Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 23 Nov 2014, 21:12
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Open-BSD has FBI backdoors installed says IDG
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [10 Posts]  
Author Message
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 16 Dec 2010, 06:20    Post subject:  Open-BSD has FBI backdoors installed says IDG  

I guess you can find this text in IDG news or on PC World magazine?

I found it on idg.se

http://www.idg.se/2.1085/1.359399/han-varnar-for-fbi-planterad-bakdorr-i-openbsd

Quote:
If you will recall, a while back I was the CTO at NETSEC and arranged funding and donations for the OpenBSD Crypto Framework. At that same time I also did some consulting for the FBI, for their GSA Technical Support Center, which was a cryptologic reverse engineering project aimed at backdooring and implementing key escrow mechanisms for smart card and other hardware-based computing technologies.

My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.


Have those Devs from FBI also worked on T2 and such that Linux are dependent on?

_________________
I use Google Search on Puppy Forum
not an ideal solution though

Last edited by nooby on Fri 17 Dec 2010, 06:27; edited 1 time in total
Back to top
View user's profile Send private message 
efiguy


Joined: 06 Sep 2006
Posts: 169

PostPosted: Fri 17 Dec 2010, 00:21    Post subject: Pen-BSD has FBI backdoors installed says IDG
Subject description: maybe related info
 

Hi Nooby,

Your post triggered some correlation with what i rember reading on a FreeBSD newsletter and then a writeup about openBSD, that they share selected code. Took a moment and found posts that might tie together with your info.

Quote

FreeBSD includes software from the OpenSSL Project which implements SSL
and TLS.

End Quote

More here
freebsd_notes.zip
Description  selected quotes from newsletter and security alert - end of 2009
zip

 Download 
Filename  freebsd_notes.zip 
Filesize  767 Bytes 
Downloaded  213 Time(s) 
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Fri 17 Dec 2010, 06:28    Post subject:  

Sorry my title was made too sloppily. Open not Pen.

I corrected it now.

But what does it mean. Is the T2 that puppy are based on does that one have same back door by default?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
efiguy


Joined: 06 Sep 2006
Posts: 169

PostPosted: Fri 17 Dec 2010, 22:08    Post subject: Open-BSD has FBI backdoors installed says IDG
Subject description: network BackDoor
 

Hi Nooby,

Point you found out about OpenBSD - Plus they share modules with other open source development - all these varied systems (including MS) can have backdoors within the cryptography module or Tcp/Ip stacks under the guise of updates or corrections. - (non-removable SP3 for instance and the system event log service that can't be shutoff)

As to system BackDoors, it would take a real "code pro" with an extensive lab to analyse the modules or test for key leakage.

If I was to want super critical security, I might think about using old systems software, dating to just before the sept problems, some of that is still available as orginal downloads from hp for some of the compaq pc's.

Much literature of probs with these systems is listed, but i wouldn't update without expert code analyse of the patches ;)

Old kernel Puppies are probably OK (?), but newer code and Kernels, could be very suspect.

My viewpoint, just a suspicious old man, which the world has taught me
to be that way ;)

have fun,
jay
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 18 Dec 2010, 05:58    Post subject:  

Hi Jay,

thanks for telling me.

That was not good news then. One need expert knowledge to really know then.

Nooby

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Sun 26 Dec 2010, 21:33    Post subject:  

"If OpenBSD w/all their auditing was backdoored where does that leave Linux, Windows, FreeBSD, OS X. Who thinks they stopd at smallest dist?"

The bastards.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sun 26 Dec 2010, 22:03    Post subject:  

Is there any way to find out?
_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
ttuuxxx


Joined: 05 May 2007
Posts: 10843
Location: Ontario Canada,Sydney Australia

PostPosted: Sun 26 Dec 2010, 22:08    Post subject:  

PaulBx1 wrote:
"If OpenBSD w/all their auditing was backdoored where does that leave Linux, Windows, FreeBSD, OS X. Who thinks they stopd at smallest dist?"

The bastards.


Naaa I read the whole article about 2 weeks ago, basically one of the BSD developers had a 10 year deal with the FBI to have a backdoor in the security of bsd. But that was just for BSD, unlike puppy where numerous of people like myself update ssl on puppy etc. I've never been bought, heck my morals are too high for something like that, If someone would approach me, I would publicly report them all over the net. I hope others feel the same, It only takes one jerk to sellout to give BSD/Linux a bad name, which is very counter productive for the global spreading of Linux in a positive way.
ttuuxxx

_________________
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games Smile
Back to top
View user's profile Send private message Visit poster's website 
l0wt3ch
Guest


PostPosted: Tue 28 Dec 2010, 07:54    Post subject:  

http://www.nsa.gov/research/selinux/

https://secure.wikimedia.org/wikipedia/en/wiki/NSAKEY
Back to top
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Tue 28 Dec 2010, 18:12    Post subject:  

Here's Bruce Schneier's views [Schneier is the Chief Security Technology Officer of BT]

Quote:
Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.


Quote:
Did the FBI Plant Backdoors in OpenBSD?

It has been accused of it.

I doubt this is true. One, it's a very risky thing to do. And two, there are more than enough exploitable security vulnerabilities in a piece of code that large. Finding and exploiting them is a much better strategy than planting them. But maybe someone at the FBI is that dumb.

EDITED TO ADD (12/17): Further information is here. And a denial from an FBI agent.


http://www.schneier.com/blog/archives/2010/12/did_the_fbi_pla.html

http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd

Make your mind up time....?

Aitch Smile
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [10 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0779s ][ Queries: 12 (0.0151s) ][ GZIP on ]