Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453596
To view parent comment, click here.
To read all comments associated with this story, please click here.
_txf_
Member since:
2008-03-17

True that is scary.

But the other side of the coin is the NSA developing SELinux.

Reply Parent Score: 3

broken_symlink Member since:
2005-07-06

And whose to say there aren't any backdoors in that?

Reply Parent Score: 3

UltraZelda64 Member since:
2006-12-05

And whose to say there aren't any backdoors in that?

Exactly... if this turns out to be true, then SELinux will become just as questionable. I don't give a shit which "branch" or "agency" of the US government it is: FBI, FDA, DEA, NSA, blah blah blah... whatever it is, it just destroyed the credibility of the ENTIRE United States government in my view. Not a good thing (and certainly not the first time: why the f*** is Stevia, the sweet-leaved and as far as we know quite harmless plant, only allowed to be sold as a "dietary supplement" unless one of its relatively untested extracts are used? You know, that one stevioside that Coke and those other companies are betting behind and making trademarks for, and forgetting about the rest of the plant...

And to be fair, not a hard thing to do, considering I've always questioned the government to begin with. I mean, seriously, what the f*** is up with these drug laws?

Yet tobacco--a prime killer in the US--is 100% legal as soon as you're 18 (most people I know started far sooner), alcohol is legal when you're 21 (yet another dangerous one and most people I know--including myself--have started at a younger age), yet marijuana is one of the safer ones illegal for decades for no good reason, and Salvia divinorum is becoming illegal in many of the states without proper scientific testing (including already my own). Meanwhile, I can get a nice opioid high from the endorphins by simply running a mile or two or eating hot peppers, and my cats are allowed to get stoned off their ass on catnip. Seriously, what the f***? Good thing the government can't prevent my brain from producing opioids when my body is under stress!

I hope this does turn out to be false, but if not, I at least hope for the most minimal affect possible (ie., the least systems possible affected). The thought of this, as a Linux user and not an OpenBSD user, is still disturbing. If true... what else could they have done? I think I can get rid of all backdoors by the US government by not running a closed monopolistic OS (AKA Windows), and yet, it turns out that they may have snuck some backdoors in open source software as well, making anything connected to the Internet vulnerable to the US government.

Edited 2010-12-15 06:29 UTC

Reply Parent Score: 4

AdamW Member since:
2005-07-06

"And whose to say there aren't any backdoors in that?"

The Red Hat developers who do almost all the maintenance on it now. They know the code base pretty well.

(Of course, you'd have to trust *them*. And I don't know if they do say that. You'd have to ask them. Just they're probably the people in a position to tell you.)

Reply Parent Score: 3