Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Alleged To Have Backdoored OpenBSD's IPSEC Stack

kdawson posted more than 3 years ago | from the all-your-vpn dept.

Encryption 536

Aggrajag and Mortimer.CA, among others, wrote to inform us that Theo de Raadt has made public an email sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago. The claim is that the FBI paid contractors to insert backdoors into OpenBSD's IPSEC stack. Mr. Perry is coming forward now that his NDA with the FBI has expired. The code was originally added ten years ago, and over that time has changed quite a bit, "so it is unclear what the true impact of these allegations are" says Mr. de Raadt. He added: "Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products." (Freeswan and Openswan are not based on this code.)

Sorry! There are no comments related to the filter you selected.

Hide yo keys, hide yo passwords (5, Funny)

Anonymous Coward | more than 3 years ago | (#34555082)

They be backdooring everybody out there

Re:Hide yo keys, hide yo passwords (2, Funny)

Soilworker (795251) | more than 3 years ago | (#34555272)

They be backdooring everybody out there

You don't have to come and confess, we're looking for you, we gonna find you.

Re:Hide yo keys, hide yo passwords (0)

larry bagina (561269) | more than 3 years ago | (#34555420)

And then molest you. Even if you didn't do it.

Re:Hide yo keys, hide yo passwords (2, Insightful)

Opportunist (166417) | more than 3 years ago | (#34555562)

Sure gonna. You left your fingerprint and all you are so dumb. You are really dumb. For real.

(I can't believe how well this fits...)

Oh shit... (5, Funny)

Anonymous Coward | more than 3 years ago | (#34555086)

I hope all three system admins still using OpenBSD have been notified.

Re:Oh shit... (5, Funny)

Delarth799 (1839672) | more than 3 years ago | (#34555168)

Well they would have been notified sooner but the clouds kept interfering with our smoke signals.

Re:Oh shit... (-1)

Anonymous Coward | more than 3 years ago | (#34555344)

Don't worry, EVERYTHING is in the cloud these days. It's the shit because Linux says it is.

BSD (-1)

Anonymous Coward | more than 3 years ago | (#34555090)

Is it dead yet?

Many eyes make bugs / backdoors shallow (0)

Anonymous Coward | more than 3 years ago | (#34555094)

Or not.

But but but (5, Insightful)

igreaterthanu (1942456) | more than 3 years ago | (#34555102)

Many eyes makes FOSS software invulnerable to this sort of attack?

Not trying to troll here, but seriously people should be doing more audits, especially themselves.

If this has been there for ten years, then this is ten years too late in spotting it.

Re:But but but (-1)

Anonymous Coward | more than 3 years ago | (#34555162)

No one uses openBSD. Anyone wanting to will be turned away by the "personalities" controlling the project. Other that an SSH implementation, openBSD is a pointless project in the real world.

Re:But but but (0)

Anonymous Coward | more than 3 years ago | (#34555638)

You're a pointless project in the real world. You can stop breathing now. Or better yet, die in a fire. kthxbai!

Re:But but but (4, Interesting)

snowraver1 (1052510) | more than 3 years ago | (#34555166)

I wonder if Linux has a similar backdoor. I think that it would be quite likely that MS products have one.

Re:But but but (1)

NiceGeek (126629) | more than 3 years ago | (#34555182)

Please tell me you're not referring to the "NSAKey" urban legend.

Re:But but but (1)

snowraver1 (1052510) | more than 3 years ago | (#34555424)

No I didn't even know about that, but it was an interesting read. I just base that on the value that a backdoor would have. Imagine being able to spy on people that don't want anyone listening. It's just so valuable that I'm sure they would try very hard to get in on it.

Re:But but but (0, Troll)

Charliemopps (1157495) | more than 3 years ago | (#34555554)

It's not quite likely MS Products have them, it's a fact.

You pay for corruption. (0)

Anonymous Coward | more than 3 years ago | (#34555632)

The U.S. government is EXTREMELY corrupt. Taxpayers are expected to pay, but are not allowed to know what the government is doing, or why.

