Open-BSD has FBI backdoors installed says IDG

For discussions about security.
Post Reply
Message
Author
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

Open-BSD has FBI backdoors installed says IDG

#1 Post by nooby »

I guess you can find this text in IDG news or on PC World magazine?

I found it on idg.se

http://www.idg.se/2.1085/1.359399/han-v ... -i-openbsd
If you will recall, a while back I was the CTO at NETSEC and arranged funding and donations for the OpenBSD Crypto Framework. At that same time I also did some consulting for the FBI, for their GSA Technical Support Center, which was a cryptologic reverse engineering project aimed at backdooring and implementing key escrow mechanisms for smart card and other hardware-based computing technologies.

My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.
Have those Devs from FBI also worked on T2 and such that Linux are dependent on?
Last edited by nooby on Fri 17 Dec 2010, 10:27, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
efiguy
Posts: 164
Joined: Thu 07 Sep 2006, 02:51

Pen-BSD has FBI backdoors installed says IDG

#2 Post by efiguy »

Hi Nooby,

Your post triggered some correlation with what i rember reading on a FreeBSD newsletter and then a writeup about openBSD, that they share selected code. Took a moment and found posts that might tie together with your info.

Quote

FreeBSD includes software from the OpenSSL Project which implements SSL
and TLS.

End Quote

More here
Attachments
freebsd_notes.zip
selected quotes from newsletter and security alert - end of 2009
(767 Bytes) Downloaded 332 times

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#3 Post by nooby »

Sorry my title was made too sloppily. Open not Pen.

I corrected it now.

But what does it mean. Is the T2 that puppy are based on does that one have same back door by default?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
efiguy
Posts: 164
Joined: Thu 07 Sep 2006, 02:51

Open-BSD has FBI backdoors installed says IDG

#4 Post by efiguy »

Hi Nooby,

Point you found out about OpenBSD - Plus they share modules with other open source development - all these varied systems (including MS) can have backdoors within the cryptography module or Tcp/Ip stacks under the guise of updates or corrections. - (non-removable SP3 for instance and the system event log service that can't be shutoff)

As to system BackDoors, it would take a real "code pro" with an extensive lab to analyse the modules or test for key leakage.

If I was to want super critical security, I might think about using old systems software, dating to just before the sept problems, some of that is still available as orginal downloads from hp for some of the compaq pc's.

Much literature of probs with these systems is listed, but i wouldn't update without expert code analyse of the patches ;)

Old kernel Puppies are probably OK (?), but newer code and Kernels, could be very suspect.

My viewpoint, just a suspicious old man, which the world has taught me
to be that way ;)

have fun,
jay

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#5 Post by nooby »

Hi Jay,

thanks for telling me.

That was not good news then. One need expert knowledge to really know then.

Nooby
I use Google Search on Puppy Forum
not an ideal solution though

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#6 Post by PaulBx1 »

"If OpenBSD w/all their auditing was backdoored where does that leave Linux, Windows, FreeBSD, OS X. Who thinks they stopd at smallest dist?"

The bastards.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#7 Post by nooby »

Is there any way to find out?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
ttuuxxx
Posts: 11171
Joined: Sat 05 May 2007, 10:00
Location: Ontario Canada,Sydney Australia
Contact:

#8 Post by ttuuxxx »

PaulBx1 wrote:"If OpenBSD w/all their auditing was backdoored where does that leave Linux, Windows, FreeBSD, OS X. Who thinks they stopd at smallest dist?"

The bastards.
Naaa I read the whole article about 2 weeks ago, basically one of the BSD developers had a 10 year deal with the FBI to have a backdoor in the security of bsd. But that was just for BSD, unlike puppy where numerous of people like myself update ssl on puppy etc. I've never been bought, heck my morals are too high for something like that, If someone would approach me, I would publicly report them all over the net. I hope others feel the same, It only takes one jerk to sellout to give BSD/Linux a bad name, which is very counter productive for the global spreading of Linux in a positive way.
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)


User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#10 Post by Aitch »

Here's Bruce Schneier's views [Schneier is the Chief Security Technology Officer of BT]
Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.
Did the FBI Plant Backdoors in OpenBSD?

It has been accused of it.

I doubt this is true. One, it's a very risky thing to do. And two, there are more than enough exploitable security vulnerabilities in a piece of code that large. Finding and exploiting them is a much better strategy than planting them. But maybe someone at the FBI is that dumb.

EDITED TO ADD (12/17): Further information is here. And a denial from an FBI agent.
http://www.schneier.com/blog/archives/2 ... i_pla.html

http://blogs.csoonline.com/1296/an_fbi_ ... in_openbsd

Make your mind up time....?

Aitch :)

Post Reply