Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453649
To view parent comment, click here.
To read all comments associated with this story, please click here.
phreck
Member since:
2009-08-13

isn't open code supposed to prevent this kind of stuff?


The good thing: Even if it is vulnerable now, everybody who is competent has the freedom to review and patch the code, or to pay someone competent she/he trusts enough.

With closed sources, you neither ever know whether there are backdoors (except with reverse engineering, which is a criminal act in some jurisdictions; gladly not in germany), nor are you able to patch it (except for cracking, not legal everywhere, too).

Edited 2010-12-15 08:48 UTC

Reply Parent Score: 1

dsmogor Member since:
2005-09-01

The problem is that if this story is true, it have pretty much voided these assumptions.
Esp. openbsd is not just some random hack but a project run by dedicated, respectable team around the cult of security.
The OSS image ramification could potentially be disastrous.

Reply Parent Score: 2

phreck Member since:
2009-08-13

What I mean by this: Yes, it is highly dissapointing. But at least there is the (remote?) possibility of fixing this (legally) now, whereas with closed systems, there is not that possibility, except maybe when you are in the position to menace vendors.

Reply Parent Score: 1