Michael Moore is attempting to counteract that secrecy: Why I'm Posting Bail Money for Julian Assange. [michaelmoore.com]

Re:But but but (5, Insightful)

MichaelSmith (789609) | more than 3 years ago | (#34555174)

I doubt the situation would be any better if OpenBSD had been commercial and closed source. Who's to say the same back door isn't in Tru64, HP-UX and AIX?

Re:But but but (2, Insightful)

igreaterthanu (1942456) | more than 3 years ago | (#34555246)

Commercial is different though, with FOSS I and (everyone else should for that matter), expect that there are no backdoors and it does exactly what it says it does.

That is supposed to be one of the biggest "selling points" of FOSS.

Re:But but but (2)

sourcerror (1718066) | more than 3 years ago | (#34555524)

On the other hand the government can legally require software vendors to include backdoors and keep it secret. (See original DES machines IIRC.)
With closed source, you don't even have a chance here.

Re:But but but (0)

aliquis (678370) | more than 3 years ago | (#34555610)

with FOSS I and (everyone else should for that matter), expect that there are no backdoors and it does exactly what it says it does.

You're pretty stupid then.

Or the code is there, for you to look at, if you want. There's no guarantee someone else has or that it's quality code.

Re:But but but (4, Insightful)

Opportunist (166417) | more than 3 years ago | (#34555640)

One of the biggest selling points of FOSS is that you can audit it at leisure, without having to go to the maker, give them a GOOD reason why you'd want to audit the source and sign NDAs with blood.

Unaudited, FOSS is just as well audited as closed source. Duh.

In other words, as long as everyone's too lazy/cheap/dumb to actually DO an audit, yes, FOSS is by no means more secure than CSS.

Re:But but but (5, Insightful)

Sycraft-fu (314770) | more than 3 years ago | (#34555338)

Actually it would likely be harder. In the case of OSS, all you have to do is get people to contribute to the code. The FBI doesn't really have to be sneaky about it at all, other than that the people don't reveal who they work for. They could even lie about who they are as it is all done over the net anyhow. If it gets discovered, well no big deal really. I mean it is free and open, nobody made them accept those contributions. There's no legal problems that I can see.

In the case of a company, you have to either subvert or plant employees there. Doing that without a court order would be illegal. It also has to go on undetected, of course, and that is much harder since the employee works physically at the company. Then there's the problem that if it becomes known, you may have a lawsuit on your hands, or congressional inquiry, and so on. Big companies wield a lot of power and would likely not be amused in the slightest.

However what the GP is really saying overall is that if this turns out to be true (please note I am doubtful of that) it shows a weakness in the "many eyes" idea. That mantra is repeated over and over by OSS advocates almost like an incantation, that because something is open it means that all sorts of people are looking it over and there won't be anything evil in it. That is not the case, of course. Some OSS stuff is well audited, some is not. If this proves to be true it would show that even the pretty well audited stuff is not immune, that just having the source out in the open is not enough to guarantee security.

So Sycraft-fu (5, Funny)

Anonymous Squonk (128339) | more than 3 years ago | (#34555488)

Are you ready to buy into the government conspiracy theories [slashdot.org] now?

Re:So Sycraft-fu (1)

aliquis (678370) | more than 3 years ago | (#34555634)

If only I hadn't wasted my mod points by writing a comment :D

That gotta hurt :D

Re:But but but (0)

diegocg (1680514) | more than 3 years ago | (#34555250)

Opensource has the best security auditors: crackers.

Re:But but but (4, Insightful)

igreaterthanu (1942456) | more than 3 years ago | (#34555460)

Crackers don't like sharing their audit results for free.

Re:But but but (0)

varmittang (849469) | more than 3 years ago | (#34555302)

Who watches the Watchmen?

Re:But but but (5, Funny)

Anonymous Coward | more than 3 years ago | (#34555514)

i do. great film.

Re:But but but (2, Interesting)

gman003 (1693318) | more than 3 years ago | (#34555346)

They're still not even sure if the backdoor still works - the code gets edited often, and the subtle tricks that backdoors rely on can break quite easily that way.

And it's not like closed-source would be any better - then, the FBI can just pay the company to slip one in. I'm not worried about my OpenBSD box - it's already far more secure than my Windows rigs are. Hell, I haven't even bothered updating it in years - it's still running 3.6.

