FBI Pays To Have Backdoors Coded Into OpenBSD

I saw this earlier too and was not surprised. What is FreeBSD again? It sounds familiar but I don't recall exactly what it was.

FreeBSD is a different BSD distribution.

It's a Unix-like O/S used in servers more than desktops. People that use *BSD distros on the desktop make Linux users seem mainstream :^D OSX is BSD based; FreeBSD I think.

So what are the implications, that a few computer nerds somewhere may have a backdoor into their server which can be exploited by the FBI?


Color me shocked. I also just read that the 6th circuit court just ruled that the gov can't access emails without first obtaining a warrant. What, do they think this is 1999 or something? The gov is going to do whatever the **** it wants.


/Don't be surprised when you find out there are backdoors in everything, and the gov (at some level) holds the key. Especially shit from Microsoft, which already has the worst security of any machine ever created, and the most outdated useless operating systems and procedures ever devised. They have hardly moved forward since I bought my first PC in 6th grade. Then again, steve jobs is a dick too, he probably sold us out just like he did when he decided there should be no adult content on the iphone.

There's a lot of implications, many of which are over my head on a technical basis. Here's a few that I can see...

BSD is known for iron clad security. It's the system you pick when you value security over all else. If backdoors were bribed into place, and not caught through auditing(still unknown at this point) then it throws question into the whole system.

This may affect more than OpenBSD depending on if the code was shared or not. I don't know how far that part of the code traveled.

Someone other than our highly trustworthy(:^D) government could run into the flaws, and use them to subvert security for their own purposes.

Then the obvious governmental spying by breaking the security keys, and conducting surveillance without a warrant.

lx pretty much has this. This is a shocker for major network administrators who run OpenBSD on their servers. Yes it is touted as one of the most secure operating systems so this development is disturbing.

I still remember the fight over PGP. The government doesn't like secrets when the public has them.

The government is always going to try to install backdoors, trojan horses and keystroke loggers whenever it can.

Do you mean PGP as in the "pretty good privacy" program from back in the day? Is that still around?

It'll definitely be interesting. I'm gonna keep my eye on this, and see how it all shakes out.

No it is more than that, FREE BSD systems are on major servers all over the internet. Plus the code in question has been adopted by many other *nix systems so potentially this backdoor can be found in many Linux distributions, Sun Solaris distributions and for all we know Mac OSX distributions.

Based on what I have heard if this is true, then pretty much every internet communication out there is going through, at some point, a computer or server that has this backdoor in it. That is the ramification if this is true. And not just in this country but world wide.

Ken

Wow that's a bitch. SO now there is a seriouse chance that anything that goes on on the internet has at some point relayed your (previousely thought to be encrypted) data through one of the survers running this, at which point it was compromised by some assholes server.


I agree with what someone else said, there is no confirmation of this yet, no one has seen the code that would imply a back door, the audit missed it, and so far we just have some guy making a claim. We'll wait and see, but i'm sure it's probably true.

Well a clarification, yes and no, yes it is 99% going through something that is compromised if this story is true, however it is still encrypted, however I am sure the most private encryption available to us is childs play for the government to decrypt without this backdoor. The backdoor really allows a simple means to capture the traffic and encrypted data. Like a global unauthorized wire tap. Since it is in the IPSEC it actually can be a back door to access the whole machine so if that machine is the originator of the unencrypted data (or potentially the recipient machine that will read it) then they do have easier access to the unencrypted data. A backdoor in IPSEC is pretty much a free pass into a computer from remote. Granted depends on the nature of the backdoor. Considering the definite groups of machines affected (before mass speculation) we are talking about the most logical use is to monitor internet traffic though key servers in the system. However such a back door could shot down those servers at least in the form of stopping all traffic. I wonder if this ties into the internet kill switch as well?

Ken

Update...

After code audits, no backdoor was found. A couple old bugs, and case of poor disclosure, but nothing nefarious...

http://arstechnica.com/open-source/n...f-backdoor.ars