Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453613
To view parent comment, click here.
To read all comments associated with this story, please click here.
Delgarde
Member since:
2008-08-19

Also, libraries, assemblers, parser generators, etc., must also be checked.


Don't forget the kernel. Compiler binaries could be clean on disk, but compromised when loaded into memory. The kernel binary is clean too, but that was compromised by the boot loaded, which was in turn compromised by the BIOS. And that came about because the software controlling the manufacturing plant was compromised to embed the hack into every chip that came out.

Just how paranoid do you want to be? Because taking precautions is good, but it's the first step on the road to madness.

Reply Parent Score: 5

TheGZeus Member since:
2010-05-19

I take my paranoia as far as considering moving as much as I can to UltraSparc machines.
The giant V880 (LOADED V880! BOW TO MY NERDNESS) sucks too much power to use regularly, sadly. Crazy fast if you're doing parallel and/or memory-intensive stuff.(shocking if you look at the bus and individual proc speeds)
Why? OpenBoot is allegedly fully open source and can be, at least theoretically, replaced with OpenFirmware; though much would need to be ported back, or irrelevant.
It's all interpreted code, and the bytecode can be decompiled on a different machine than the one that created it for auditing after compilation.
You basically get the same code with no comments. Little changes when compiling to bytecode, since you're working with the VM pretty directly with a Forth implementation.
You need to know your ASM and Forth but that's why I've got all these books laying about/in the mail.

I'm not stopping there, but it's not for security reasons.
I'll probably have enough done in a year and a half to write an article, but yeah... not doing this alone, btw. A smart leader finds smarter people to whom they can delegate.

Reply Parent Score: 3

Delgarde Member since:
2008-08-19

Why? OpenBoot is allegedly fully open source and can be, at least theoretically, replaced with OpenFirmware; though much would need to be ported back, or irrelevant.


Ah, but do you trust the hardware OpenBoot / OpenFirmware is running on? Or could it be subverting things right down at the hardware level? ;)

Reply Parent Score: 2