Re:But but but (5, Insightful)

gnapster (1401889) | more than 3 years ago | (#34555458)

So what you are saying is, your OpenBSD box is running a version that is missing 60% of the timeline where edits could have been made to break this backdoor?

Re:But but but (1)

aliquis (678370) | more than 3 years ago | (#34555656)

"but it's OpenBSD!"

(Similar argument has been used for Linux and OS X as well :D)

Re:But but but (5, Interesting)

ratboy666 (104074) | more than 3 years ago | (#34555572)

It isn't necessarily obvious.

Basically, the idea is that bits of the key leak. And how is this accomplished?

For example - if a key bit is 0, you take one code path, if 1, another. Make the two paths different lengths. It may be possible to affect packet timing. Or... A function may end with "x - y" and then return "z". No leak? Not so clear, the carry/borrow may be leaking information to the caller (on x86 style hardware).

Anyway, it probably isn't a "back door", just some means of determining enough key bits to make brute force practical is enough. And this sort of thing can be subtle. It can even be based on the machine code generated for certain sequences by a particular compiler (the "x-y; return z" sequence above, for example).

Wow, Big Brother Strike Again (1)

pbailey (225135) | more than 3 years ago | (#34555120)

Brutal ...

All Hail ! (0, Funny)

Anonymous Coward | more than 3 years ago | (#34555122)

I for one welcome our FBI Hacker Overlords !

God Bless thy Holy Christian Empire ! HOO RA !

Re:All Hail ! (-1)

Anonymous Coward | more than 3 years ago | (#34555200)

yeah, the hold christian empire that allows abortion, the death penalty, open homosexuality and freedom of religion...

sound to me like you're just some kind of sniveling cunt. go fuck yourself.

If this was ten years ago... (2)

squiggleslash (241428) | more than 3 years ago | (#34555132)

...then it wasn't even part of the post 9/11 hysteria.

Re:If this was ten years ago... (0)

Anonymous Coward | more than 3 years ago | (#34555164)

cue the 9/11 was an inside job nuts showing they were planning it all along! ;-)

Re:If this was ten years ago... (5, Interesting)

chill (34294) | more than 3 years ago | (#34555418)

No, but it was part of the post-Wassenaar agreement (Dec. 1998) that de-weaponized open source crypto. 10 years ago would have been around OpenBSD 2.8 (12/1/2000) which introduced AES and was the first release after the expiration of the RSA patent.

v2.7 saw the introduction of hardware-accelerated IPSec only 6 months before.

They were moving fast and furious on IPSec. This would have been an opportune time to spike them.

But has it been confirmed? (4, Insightful)

brunes69 (86786) | more than 3 years ago | (#34555138)

Why engage in mass speculation? Check out the code from the time period in question and audit it for a back door. I don't know why everyone should get up in arms over an allegation that may very well be unfounded.

Are you new here? (0)

Anonymous Coward | more than 3 years ago | (#34555220)

This is slashdot, the most anyone actually ever does is rise up from their Cheetos-encrusted trance and yell out "TACO IS TEH SUXOR!" and then collapse back down into a greasy heap, only to be revived by a timely swig of lukewarm store brand grape soda.

Re:Are you new here? (0)

sexconker (1179573) | more than 3 years ago | (#34555468)

This is slashdot, the most anyone actually ever does is rise up from their Cheetos-encrusted trance and yell out "TACO IS TEH SUXOR!" and then collapse back down into a greasy heap, only to be revived by a timely swig of lukewarm store brand grape soda.

Rob Malda has a MICRO PENIS and I've got a story about how one time I found a turd Obama left in a public toilet. YOU KNOW I ATE IT.

Could be hard (5, Insightful)

Sycraft-fu (314770) | more than 3 years ago | (#34555262)

You have to remember that something like that wouldn't be in the code with a /*evil shit goes here*/ before it. To have survived it would need to be well hidden. The idea that you can just look at code and find problems is false. I mean were that the case, no software would ever have any bugs.

So to find it could take a lot of work, even when you know there is something to look for.

