FBI And OpenBSD...

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

FBI And OpenBSD...

Randy Wrench
http://www.phoronix.com/scan.php?page=news_item&px=ODkxMw



Government organizations, whether they be from the United States, the European
Union, or anywhere else for that matter, contributing to open-source projects
is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can
largely be attributed to the United State's National Security Agency (NSA).
More organizations contributing to open-source isn't bad -- government or not
-- when it's mutually beneficial work with good intentions. However, there are
new allegations being made today about OpenBSD's networking stack, in
particular it's IPsec code. The FBI allegedly paid OpenBSD developers to
insert back-doors into the code-base...





The above url carried an article which is disturbing to say the least...
Anyone know more about this???

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

Ted Unangst-2
Nope, first I've heard of it!

On Wed, Dec 15, 2010 at 5:17 PM, Randy Wrench <[hidden email]> wrote:

> http://www.phoronix.com/scan.php?page=news_item&px=ODkxMw
>
>
>
> Government organizations, whether they be from the United States, the European
> Union, or anywhere else for that matter, contributing to open-source projects
> is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can
> largely be attributed to the United State's National Security Agency (NSA).
> More organizations contributing to open-source isn't bad -- government or not
> -- when it's mutually beneficial work with good intentions. However, there are
> new allegations being made today about OpenBSD's networking stack, in
> particular it's IPsec code. The FBI allegedly paid OpenBSD developers to
> insert back-doors into the code-base...
>
>
>
>
>
> The above url carried an article which is disturbing to say the least...
> Anyone know more about this???

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

Super Biscuit
In reply to this post by Randy Wrench
http://permalink.gmane.org/gmane.os.openbsd.tech/22557


The shit shall hit the fan.....



--- On Wed, 12/15/10, Randy Wrench <[hidden email]> wrote:

From: Randy Wrench <[hidden email]>
Subject: FBI And OpenBSD...
To: [hidden email]
Date: Wednesday, December 15, 2010, 10:17 PM

http://www.phoronix.com/scan.php?page=news_item&px=ODkxMw



Government organizations, whether they be from the United States, the European
Union, or anywhere else for that matter, contributing to open-source projects
is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can
largely be attributed to the United State's National Security Agency (NSA).
More organizations contributing to open-source isn't bad -- government or not
-- when it's mutually beneficial work with good intentions. However, there are
new allegations being made today about OpenBSD's networking stack, in
particular it's IPsec code. The FBI allegedly paid OpenBSD developers to
insert back-doors into the code-base...





The above url carried an article which is disturbing to say the least...
Anyone know more about this???

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

Bryan Irvine
In reply to this post by Randy Wrench
In addition Gregory Perry allegedly responded and added PF to list the
of targets.

http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd

-Bryan


On Wed, Dec 15, 2010 at 2:17 PM, Randy Wrench <[hidden email]> wrote:

> http://www.phoronix.com/scan.php?page=news_item&px=ODkxMw
>
>
>
> Government organizations, whether they be from the United States, the European
> Union, or anywhere else for that matter, contributing to open-source projects
> is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can
> largely be attributed to the United State's National Security Agency (NSA).
> More organizations contributing to open-source isn't bad -- government or not
> -- when it's mutually beneficial work with good intentions. However, there are
> new allegations being made today about OpenBSD's networking stack, in
> particular it's IPsec code. The FBI allegedly paid OpenBSD developers to
> insert back-doors into the code-base...
>
>
>
>
>
> The above url carried an article which is disturbing to say the least...
> Anyone know more about this???

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

Olivier Mehani
In reply to this post by Randy Wrench
On Wed, Dec 15, 2010 at 11:17:02PM +0100, Randy Wrench wrote:
> > The FBI allegedly paid OpenBSD developers to insert back-doors into
> > the code-base...
> The above url carried an article which is disturbing to say the
> least...  Anyone know more about this???

You should read security-announce@

--
Olivier Mehani <[hidden email]>
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE  F5F9 F012 A6E2 98C6 6655

[demime 1.01d removed an attachment of type application/pgp-signature]

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

BSD Stuff
In reply to this post by Randy Wrench
On 12/15/10 16:17, Randy Wrench wrote:

> http://www.phoronix.com/scan.php?page=news_item&px=ODkxMw
>
>
>
> Government organizations, whether they be from the United States, the European
> Union, or anywhere else for that matter, contributing to open-source projects
> is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can
> largely be attributed to the United State's National Security Agency (NSA).
> More organizations contributing to open-source isn't bad -- government or not
> -- when it's mutually beneficial work with good intentions. However, there are
> new allegations being made today about OpenBSD's networking stack, in
> particular it's IPsec code. The FBI allegedly paid OpenBSD developers to
> insert back-doors into the code-base...
>
>
>
>
>
> The above url carried an article which is disturbing to say the least...
> Anyone know more about this???
>
>
How about /. and the rest of the world? Theo forwarded the original
email hours ago.

-luis

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

Bryan Irvine
On Wed, Dec 15, 2010 at 3:12 PM, BSD <[hidden email]> wrote:

> On 12/15/10 16:17, Randy Wrench wrote:
>>
>> http://www.phoronix.com/scan.php?page=news_item&px=ODkxMw
>>
>>
>>
>> Government organizations, whether they be from the United States, the
>> European
>> Union, or anywhere else for that matter, contributing to open-source
>> projects
>> is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel
>> can
>> largely be attributed to the United State's National Security Agency
>> (NSA).
>> More organizations contributing to open-source isn't bad -- government or
>> not
>> -- when it's mutually beneficial work with good intentions. However, there
>> are
>> new allegations being made today about OpenBSD's networking stack, in
>> particular it's IPsec code. The FBI allegedly paid OpenBSD developers to
>> insert back-doors into the code-base...
>>
>>
>>
>>
>>
>> The above url carried an article which is disturbing to say the least...
>> Anyone know more about this???
>>
>>
> How about /. and the rest of the world? Theo forwarded the original email
> hours ago.

/. sucks.  But they posted on it 24 hours ago.

-B

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

Michael Dexter
In reply to this post by Randy Wrench
On 12/15/10 2:17 PM, Randy Wrench wrote:
> The above url carried an article which is disturbing to say the least...

Wait a minute... I thought US citizens stayed away from the crypto code
to keep it untainted of US export controls.

I smell a prank. (And prey that's the case.)

Michael

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

Jona Joachim-6
On 2010-12-16, Michael Dexter <[hidden email]> wrote:
> On 12/15/10 2:17 PM, Randy Wrench wrote:
>> The above url carried an article which is disturbing to say the least...
>
> Wait a minute... I thought US citizens stayed away from the crypto code
> to keep it untainted of US export controls.
>
> I smell a prank. (And prey that's the case.)

See:
http://permalink.gmane.org/gmane.comp.security.bugtraq/45620


--
Worse is better
    Richard P. Gabriel

Reply | Threaded
Open this post in threaded view
|

Re: FBI And OpenBSD...

secucatcher
on this article:
http://www.theregister.co.uk/2010/12/15/openbsd_backdoor_claim/
some talk:
"E J Hilbert, a former FBI cyber-crime agent, said attempts were made to place backdoors in open source security codes but that these were unsuccessful. "I was one of the few FBI cyber agents when the coding supposedly happened. Experiment yes. Success No," Hilbert said in a Twitter update."

and a bit more on this twitter:
"Reporters:please dont quote my tweets out of context. OpenBSD backdoor "experiment" for internal pre-use review not public deploy"

"For the record. FBI never bd openBSD. FBI tests software for such things before use but does not build or deploy. http://myloc.me/fjOIo"

not to trust for sure... but information.