| View previous topic :: View next topic |
| Author |
Message |
PLan
Joined: Fri Apr 08, 2005 6:18 pm
Posts: 61
|
 Posted: Wed Dec 15, 2010 1:56 am Post subject: Theo de Raadt: Backdoors in network stack |
 |
|
| Quote: |
I have received a mail regarding the early development of the OpenBSD IPSEC stack. It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack, in particular the IPSEC stack. Around 2000-2001.
Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products. Over 10 years, the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are.
The mail came in privately from a person I have not talked to for nearly 10 years. I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public so that -
(a) those who use the code can audit it for these problems,
(b) those that are angry at the story can take other actions,
(c) if it is not true, those who are being accused can defend themselves.
Of course I don't like it when my private mail is forwarded. However the "little ethic" of a private mail being forwarded is much smaller than the "big ethic" of government paying companies to pay open source developers (a member of a community-of-friends) to insert privacy-invading holes in software.
Rest of e-mail ...
|
Be interesting to see how deep the rabbit hole goes.  |
|
| Back to top |
|
 |
ollie
Moderator
Joined: Mon Jul 25, 2005 12:26 pm
Posts: 2749
Location: Bathurst NSW Australia
|
| Posted: Wed Dec 15, 2010 2:33 am Post subject: |
|
|
| If the code was developed in the US I can guarantee the NSA required a "backdoor", exactly the same as all encryption developed in the US. Read "Crypto" by Stephen Levy and you'll start to understand the attitude of the US government. This will also help you understand the persecution of Julian Assange over WikiLeaks. |
|
| Back to top |
|
|
PLan
Joined: Fri Apr 08, 2005 6:18 pm
Posts: 61
|
| Posted: Wed Dec 15, 2010 2:54 am Post subject: |
|
|
I've read Crypto, though not sure how much of it I can remember ... 
According to the e-mail from Gregory Perry the backdoors were implemented under direction from the FBI (don't think the NSA is mentioned). I take your point about the US government though I'm not sure this is in the same vein as something like the Clipper chip. |
|
| Back to top |
|
|
ollie
Moderator
Joined: Mon Jul 25, 2005 12:26 pm
Posts: 2749
Location: Bathurst NSW Australia
|
| Posted: Wed Dec 15, 2010 6:49 am Post subject: |
|
|
| From what I've read the NSA try to stay out of sight and get the other agencies to do the actual dirty work. The NSA make statements like - "The US must secure the Internet" Gen. Keith Alexander, Director NSA 7 Sep 2010. Yet they want it insecure enough that they can access all information at any time and get upset when people don't want them snooping around. |
|
| Back to top |
|
|
donoreo
LXF regular
Joined: Mon Apr 11, 2005 2:49 pm
Posts: 788
Location: Toronto, Ontario, Canada
|
| Posted: Wed Dec 15, 2010 2:53 pm Post subject: |
|
|
This was the FBI and 10 years ago or something like that. Back then NSA was "No Such Agency"  so it may have been the NSA working through the FBI.
This message will self destruct.
_________________
I cannot deny anything that I did not say. |
|
| Back to top |
|
|
Dutch_Master
LXF regular
Joined: Tue Mar 27, 2007 2:49 am
Posts: 2354
|
| Posted: Wed Dec 15, 2010 11:31 pm Post subject: |
|
|
| donoreo wrote: | This was the FBI and 10 years ago or something like that. Back then NSA was "No Such Agency" so it may have been the NSA working through the FBI.
This message will self destruct. |
No it doesn't  It's on weekileeks now  |
|
| Back to top |
|
|
bobthebob1234
LXF regular
Joined: Thu Jan 03, 2008 9:38 pm
Posts: 1356
Location: A hole in a field
|
| Posted: Thu Dec 16, 2010 12:15 am Post subject: Re: Theo de Raadt: Backdoors in network stack |
|
|
| PLan wrote: |
Be interesting to see how deep the rabbit hole goes. |
its not deeper than my hole. My hole is the biggest rabbit hole in the universe. 
_________________
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was |
|
| Back to top |
|
|
PLan
Joined: Fri Apr 08, 2005 6:18 pm
Posts: 61
|
| Posted: Fri Dec 17, 2010 10:16 pm Post subject: |
|
|
Denials all around -
| Quote: |
Yesterday, we reported on the allegations made by Gregory Perry. He claims that 10 years ago, several developers were paid by the FBI to implement hidden backdoors into OpenBSD's IPSEC stack. This has prompted a lot of speculation about the allegations' validity, and less than 24 hours later, it has descended into one person's word against that of others. Update: Jason Wright, too, denies all the allegations. "I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). [...] It is a baseless accusation the reason for which I cannot understand."
OSNews article ...
|
|
|
| Back to top |
|
|
ollie
Moderator
Joined: Mon Jul 25, 2005 12:26 pm
Posts: 2749
Location: Bathurst NSW Australia
|
| Posted: Thu Dec 23, 2010 1:28 am Post subject: |
|
|
And more news that it may in fact be true - Allegations of OpenBSD Backdoors May be True, Updated - from "Linux Journal".
Don't trust the US to do anything for the rest of the world - they are only interested in making massive profits for US corporations, many of whom have vested military interests, at the detriment of everyone else. |
|
| Back to top |
|
|
johnhudson
LXF regular
Joined: Wed Aug 03, 2005 2:37 pm
Posts: 767
|
|
| Back to top |
|
|
| View previous topic :: View next topic |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
