[kwlug-disc] openbsd backdoored by FBI

unsolicited unsolicited at swiz.ca
Thu Dec 16 18:52:53 EST 2010


Insurance Squared Inc. wrote, On 12/16/2010 4:20 PM:
> Isn't OpenBSD opensource?  How can someone backdoor OSS?

The same way standards, aren't. Especially de facto ones.

Open source means many eyeballs can look at the source. Doesn't mean 
they do.

Just because something's open source doesn't mean that source is good 
source. Just because it's on sourceforge ... well, it actually doesn't 
mean much of anything other than it's on sourceforge. No guarantee of 
anything.

Think back to the openssl issue (last year?). Where they didn't detect 
a vulnerability for years. In that case, I suspect accident, not 
deliberate sabotage. But the principle is the same.

Granted - the more widely used the source, the less likely <bad stuff> 
is in it.

Granted - the more involved educational / research institutions are 
involved, the less likely <bad stuff> is in it.

I'd be doubtful that OpenBSD is compromised. I'm even more doubtful 
that it won't be fixed lickety-split if it has indeed been compromised.

OTOH, given the Patriot Act ...




More information about the kwlug-disc mailing list