - unless someone is charged with auditing the code coming in, who knows what's been installed / integrated with applications. Of course, the joke then is that who knows what someone could put in internally (plenty of Chinese nationals working in corporate IT departments, eh? what if you had a disgruntled developer at Intuit?), or what's in commercial software either. Subvert the code. Subvert the compiler. Subvert the OS. The hardware.... the hardware (chip) design software...

It's all very funny when reading about security anyway - 'we won't let you plug in a USB stick'. OK, that's 1 issue, but damn if it doesn't go way way deeper than that.

Reply Parent Score: 1