Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453644
To view parent comment, click here.
To read all comments associated with this story, please click here.
WereCatf
Member since:
2006-02-15

I hope this does turn out to be false, but if not, I at least hope for the most minimal affect possible (ie., the least systems possible affected). The thought of this, as a Linux user and not an OpenBSD user, is still disturbing. If true... what else could they have done? I think I can get rid of all backdoors by the US government by not running a closed monopolistic OS (AKA Windows), and yet, it turns out that they may have snuck some backdoors in open source software as well, making anything connected to the Internet vulnerable to the US government.

This could very well be true, but remember that it was 10 years ago? After that most projects have undergone humongous amounts of iterations and the project management systems have advanced a lot compared to have they were back then. For any serious security-oriented application you nowadays need to either hack your way through the source-code management system or bribe the one or few people who have write access to the code in the first place.

Basically, if there was something there before it most likely doesn't function anymore or has been stripped out during these years of advancement, and nowadays injecting something to source-code repositories of any decently popular F/OSS software is nigh impossible without it being noticed.

Reply Parent Score: 3

dsmogor Member since:
2005-09-01

Not all parts of the code are undergoing equally active development trough the years, esp. if they implement some complex specification that few people have a grasp of. If something works, don't fix it.

Reply Parent Score: 2