Page 2 of 12 FirstFirst 1234 ... LastLast
Results 11 to 20 of 114

Thread: The FBI Paid OpenBSD Developers For Backdoors?

  1. #11
    Join Date
    Jul 2009
    Posts
    250

    Default

    wtf! when will US action will have any consequences? when will countries and ppl start to protest (successfully) against so called protectors of us democracy...
    sorry... maybe i just watched "enemy of the state" yesterday. but still there are plans to murder Julian Assange but a nobel prize for its chinese counterpart. funny isnt it?

  2. #12
    Join Date
    Oct 2008
    Posts
    880

    Default

    Quote Originally Posted by Decatf View Post
    So I guess he'll be arrested on rape charges now? >.>
    No, no, it's sex by surprise.

  3. #13
    Join Date
    Jul 2007
    Posts
    56

    Default

    Пиздец...
    Noone ever will know what resides on their machines, this is really sad, for reason of controling me, I'm not using win/mac, but there are holes everywhere and those are not just "bugs"...
    Damn damn damn...

  4. #14
    Join Date
    Oct 2009
    Posts
    111

    Default

    Quote Originally Posted by Smorg View Post
    How has this been in there for a decade without anyone noticing? Where's the code they're talking about? Was this only in some proprietary fork of BSD? This whole story sounds unlikely.
    Why has it been working?
    Simply because open source does not work the way many are advertising it.

    Hardly anyone looks at the code of others.
    Often you have less than a handful of people maintaining a library or part of it. If you corrupt the lead of these people you could be settled. Not even talking about corrupting the whole group.

    And even if a code review is done, often the people doing that don't have the time or lack of knowledge to completely analyze the changes.

    Still I like the FOSS model, since it allows me to work on code I am interested in. Also if a security whole gets public the code is there for anyone to dig in, be it Red Hat for example who want to close it asap or anybody else.


    Quote Originally Posted by BlackStar View Post
    Ouch. Can't say I'm terribly surprised, but ouch.

    OpenBSD is used in way too many servers, a thorough security audit must be performed ASAP (but will that be enough?)
    "Security audit" is just a buzzword.
    Who will work on that?
    Often it is not that easy to understand other's code -- especially if you can't use their input -- let alone find security wholes. Now these wholes have been planted deliberately with its implementors having time to conceal that for more than a decade.


    Only two remote holes in the default install, in a heck of a long time!

  5. #15
    Join Date
    Sep 2006
    Location
    PL
    Posts
    910

    Default

    well, so much for openbsd's security claims.

    but seriously, they agreed to cripple their own software? and nobody catched that?

    this might cause quite a stir. i'd expect that now many more people will point their eyes towards similar open crypto solutions, looking for backdoors.

  6. #16
    Join Date
    Oct 2009
    Posts
    111

    Default

    Bah, 1 minute sucks ass.
    The Red Hat remark has in fact nothing to do with this article, just to avoid misunderstandings.

  7. #17
    Join Date
    Sep 2006
    Location
    PL
    Posts
    910

    Default

    that might also mean that many open security projects will drastically lower their level of trust towards their own developers.

    this already smells bad.

  8. #18
    Join Date
    Oct 2009
    Posts
    111

    Default

    Quote Originally Posted by yoshi314 View Post
    well, so much for openbsd's security claims.

    but seriously, they agreed to cripple their own software? and nobody catched that?

    this might cause quite a stir. i'd expect that now many more people will point their eyes towards similar open crypto solutions, looking for backdoors.
    Certainly not enough though.
    There is a reason for libraries, they make live a lot easier.

    But who in their right mind have looked at gnupg more closely or any of the libs they use? It would take ages and you would have coded nothing in between.

    There are millions lines of security related code for which often you have to dig through hundreds of RFC, ISO-specs etc. pages to know what _should_ be implemented and then having to understand the code, for which often you have to understand the "bowels" of the operating systems the code should work on.


    What I wonder is for how much (or rather "few") money these people were bought.

  9. #19
    Join Date
    May 2010
    Posts
    187

    Default

    Quote Originally Posted by jakubo View Post
    wtf! when will US action will have any consequences? when will countries and ppl start to protest (successfully) against so called protectors of us democracy...
    sorry... maybe i just watched "enemy of the state" yesterday. but still there are plans to murder Julian Assange but a nobel prize for its chinese counterpart. funny isnt it?
    I assumed the prize was given to the Chinese guy due to the relevance of the current issues with wikileaks and Assange. Perhaps a more pragmatic move than giving it to Assange directly. At the very least the organizers wanted to make a display of their high regard for people standing up for press freedom.

  10. #20
    Join Date
    Jan 2008
    Location
    Have a good day.
    Posts
    678

    Default

    Bad news. We'll see what comes out of it.

    http://pohl.ececs.uc.edu/opendoku/doku.php?id=start

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •