OpenBSD - The most secure OS has a hole thanks to FBI

Thursday, December 16, 2010

There is an allegations that FBI may have smuggled back doors or security weaknesses into openBSD's cryptography have created uproar in the security community.

A Former government contractor Gregory Perry, who helped develop the OpenBSD crypto framework a decade ago, has claimed that contractors developing OpenBSD Software were paid to insert backdoors into OpenBSD's IPSec stack around 10 years ago. Perry recently warned the openBSD's Theo de Raadt of the development, years after the event, via an email that de Raadt has published in the spirit of openness.

Perry said he had waited until his ten year NDA with the FBI had expired before coming forward with the claims, which remain unsupported by secondary sources. If true the allegations mean that would have an easy way to tap into supposedly secure VPN links and other technologies based on OpenBSD's crypto stack.

You can Read the Email at OpenBSD Mailing List

This has kinda spooked the Security Community and has made organizations rethink their OpenBSD deployments. Well, The code review is on and we will soon know what was planted and how.


Steve said...

OpenBSD backdoor claims: bugs found during code audit

The OpenBSD project has found two bugs during an audit of the cryptographic code in which, it has been alleged, the FBI, through former developers, was able to plant backdoors.

Forrester: boost earnings by $220,643
Data loss prevention whitepapers dowload

OpenBSD project head Theo de Raadt told iTWire: "We've been auditing since the mail came in! We have already found two bugs in our cryptographic code. We are assessing the impact. We are also assessing the 'archeological' aspects of this.."

The mail he was referring to was sent to him on December 11 by Gregory Perry, a former developer with the project, and claimed that the US Federal Bureau of Investigation had, through some other ex-developers, implemented a number of backdoors in the open cryptographic framework used in OpenBSD.

Steve said...

  © Blogger templates Newspaper by 2008

Back to TOP