Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Allegations that the FBI Bribed Devs To Insert Backdoors into BSD's Network Stack


  • Please log in to reply
9 replies to this topic

#1 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:21 PM

Posted 14 December 2010 - 10:07 PM

Theo de Raadt of OpenBSD has reported that he received an e-mail from a past developer claiming that he and other developers of BSD's IPSEC subsystem where paid by the FBI to insert backdoors into the code to allow eavesdropping on secured communications.

http://www.osnews.com/story/24136/_quot_FBI_Added_Secret_Backdoors_to_OpenBSD_IPSEC_quot_
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

If true, the implications are disturbing since the BSD network stack has been used in countless other projects owing to it's liberal licensing terms.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:21 PM

Posted 14 December 2010 - 10:22 PM

Thats why they call it OpenBSD.

#3 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:07:21 PM

Posted 15 December 2010 - 05:30 AM

I wonder whether the backdoor is actually there. If it really is this would be a big blow for the Open Source community.

#4 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:06:21 PM

Posted 25 December 2010 - 07:22 PM

This might sound crazy, but how do we know that the developers of Open BSD aren't in league with those in the government who favor government monitoring of internet communications? If they were paid by the FBI, then it sounds like a really rotten and disgusting deal was made between them. Maybe the government is using the open source community to pull dirty pranks on their people. In my opinion anyway, I swear that this country's falling down, and someday, unless somebody steps in, we'll be over the edge. Anyway, sorry folks, for the rant. just my take.

Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#5 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:07:21 PM

Posted 25 December 2010 - 07:48 PM

Unfortunately most governments I know create malware to spy on their own people and other governments, from the US, to the Brazilian, Russian, Chinese,

There might be such thing as righteousness and ideals in the governments final objectives but I find very difficult to judge anything at all looking only at the means.

#6 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:06:21 PM

Posted 25 December 2010 - 08:51 PM

I find that very hard to believe, for if the government's creating it, then it can't be malware, for it is legal, right?

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#7 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:07:21 PM

Posted 25 December 2010 - 08:59 PM

I don't think governments are worried about legality, as long as they can keep their actions hidden from the media...
They do create malware though, and use it as a tool along with many other spying methods which could be considered "illegal".

#8 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:05:21 PM

Posted 26 December 2010 - 01:16 PM

Open source is Open source. I have no proof but have always believed that many including various governments use such methods to monitor who they presume are suspects. I suspect this is one method of monitoring the bad guys. Of course the bad guys are going to start crying 1st amendment rights. Who is in league with who will never be know for sure unless the answer comes from the View Show on T.V. or N.P.R.

#9 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:21 PM

Posted 26 December 2010 - 06:30 PM

Well, after reviewing the code in section they've found two security bugs but nothing that could be considered an intentional backdoor. That's the main strength of open source: anyone who knows how to can look at the source code. With closed source you just have to take the vendor's word on it. See, for example, the very similar situation with Windows and the infamous _NSAkey variable.

#10 VoidX789

VoidX789

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 16 January 2011 - 01:48 PM

I find that very hard to believe, for if the government's creating it, then it can't be malware, for it is legal, right?


As far as I or probably anyone on this site cares, Its malware if it acts like malware. Screw the bureaucracy. There are programs that say that they install malware in the licence statement, technically making it legal, but we consider that malware.
Welcome to the Void of Insanity
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users