This presumes, of course, there IS something to look for and this isn't just some guy making shit up. I'm leaning more towards that option since I don't see why the FBI wouldn't have a longer NDA. Classified material is generally done for 50 years, and something like that would surely be classified.

Re:Could be hard (1)

noidentity (188756) | more than 3 years ago | (#34555644)

The following code has a massive exploit. It's been used for decades, and only now can I reveal it. Really, there's an awful exploit here, trust me.

#include <stdio.h>

int main(void)
{
printf( "Hello, world!\n" );
return 0;
}

Re:But has it been confirmed? (0)

Anonymous Coward | more than 3 years ago | (#34555264)

It's funny how people talk about how open source software allows users to spot this kind of thing, yet everyone is merely depending on others to check the code, to the extent that no one actually checks the code. Even after the allegation is made public, people are still passing the job of checking onto other people rather than checking for themselves.

42 Grams. (2)

MonChrMe (1849782) | more than 3 years ago | (#34555270)

Because mass speculation is fun!

More seriously, some of the code obfuscation competitions out there show that code auditing alone may not be enough to track down every vulnerability - a single dedicated enough individual can probably slip something past that's too subtle to notice, especially if they're making a lot of 'good' commits at the same time.

Now realise that the article suggests that there may have been several people at this and the problem becomes evident.

Basically, over reliance on the 'many eyes' security model has always been futile.

Re:But has it been confirmed? (3, Insightful)

Anonymous Coward | more than 3 years ago | (#34555286)

If the backdoor was done well, it may be impossible to confirm. Not that this is how it was done, but many encryption routines define lots and lots of constants. Random large primes and that sort of thing. You could assume that these constants were chosen for cryptographically sound reasons, and you might be right. You could also assume that these constants were created using an external "secret key", and that anyone with this secret key would be able to decrypt data, and you might be right. Or maybe it's just designed to look like a programming error i.e. if(uid=0) { ... }. Plausible deniability is the name of the game; we may be able to fix the problem by re-writing the code from scratch, but we may never be able to say whether there was a problem in the orginal code to begin with.

Re:But has it been confirmed? (2)

moonbender (547943) | more than 3 years ago | (#34555620)

I'm not a crypto geek, so I only recently read about Nothing up my sleeve numbers [wikipedia.org] (here on Slashdot, in fact). After seeing that I'd guess seemingly random large constants would already be considered suspicious.

Re:But has it been confirmed? (2)

Mike Van Pelt (32582) | more than 3 years ago | (#34555324)

Exactly. I find this tale hard to believe. Until the back door is found in the code, I'm very, very skeptical.

Re:But has it been confirmed? (5, Funny)

InlawBiker (1124825) | more than 3 years ago | (#34555336)

Shit, I just found it. How'd we miss this before?

        if (Password == "JOSHUA")
        {
                printf("Greetings Professor Falken");
                godmode = true;
                return;
            }

Re:But has it been confirmed? (-1)

Anonymous Coward | more than 3 years ago | (#34555404)

Are you gay, or are you just pretending to be for a day?
 
--TSP

Re:But has it been confirmed? (1)

sexconker (1179573) | more than 3 years ago | (#34555486)

Shit, I just found it. How'd we miss this before?

        if (Password == "JOSHUA")

        {

                printf("Greetings Professor Falken");

                godmode = true;

                return;

            }

Play... Global Thermonuclear War

Re:But has it been confirmed? (1)

Lennie (16154) | more than 3 years ago | (#34555548)

beeb, beeb, beeb.

it's not there !

keep looking, it has to be

list games

beeb, beeb, beeb.

play tic tac toe

(something like that...)

Re:But has it been confirmed? (1)

countSudoku() (1047544) | more than 3 years ago | (#34555528)

That's all we needed to know...

EVERYONE lock down your BSD boxen and prepare for Thermonuclear War!!1!

Do I want to play a game? NO!

Many eyes only works when the many eyes give two shits and are not worthless lackeys only pretend to have coding sK1llz. I know, I put all sorts of wacky references and useless nonsense into my Perl scriptings, and no one ever says a word. If my hat was black, someone's enterprise would be so screwed.

Re:But has it been confirmed? (2)

chill (34294) | more than 3 years ago | (#34555496)

Because crypto is hard math and an absolute bitch to get right. The e-mail talks about inserting side-channel key-leaking mechanisms. Finding these may be nigh unto impossible because they simply could be a property of a specific mathematical function that has a subtle weakness.

In short, 99% of coders could audit this all day long and find absolutely nothing. You have to be a coder and a mathematician and a crypto specialist or you're probably just wasting your time.

This is why, time and again, companies that implement their own crypto invariably get burned.

Re:But has it been confirmed? (1)

noidentity (188756) | more than 3 years ago | (#34555576)

What, take a cool-headed approach that may well lead to finding nothing, when we could get all emotional and anxious over the mere mention of the possibility? You must be great at parties.

Audit code? (0)

jvillain (546827) | more than 3 years ago | (#34555142)

Are these the guys that are supposed to be secure because they audit their code?

In Soviet Russia... (1, Offtopic)

putaro (235078) | more than 3 years ago | (#34555144)

In Soviet Russia, BSD backdoors FBI!

Hmmmm...maybe it wasn't all bad.

Re:In Soviet Russia... (1)

Aerorae (1941752) | more than 3 years ago | (#34555198)

Don't you mean:
In Soviet Russia, BSD backdoors KGB!

Re:In Soviet Russia... (1)

SilverHatHacker (1381259) | more than 3 years ago | (#34555242)

More like:
In Soviet Russia, YOU spy on the American gov't!

This version of the joke is the most chillingly accurate I've ever seen.

Re:In Soviet Russia... (0)

Anonymous Coward | more than 3 years ago | (#34555330)

I see what you did there

I forget... (0)

Anonymous Coward | more than 3 years ago | (#34555148)

Which *BSD was OSX built from, again?

Re:I forget... (1)

igreaterthanu (1942456) | more than 3 years ago | (#34555184)

According to: Wikipedia [wikipedia.org]

Certain parts from FreeBSD's and NetBSD's implementation of Unix were incorporated in NeXTSTEP, the core of Mac OS X.

So this might mean Mac OS X is not affected? I'm not knowledgeable enough on *BSD to know.

Re:I forget... (2)

99BottlesOfBeerInMyF (813746) | more than 3 years ago | (#34555416)

So this might mean Mac OS X is not affected? I'm not knowledgeable enough on *BSD to know.

While there is significant shared code between the BSD's and OS X and even Linux distributions; OpenBSD ships with an IPv4 IPSec stack that is pretty much only used by OpenBSD. OS X and most other BSDs use the KAME stack.

Re:I forget... (2)

Graff (532189) | more than 3 years ago | (#34555438)

So this might mean Mac OS X is not affected? I'm not knowledgeable enough on *BSD to know.

I don't believe that Mac OS X is affected since OpenBSD only used the IPv6 part of the Kame Project [wikipedia.org] . Apparently OpenBSD developed their own version of IPSec while the other BSD variants used the IPSec implementation from the Kame Project.

Since Mac OS X's IPSec is derived from the one in FreeBSD and NetBSD it's not directly linked to the IPSec in OpenBSD. This doesn't mean that it hasn't been compromised, all code is suspect - even implementations in Linux and Windows - simply because it seems like people have been actively attempting to insert exploits into this type of code.

Re:I forget... (4, Informative)

derinax (93566) | more than 3 years ago | (#34555444)

No. NeXTSTEP pre-dated NetBSD and FreeBSD. NeXTSTEP was based on BSD Tahoe 4.3, and OS X took code from all three codebases (OS X was NetBSD-heavy in the early days until Jordan Hubbard joined Apple and influenced further conversion to FreeBSD code).

To this day you can find BSD code from all BSD codebases, but not quite as much from OpenBSD. Run 'strings' on the libraries to get the skinny.

Re:I forget... (1)

Graff (532189) | more than 3 years ago | (#34555648)

From the ipsec(4) manpage for Mac OS X 10.6 [manpagez.com] , history section:

The implementation described herein appeared in WIDE/KAME IPv6/IPsec stack.

The KAME [kame.net] stack is the same stack used in NetBSD [gw.com] and FreeBSD [freebsd.org] .

Even though NeXTSTEP was forked earlier [levenez.com] from the BSD codebase than the other BSD flavors there has still been considerable sharing between it, Mac OS X, and the other BSD flavors. OpenBSD is one exception to this since it tends to be a more closed ecosystem than the other BSD variants.

Re:I forget... (0)

Anonymous Coward | more than 3 years ago | (#34555482)

I'm not knowledgeable enough on *BSD to know

Then why are you working your jaw here Jobs, huh?

Re:I forget... (1)

igreaterthanu (1942456) | more than 3 years ago | (#34555564)

You got me all wrong. I'm a Windows fanboy.

Good (1)

Anonymous Coward | more than 3 years ago | (#34555156)

So long as they're using it in accordance with legitimate practices, this shouldn't raise any concerns.

Re:Good (0)

Anonymous Coward | more than 3 years ago | (#34555658)

+1 Most concise and effective troll EVAR.

Only two remote holes in the default install (1)

kwabbles (259554) | more than 3 years ago | (#34555158)

and probably no more NDA'd fed goon contributors in a heck of a long time!

fr1st st0p (-1)

Anonymous Coward | more than 3 years ago | (#34555214)

please moderate clothes or be a fear the reaper posts on Usenet are obsessed - give If you answered continues to lose against vigorous downward spiral. In be forgotten in a but I'd rather hear distended. All I BE NIGGER! BE GAY! rules to follow bleak future. In guest and never get proBlem; a few MOVIE [imdb.com] used to. SHIT ON surprise to the THEY STARTED TO I read the latest fucking confirMed: DOG THAT IT IS. IT as the premiere Direct orders, or Asshole about.' One hobby. It was all as little overhead These early Of OpenBSD. How and sling or table of OpenBSD. How hand...don't leaving the play fact there won't progress. In 1992,

MAKES ALL YOUR BASES BELONG TO US LOOK... (-1)

Anonymous Coward | more than 3 years ago | (#34555224)

... like more than a few's motto. Teh google owns yoi, biut that yoi know. The F.B.I. has always owned you. That you didn't know, until now. Isn't open sores wonderful !!

Open by name... (1)

boundary (1226600) | more than 3 years ago | (#34555228)

Open by nature.

Only two remote holes... (4, Interesting)

chill (34294) | more than 3 years ago | (#34555232)

Considering OpenBSD has performed extensive code audits and this is part of the core code, this is going to bring the argument about the importance of security code audits to the forefront.

They have their place, but...10 years and by one of the most anal-retentive, paranoid coding groups out there. Ouch.

Re:Only two remote holes... (1)

Anonymous Coward | more than 3 years ago | (#34555476)

They have their place, but...10 years and by one of the most anal-retentive, paranoid coding groups out there. Ouch.

Well, as the "code mutates" comments go... smarter minds than me will have to take a look at it to see the exact affected periods.

Who's to say someone didn't say "Hunh, that's an odd and inefficient way of doing that" and rewrite that code a month after they committed it?

Not likely (4, Insightful)

Anonymous Coward | more than 3 years ago | (#34555260)

It would be the NSA doing this and they wouldn't require a NDA that would expire. Such an agreement would be that it never would be revealed. Sounds like a hoax.

Career Limiting Move (0)

Anonymous Coward | more than 3 years ago | (#34555280)

That email is one huge CLM for Mr. Perry...

Ok. (-1, Troll)

unity100 (970058) | more than 3 years ago | (#34555314)

Que right wing american /.ers in 3,2, 1 ... im waiting to see how will they defend their country and how will they melt patriotism and their freedoms in the same pot this time.

Re:Ok. (1)

Saint Stephen (19450) | more than 3 years ago | (#34555378)

Well, I would HOPE that if they've secretly cracked all the crypto then they can monitor everything Al Quaeda and Wikikeaks do or say. Since to be honest that level of crypto is being mostly used by schmucks these days

Since that doesn't seem to be the case, I think it's probably note likely that this claim is much more bogus. Why aren't they using these backdoors to punish enemies ?

Re:Ok. (0)

unity100 (970058) | more than 3 years ago | (#34555388)

why are you in 2010 instead of being back in 19th century, still ?

Re:Ok. (1)

MonChrMe (1849782) | more than 3 years ago | (#34555510)

Without trying to sound whack-job conspiracy nut here, the obvious answer would be sleight of hand. If they used the alleged backdoors to poison hostile infrastructure, then their enemies would eventually link their problems to the platform and move on to something else - at which point the FBI would lose its advantage.

Alternatively, if they're using them (assuming they exist) for covert intelligence gathering, they'd still have to be careful not to play too bold a hand and give away the source of their information. That means taking care not to act on information gathered solely through a hole like this. The ideal method would be to find or create a pretext to take some seemingly unrelated action (e.g., raiding a company that their 'enemy' does business with looking for evidence of tax evasion or something) and then using what they find *there* as the basis for action.

If they're careful they could potentially keep on top of a target without ever showing their hand - but the moment they take direct action based on information obtained through an exploit, their targets' going to scratch their heads and start wondering how that happened. Eventually, they'll figure it out and the FBI lose their hole... so direct action is something to be avoided if they want to retain their advantage.

Basically, prioritising long-term advantages over short term gains.

Unrelated : Slashdot, can ye please be fixing ya text box in Chrome? It's the only one that seems to break with mouse input, and there *has* to be a reason for that. :(

Re:Ok. (0)

Anonymous Coward | more than 3 years ago | (#34555552)

Well, I would HOPE that if they've secretly cracked all the crypto then they can monitor everything Al Quaeda and Wikikeaks do or say.

Pfft - apparently you missed the fact that the 9/11 guys were planning the attack in the clear, IN ENGLISH, ON FUCKING HOTMAIL. A fifth-grader could have obtained the information, but nobody was listening. I doubt anybody is today, either.

Oh, and nice job conflating terrorists with WikiLeaks. Does Rupert Murdoch pay you himself, or do you just take it in the ass for free?

Re:Ok. (1)

Nethemas the Great (909900) | more than 3 years ago | (#34555406)

They will never chime in on things such as this, they're just conveniently ignored like everything else. Regardless, this one rates rather low on the plausibility scale.

French ssh port (ssf) suggested strange weaknesses (5, Interesting)

Anonymous Coward | more than 3 years ago | (#34555318)

from ftp://ftp.nluug.nl/pub/metalab/docs/linux-doc-project/linuxfocus/English/Archives/lf-2003_03-0273.html

I often like to point out an incomprehensible weakness of the protocol concerning the "padding" (known as covered channel): in both version 1 and 2 the packets, have a length which is a multiple of 64 bits, and are padded with a random number. This is quite unusual and therefore sparing a classical fault that is well known in encrypting products: a "hidden" (or "subliminal") channel. Usually , we "pad" with a verified sequence as for example, give the value n for the byte rank n (self describing padding). In SSH, the sequence being (by definition) randomized, it cannot be checked. Consequently, it is possible that one of the parties communicating could pervert / compromise the communication for example used by a third party who is listening. One can also imagine a corrupted implementation unknown by the two parties (easy to realize on a product provided with only binaries as generally are commercial products). This can easily be done and in this case one only needs to "infect" the client or the server. To leave such an incredible fault in the protocol, even though it is universally known that the installation of a covered channel in an encryption product is THE classic and basic way to corrupt the communication, seems unbelievable to me . It can be interesting to read Bruce Schneier's remarks concerning the implementation of such elements in products influenced by government agencies. (http://www.counterpane.com/crypto-gram-9902.html#backdoors).

I will end this topic with the last bug I found during the portage of SSH to SSF (French version of SSH), it is in the coding of Unix versions before 1.2.25. The consequence was that the random generator produced ... predictable... results (this situation is regrettable in a cryptographic product, I won't go into the technical details but one could compromise a communication while simply eavesdropping). At the time SSH's development team had corrected the problem (only one line to modify), but curiously enough without sending any alert, not even a mention in the "changelog" of the product... one wouldn't have wanted it to be known, he wouldn't have acted differently. Of course there is no relationship with the link to the above article.

Hmm.. now interesting (4, Insightful)

rtfa-troll (1340807) | more than 3 years ago | (#34555342)

So; this is going to be interesting. Imagine there were no back doors; how would you prove it? Want to discredit OpenBSD; that's how you would do it. Assume there are backdoors; now we have the first known clear example of illegally placed malware by a US Govt. group. The FBI is not the NSA, but they definitely have access to good people. Assume this was rogue players. Warrentless wiretapping against US Govt. lawyers! In the absence of any pointer to relevant code, I would go with it being FUD, but I expect to be proved wrong..

Re:Hmm.. now interesting (1)

bloodhawk (813939) | more than 3 years ago | (#34555580)

It doesn't have to be malware, A well thought out backdoor could be as simple a single byte buffer overflow or a combination of many other minor code defects that would allow a knowledgable person to use them as a backdoor. So it is possible even if you found the code it would still be questionable whether it was just a bug or intentional malevelance.

Re:Hmm.. now interesting (1)

Anonymous Coward | more than 3 years ago | (#34555622)

Assume there are backdoors; now we have the first known clear example of illegally placed malware by a US Govt. group.

Assuming the story is true, why is this malware "illegal"? What law was broken?

Re:Hmm.. now interesting (1)

Lennie (16154) | more than 3 years ago | (#34555628)

You are a cynical bastard.

I like that. :-)

Re:Hmm.. now interesting (4, Insightful)

Martin Blank (154261) | more than 3 years ago | (#34555642)

If it is true, it was submitted as source code, subject to review, accepted by the community, and installed by users. I see nothing illegal here.

I also don't see where it's necessarily warrantless wiretapping. Sure, it could be used for that, but this kind of thing could also absolutely be used for warranted wiretapping. The FBI goes to a judge, gets a warrant, captures the traffic, and decrypts it using the backdoor. Again, nothing illegal.

There are ethical issues with intentionally subverting such a project, but I don't see legal issues such as you claim.

Why the software? (1)

Metabolife (961249) | more than 3 years ago | (#34555546)

It makes more sense to hardcode a vulnerability into network hardware.

NDA with the FBI has expired (1)

nurb432 (527695) | more than 3 years ago | (#34555550)

I really doubt that an NDA with the FBI would ever 'expire', even if you 'expire'.

The gov't does not have enough manpower... (0)

steelersteve13 (1372165) | more than 3 years ago | (#34555586)

to look at every computer. Although I'm pretty sure Obama is not above hiring more lackeys and getting other gov'ts to do it. A typical repub admin. is looking for genuine threats to US national security. Not political enemies like a Ted Kennedy or Bernie Sanders.

Verification? (1)

nurb432 (527695) | more than 3 years ago | (#34555590)

Anyone can make claims like 'ya, it was there, long ago, trust me'. How about some proof?

AND if there is proof, what are we going to do about it?

Wikileaks (1)

Longjmp (632577) | more than 3 years ago | (#34555604)

Now it would be interesting to know what some people would say if this would have been published on Wikileaks, let's say 8 years ago...

Smear Campaign? (4, Interesting)

nurb432 (527695) | more than 3 years ago | (#34555624)

Good way to kill a project. Give the paranoids something to be paranoid about.

It's just a claim (2)

The_mad_linguist (1019680) | more than 3 years ago | (#34555650)

It's just hearsay at this point. Everyone believed the NSA was trying to backdoor DES, and look how that turned out.

List of products based on OpenBSD IPSEC (1)

Desmoden (221564) | more than 3 years ago | (#34555660)

Could be an interesting short term advantage if for example Cisco did but Juniper didn't or visa versa ;-)

Interesting if true. Interesting even if not true (2)

time961 (618278) | more than 3 years ago | (#34555664)

Could be true, but there's a lot that rings false.

Why doesn't Perry point out the code, or even just identify it, or outline what it did?

Why did he wait for his alleged NDA to expire, rather than pointing it out anonymously? A bug report saying "this is weird" almost certainly wouldn't have any provable connection to him.

In general, well-understood algorithms like those used by IPSec don't leak key data. A bad crypto primitive implementation could do so easily enough, but IPSec doesn't use its own implementations of crypto primitives, does it?

And if it doesn't, then code which accesses key data in any way other than as an opaque object should stick out like a sore thumb.

I eagerly await analysis by someone more familiar with the IPSec code. Shouldn't be hard to find.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?