Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
Luis_POffline
Post subject: USA's Government sins  PostPosted: 18.12.2010, 22:18



Joined: 2010-09-11
Posts: 150
Location: Barcelona, Spain
Status: Offline
I was very surprised to read that the FBI bribed developers to introduce backdoors in IPsec protocols.

Link: http://permalink.gmane.org/gmane.os.openbsd.tech/22557
 
 View user's profile Send private message  
Reply with quote Back to top
JörgOffline
Post subject: RE: USA  PostPosted: 19.12.2010, 10:00



Joined: 2010-09-14
Posts: 27
Location: Amsterdam
Status: Offline
Very surprised??? - so you must be very young!
Greetings,
Jörg
 
 View user's profile Send private message  
Reply with quote Back to top
Luis_POffline
Post subject:   PostPosted: 19.12.2010, 11:24



Joined: 2010-09-11
Posts: 150
Location: Barcelona, Spain
Status: Offline
I'm not very young; probably older than you. My surprise arises not by the fact that US Government commits "sins", but for the supposed backdoors are not detected. I thought the main strength of Open Software was that the code is open for everybody, then things like backdoors aren't possible.

It is also possible that is just a FUD manoeuvre.

Regards.

Luis_P
 
 View user's profile Send private message  
Reply with quote Back to top
slamOffline
Post subject:   PostPosted: 19.12.2010, 12:15
Team Member


Joined: 1970-01-01
Posts: 607
Location: w3
Status: Offline
Well, OpenBSD always was a small project, and those working on the IPsec protocols haven been and still are just a hand full of people. So, the self regulation/cleaning - "security by obscurity" never did work out that well, it simply needs more people to work (e.g. the Linux kernel).

As far as I have understud, the backdoor is not generally usable, but did target a single dedicated network (EOUSA). The target has reacted long time ago, so these backdoors are useless since long time. What came out now will however damage the reputation of BSD in general.

This finally explains of course why OpenBSD was pushed by the FBI as "the most secure solution", to be used in many government bodies and agencies. The same time they told everyone that Linux is not secure. Wink

For Linux/aptosid the future is even more promising.

Greetings,
Chris

_________________
an operating system must operate
development is life
my Debian repo
 
 View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number 
Reply with quote Back to top
DonKultOffline
Post subject:   PostPosted: 19.12.2010, 14:00
Team Member


Joined: 2010-09-02
Posts: 481

Status: Offline
Linux or Open Source isn't bulletproof against these kind of "attacks", how should it? It's like saying that a Ghost goal is impossible because we have additional referees. Its just less likely.
And I can still buy (with enough money) all referees to "influence" the outcome…


Furthermore bugs are in general not marked as bugs. They are hard to find and if someone wants to hide a bug in the code he can do it (most of the time this "someone" doesn't want to hide a bug, he just adds a bug without knowing it). With more and more people looking at it, it becomes harder to hide the bug and if a certain threshold is reached the bug is found -- at this point the real strength of open source comes into play: It's not that everyone can find a bug only in open source - you can do that in closed source programs, too (you have not all options, but at least a few), it's "just" that everyone can look at the code to fix it…

_________________
MfG. DonKult
"I never make stupid mistakes. Only very, very clever ones." ~ The Doctor
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
diblOffline
Post subject:   PostPosted: 19.12.2010, 17:45



Joined: 2010-09-12
Posts: 302
Location: Dayton, Ohio, USA
Status: Offline
      Luis_P wrote:


It is also possible that is just a FUD manoeuvre.



I also wonder about that.

http://www.itworld.com/open-source/1308 ... articipant

http://marc.info/?l=openbsd-tech&m= ... 62&w=2

A lot of "he said, she said" but still waiting for "I have examined the source code and find the following: "
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
jaegermeisterOffline
Post subject:   PostPosted: 21.12.2010, 14:44



Joined: 2010-09-16
Posts: 28

Status: Offline
The whole story is currently under investigation by the OpenBSD dev team, looks like that some of the claims were just FUD (they went to the cvs tree log and found just some pure debugging done by one mentioned guy), still the story is not yet defined and further notice will for sure emerge.

Also, looks like that, being those "contributions" quite old, should they be present in those terms, they might not work with the current tree structure.

_________________
------------------------------------------
SI VIS PACEM, PARA BELLVM
------------------------------------------
 
 View user's profile Send private message  
Reply with quote Back to top
dpdt1Offline
Post subject:   PostPosted: 22.12.2010, 15:05



Joined: 2010-09-27
Posts: 48

Status: Offline
that could be true for any os. microsoft-nsa relation is known (& proven) so far, but with so many auditors working for big corps/multinationals like the ones that block freedom of speech(wikileaks.. and so.. ) noone can be sure.
and most of us dont have the -tech- skills to audit the code ourselves.
so in my opinion, the same thing could happen in any os where commits come from such people.
their practices in every other aspect of their activities, make me believe so.

_________________
# apt-get remove frontiers
 
 View user's profile Send private message  
Reply with quote Back to top
Luis_POffline
Post subject: More  PostPosted: 23.12.2010, 19:54



Joined: 2010-09-11
Posts: 150
Location: Barcelona, Spain
Status: Offline
The story continues:

http://www.itwire.com/opinion-and-analy ... dit-begins
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio