Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453606
To view parent comment, click here.
To read all comments associated with this story, please click here.
broken_symlink
Member since:
2005-07-06

And whose to say there aren't any backdoors in that?

Reply Parent Score: 3

UltraZelda64 Member since:
2006-12-05

And whose to say there aren't any backdoors in that?

Exactly... if this turns out to be true, then SELinux will become just as questionable. I don't give a shit which "branch" or "agency" of the US government it is: FBI, FDA, DEA, NSA, blah blah blah... whatever it is, it just destroyed the credibility of the ENTIRE United States government in my view. Not a good thing (and certainly not the first time: why the f*** is Stevia, the sweet-leaved and as far as we know quite harmless plant, only allowed to be sold as a "dietary supplement" unless one of its relatively untested extracts are used? You know, that one stevioside that Coke and those other companies are betting behind and making trademarks for, and forgetting about the rest of the plant...

And to be fair, not a hard thing to do, considering I've always questioned the government to begin with. I mean, seriously, what the f*** is up with these drug laws?

Yet tobacco--a prime killer in the US--is 100% legal as soon as you're 18 (most people I know started far sooner), alcohol is legal when you're 21 (yet another dangerous one and most people I know--including myself--have started at a younger age), yet marijuana is one of the safer ones illegal for decades for no good reason, and Salvia divinorum is becoming illegal in many of the states without proper scientific testing (including already my own). Meanwhile, I can get a nice opioid high from the endorphins by simply running a mile or two or eating hot peppers, and my cats are allowed to get stoned off their ass on catnip. Seriously, what the f***? Good thing the government can't prevent my brain from producing opioids when my body is under stress!

I hope this does turn out to be false, but if not, I at least hope for the most minimal affect possible (ie., the least systems possible affected). The thought of this, as a Linux user and not an OpenBSD user, is still disturbing. If true... what else could they have done? I think I can get rid of all backdoors by the US government by not running a closed monopolistic OS (AKA Windows), and yet, it turns out that they may have snuck some backdoors in open source software as well, making anything connected to the Internet vulnerable to the US government.

Edited 2010-12-15 06:29 UTC

Reply Parent Score: 4

UltraZelda64 Member since:
2006-12-05

I wanted to add this link about high-fructose corn syrup to my last post, but the time has expired:

http://www.youtube.com/watch?v=dBnniua6-oM

Alcohol without the buzz... every bit as physically dangerous, but 100% legal... even for kids. [Pepsi... Coke... Mountain Dew... RC... virtually every pop/soda out there as long as it contains High Fructose Corn Syrup (and usually as the second ingredient on the list, beside carbonated water.)] The "made with natural sugar" types are relatively rare, and while still bad, their main side-effect is rotting teeth (bactera love sugar).

And about the natural high from hot peppers (and running, and other physical stress):

http://en.wikipedia.org/wiki/Endorphins

Really, test these damn drugs before immediately making them illegal because OMG! THEY GET YOU HIGH! I got a nice buzz after eating tacos with 6 habanero-type peppers earlier, it made me feel good, it didn't kill me. I also felt really damn good after running the mile years ago in school for the EXACT SAME REASON. And I wouldn't naturally have opioid (opiate) and THC (cannabis) receptors in my brain if nature forbid me from doing drugs.

Edited 2010-12-15 06:47 UTC

Reply Parent Score: 2

WereCatf Member since:
2006-02-15

I hope this does turn out to be false, but if not, I at least hope for the most minimal affect possible (ie., the least systems possible affected). The thought of this, as a Linux user and not an OpenBSD user, is still disturbing. If true... what else could they have done? I think I can get rid of all backdoors by the US government by not running a closed monopolistic OS (AKA Windows), and yet, it turns out that they may have snuck some backdoors in open source software as well, making anything connected to the Internet vulnerable to the US government.

This could very well be true, but remember that it was 10 years ago? After that most projects have undergone humongous amounts of iterations and the project management systems have advanced a lot compared to have they were back then. For any serious security-oriented application you nowadays need to either hack your way through the source-code management system or bribe the one or few people who have write access to the code in the first place.

Basically, if there was something there before it most likely doesn't function anymore or has been stripped out during these years of advancement, and nowadays injecting something to source-code repositories of any decently popular F/OSS software is nigh impossible without it being noticed.

Reply Parent Score: 3

AdamW Member since:
2005-07-06

"And whose to say there aren't any backdoors in that?"

The Red Hat developers who do almost all the maintenance on it now. They know the code base pretty well.

(Of course, you'd have to trust *them*. And I don't know if they do say that. You'd have to ask them. Just they're probably the people in a position to tell you.)

Reply Parent Score: 3