[kwlug-disc] openbsd backdoored by FBI

John Van Ostrand john at netdirect.ca
Thu Dec 16 16:33:26 EST 2010


----- Original Message -----
> Or so the claim goes:
> http://www.computerworld.com/s/article/9201220/Former_contractor_says_FBI_put_back_door_in_OpenBSD
> 
> Isn't OpenBSD opensource? How can someone backdoor OSS?

I'm not yet convinced this is an actual fact. It's been out for days now and there hasn't been a huge amount of press on this. There isn't any specific information about what the back door is. 

I can imagine how this would be done though. A programmer could purposely inject a flaw in the code. The more subtle the flaw the better since it would escape detection. This could be an error in the key generation making the key more predictable. The one-the-wire encoding would have to match the standard but perhaps there are opportunities to leak information and stay within the standard.

-- 
John Van Ostrand 
CTO, co-CEO 
Net Direct Inc. 
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6 
Ph: 866-883-1172 x5102 
Fx: 519-883-8533 

Linux Solutions / IBM Hardware 




More information about the kwlug-disc_kwlug.org mailing list