Some of you probably already read this: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 Interesting...I wonder what is the impact of all this on FreeBSD code. We may very well suppose that any government or corporation funded code can theoretically have some kind of backdoor inside. --Andy
On 12/15/2010 6:36 AM, Andy Kosela wrote:> > Some of you probably already read this: > > http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 > > Interesting...I wonder what is the impact of all this on FreeBSD code. > We may very well suppose that any government or corporation funded code > can theoretically have some kind of backdoor inside.Seems possible. However, not very probable IMHO. As others have said, would the guy really have a 10yr NDA, afterwords which would allow him to post such details ? Seems rather silly on that alone. The further unfortunate thing about this is that any number of potential implementation bugs can now be clouded in conspiracy theory. http://marc.info/?l=openbsd-tech&m=129237675106730&w=2 Hell, if people believe 9/11 was all staged, ipsec backdoors are a no brainer. I can see it now. The next bug that is found in the crypto system or network stack will draw a flood of discussion. "Is this the back door??" Seems to be getting industry reporting too http://napps.networkworld.com/news/2010/121510-former-contractor-says-fbi-put.html?hpg1=bn ---Mike
Den 15/12/2010 kl. 12.36 skrev Andy Kosela:> Some of you probably already read this: > > http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 > > Interesting...I wonder what is the impact of all this on FreeBSD code. > We may very well suppose that any government or corporation funded code > can theoretically have some kind of backdoor inside.That wouldn't be restricted to funded code. If somebody really wanted to place backdoors in FreeBSD, posing as NSA, FBI, KGB or whatever doesn't seem like the best option. Position a guy as a src committer instead, pretending to work alone. I'm not saying this to point fingers or spread FUD or anything like that, just that people should be careful reading any commits to catch backdoors, intentional or by mistake, regardless where they come from. Which is one thing I admire about FreeBSD - commits are actually read carefully, by many people, and frequently commented upon. Erik
On Wed, Dec 15, 2010 at 03:36, Andy Kosela <akosela@andykosela.com> wrote:> > Some of you probably already read this: > > ?http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 > > Interesting...I wonder what is the impact of all this on FreeBSD code. > We may very well suppose that any government or corporation funded code > can theoretically have some kind of backdoor inside.If his allegations are correct, they should be easy to verify. He could post a copy of the NDA and a Freedom of Information Act request could be submitted to verify it. If, as claimed, the NDA expired and this can be discussed freely by the general public, then they would not be able to deny the request. -- Rob Farmer
On Wed, Dec 15, 2010 at 07:36, Garrett Wollman <wollman@bimajority.org> wrote:> <<On Wed, 15 Dec 2010 06:26:20 -0800, Rob Farmer <rfarmer@predatorlabs.net> said: > >> If his allegations are correct, they should be easy to verify. He >> could post a copy of the NDA and a Freedom of Information Act request >> could be submitted to verify it. If, as claimed, the NDA expired and >> this can be discussed freely by the general public, then they would >> not be able to deny the request. > > Actually, they would, because it would fall under the "internal > personnel matter" exemption from FOIA. > > -GAWollman >I'm not a lawyer, but couldn't he exempt himself and they black out the other people's names? If he could provide some evidence that this isn't a publicity stunt and interest a major media organization or a civil rights group (like the ACLU or EFF), I suspect they could apply enough political and legal pressure to avoid getting brushed off. Besides, if this were legitimate, it could benefit the Democrats (given that it supposedly occurred during the Bush administration), so how hard would they really fight it? -- Rob Farmer
Andy Kosela wrote:> Some of you probably already read this: > http://marc.info/?l=openbsd-tech&m=129236621626462&w=2Then also read Jason Wright's response and clear denial: http://marc.info/?l=openbsd-tech&m=129244045916861&w=2 Regards, Johan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20101215/670422f4/attachment.pgp