Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Theo de Raadt: Backdoors in network stack

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Other OS
View previous topic :: View next topic  
Author Message
PLan



Joined: Fri Apr 08, 2005 6:18 pm
Posts: 68

PostPosted: Wed Dec 15, 2010 1:56 am    Post subject: Theo de Raadt: Backdoors in network stack Reply with quote

Quote:

I have received a mail regarding the early development of the OpenBSD IPSEC stack. It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack, in particular the IPSEC stack. Around 2000-2001.

Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products. Over 10 years, the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are.

The mail came in privately from a person I have not talked to for nearly 10 years. I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public so that -

(a) those who use the code can audit it for these problems,
(b) those that are angry at the story can take other actions,
(c) if it is not true, those who are being accused can defend themselves.

Of course I don't like it when my private mail is forwarded. However the "little ethic" of a private mail being forwarded is much smaller than the "big ethic" of government paying companies to pay open source developers (a member of a community-of-friends) to insert privacy-invading holes in software.

Rest of e-mail ...


Be interesting to see how deep the rabbit hole goes. Shocked
Back to top
View user's profile Send private message
ollie
Moderator


Joined: Mon Jul 25, 2005 12:26 pm
Posts: 2749
Location: Bathurst NSW Australia

PostPosted: Wed Dec 15, 2010 2:33 am    Post subject: Reply with quote

If the code was developed in the US I can guarantee the NSA required a "backdoor", exactly the same as all encryption developed in the US. Read "Crypto" by Stephen Levy and you'll start to understand the attitude of the US government. This will also help you understand the persecution of Julian Assange over WikiLeaks.
Back to top
View user's profile Send private message
PLan



Joined: Fri Apr 08, 2005 6:18 pm
Posts: 68

PostPosted: Wed Dec 15, 2010 2:54 am    Post subject: Reply with quote

I've read Crypto, though not sure how much of it I can remember ... Confused


According to the e-mail from Gregory Perry the backdoors were implemented under direction from the FBI (don't think the NSA is mentioned). I take your point about the US government though I'm not sure this is in the same vein as something like the Clipper chip.
Back to top
View user's profile Send private message
ollie
Moderator


Joined: Mon Jul 25, 2005 12:26 pm
Posts: 2749
Location: Bathurst NSW Australia

PostPosted: Wed Dec 15, 2010 6:49 am    Post subject: Reply with quote

From what I've read the NSA try to stay out of sight and get the other agencies to do the actual dirty work. The NSA make statements like - "The US must secure the Internet" Gen. Keith Alexander, Director NSA 7 Sep 2010. Yet they want it insecure enough that they can access all information at any time and get upset when people don't want them snooping around.
Back to top
View user's profile Send private message
donoreo
LXF regular


Joined: Mon Apr 11, 2005 2:49 pm
Posts: 788
Location: Toronto, Ontario, Canada

PostPosted: Wed Dec 15, 2010 2:53 pm    Post subject: Reply with quote

This was the FBI and 10 years ago or something like that. Back then NSA was "No Such Agency" Smile so it may have been the NSA working through the FBI.

This message will self destruct.
_________________
I cannot deny anything that I did not say.
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2431

PostPosted: Wed Dec 15, 2010 11:31 pm    Post subject: Reply with quote

donoreo wrote:
This was the FBI and 10 years ago or something like that. Back then NSA was "No Such Agency" Smile so it may have been the NSA working through the FBI.

This message will self destruct.
No it doesn't Razz It's on weekileeks now Wink
Back to top
View user's profile Send private message
bobthebob1234
LXF regular


Joined: Thu Jan 03, 2008 9:38 pm
Posts: 1369
Location: A hole in a field

PostPosted: Thu Dec 16, 2010 12:15 am    Post subject: Re: Theo de Raadt: Backdoors in network stack Reply with quote

PLan wrote:

Be interesting to see how deep the rabbit hole goes. Shocked



its not deeper than my hole. My hole is the biggest rabbit hole in the universe. Very Happy
_________________
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was
Back to top
View user's profile Send private message
PLan



Joined: Fri Apr 08, 2005 6:18 pm
Posts: 68

PostPosted: Fri Dec 17, 2010 10:16 pm    Post subject: Reply with quote

Denials all around -

Quote:

Yesterday, we reported on the allegations made by Gregory Perry. He claims that 10 years ago, several developers were paid by the FBI to implement hidden backdoors into OpenBSD's IPSEC stack. This has prompted a lot of speculation about the allegations' validity, and less than 24 hours later, it has descended into one person's word against that of others. Update: Jason Wright, too, denies all the allegations. "I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). [...] It is a baseless accusation the reason for which I cannot understand."

OSNews article ...


Shocked
Back to top
View user's profile Send private message
ollie
Moderator


Joined: Mon Jul 25, 2005 12:26 pm
Posts: 2749
Location: Bathurst NSW Australia

PostPosted: Thu Dec 23, 2010 1:28 am    Post subject: Reply with quote

And more news that it may in fact be true - Allegations of OpenBSD Backdoors May be True, Updated - from "Linux Journal".

Don't trust the US to do anything for the rest of the world - they are only interested in making massive profits for US corporations, many of whom have vested military interests, at the detriment of everyone else.
Back to top
View user's profile Send private message
johnhudson
LXF regular


Joined: Wed Aug 03, 2005 2:37 pm
Posts: 870

PostPosted: Fri Dec 24, 2010 9:25 am    Post subject: Reply with quote

Another post on the subject http://www.readwriteweb.com/enterprise/2010/12/update-openbsd-backdoor-seems.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteenterprise+%28ReadWriteEnterprise%29#
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Other OS All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast