Has OpenBSD FBI backdoors?

In these days of security uncertainty even NSA has understood and acts like large parts of its networks and computers are compromised. “There’s no such thing as ‘secure’ any more”, Debora Plunkett, head of the NSA’s Information Assurance Directorate, has confirmed. Well at least they finally listened to security experts… Read the funny article here.
Apart from this, there’s a thread going on in the last few days regarding possible allegations in the OpenBSD IPSEC stack.
In the early development of the IPSEC part of OpenBSD, about ten years ago, some ex-developers accepted US government money to put backdoors into this network stack. The code portion is free and during these years it has been changed a lot and used in many different other projects. Even if the code is available to be audited for everyone it could be really hard to see if there was a backdoor already gone.
The information is disclosed now by Gregory Perry, CTO at the defunct contractor  NETSEC, because his 10-year confidentiality agreement with the FBI has expired.
The message was sent to OpenBSD founder Theo de Raadt, who posted it publicly here.
Inside the thread that this message started I read something that made me think: “in these days of binary only blob drivers, I don’t think the government need resort to this sort of tactic these days”, writes Bob Beck.
I think he’s got a point there because when in BSD kernels (and linux) proprietary binary drivers (video and wireless cards for example) are loaded, they have access to the entire kernel. So there’s no need to be subtle.
Still, I hope that the entire code of BSD network stack will be audited by as many developers and security experts as possible.


This entry was posted on Sunday, December 19th, 2010 at 10:53 PM and is filed under privacy, security.

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.