×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

239 comments

Oh come on (0)

Anonymous Coward | more than 3 years ago | (#34561510)

The duplicate story is still on the front page! http://bsd.slashdot.org/article.pl?sid=10/12/15/004235 [slashdot.org]

Re:Oh come on (4, Insightful)

TheRaven64 (641858) | more than 3 years ago | (#34561568)

The difference is that the original story is posted by kdawson, so no registered users will see it, because we've all blocked him from the front page. This one is posted by Taco, so we'll see it.

Re:Oh come on (0, Offtopic)

pz (113803) | more than 3 years ago | (#34561886)

The difference is that the original story is posted by kdawson, so no registered users will see it, because we've all blocked him from the front page. This one is posted by Taco, so we'll see it.

What, kdawson is still working at Slashdot? Amazing. If Taco has any smarts at all, he'd let kdawson go. No one I know reads his drivel.

Taco, you listening?

Re:Oh come on (0, Offtopic)

Farmer Tim (530755) | more than 3 years ago | (#34562050)

If Taco has any smarts at all, he'd let kdawson go.

I believe there's a law against releasing defenceless pets into the wild.

Re:Oh come on (0)

techsoldaten (309296) | more than 3 years ago | (#34562232)

That's why so many blonde socialites keep Chihuahuas. I hear kdawson is kept in a similar way, posting articles using a blackberry from his owner's purse.

Re:Oh come on (0)

Anonymous Coward | more than 3 years ago | (#34562476)

This truth truly made me rofl

Re:Oh come on (0)

Anonymous Coward | more than 3 years ago | (#34562624)

This truth truly made me rofl

You're a bunch of easily amused motherfuckers.

Where's the humor that's clever and witty? Oh, right, it's buried underneath a -1 moderation. Ever notice that only the inoffensive politically correct crap gets a +5 Funny?

Re:Oh come on (0)

Anonymous Coward | more than 3 years ago | (#34562416)

Taco, you listening?

Not for at least the last ten years, no. I wouldn't be surprised if there was no editor at all for this site, just a perl script that picks a story at random. And I'm not kidding either.

Re:Oh come on (1)

clone52431 (1805862) | more than 3 years ago | (#34562488)

No, I don’t think so, because they do sometimes edit the stories. I know they edited one that I posted, they converted it from a logically divided 3-paragraph submission into a single glob of text, just like any other story.

Re:Oh come on (3, Funny)

eln (21727) | more than 3 years ago | (#34562592)

Nonsense. Nobody working for this site has ever been a good enough perl coder to pull that off.

Re:Oh come on (3, Insightful)

ledow (319597) | more than 3 years ago | (#34562440)

Funnily, that's exactly what happened to me - I wondered what people were talking about when they said it was a dupe. This is the only website I've ever had to block a submitter on, and kdawson the ONLY author I've ever had to block on any website because every submission I read from them annoyed me or was blatantly complete bollocks.

Re:Oh come on (1)

LWATCDR (28044) | more than 3 years ago | (#34562468)

So slashdot gets a twofor.

BTW the Indian extremists have been infiltrating Microsoft for years and have places many back doors into Windows so they can shutdown all our systems. Their main target is the thought control experiments based in Montauk NY at the secret underground base their. They are hoping that they can remotely activate it and then while we are under their control gain access to the secret base under the new Denver Airport.

Re:Oh come on (-1)

Anonymous Coward | more than 3 years ago | (#34562626)

Another jack-ass comment for a jack-ass masturbator. I'm sure you think your mom is sexy, but unlike you, I've never seen her naked.

Re:Oh come on (1)

HermMunster (972336) | more than 3 years ago | (#34562732)

Have these two deniers stated whether they are under NDA still? Why would they admit to it when doing so would brand them?

Even though I think it is tough to miss something like that in the code it is still possible. Everyone should look to ensure that removal is performed.

If they could do that then they'd do it in Windows. Windows is closed source and easily altered. If it is verified in BSD you can be guaranteed it's in Windows.

Though this is likely true (that the code is there), it is difficult for me to see them having the programming skills back then to write something so sophisticated that it would go undetected for over a decade.

Why was the "leaker" under NDA to begin with?

Please correct. (5, Informative)

santax (1541065) | more than 3 years ago | (#34561528)

It was not Theo that made that claim. It was Theo that released the email he got from the guy making that claim! Big big difference!

Re:Please correct. (2, Insightful)

skids (119237) | more than 3 years ago | (#34561754)

I would go on a rant about how anyone who wants to post main stories should really be forced to attend at least a half-day seminar on basic journalistic essentials.

But considering how an entire degree in journalism does not seem to have helped the professional media....

Re:Please correct. (-1, Troll)

daid303 (843777) | more than 3 years ago | (#34561758)

He did release the claim into the wild, possibly without verifying anything. Being who he is, people believe what he has to say.

Re:Please correct. (0)

Anonymous Coward | more than 3 years ago | (#34561854)

You didn't actually read his mail, am I right?

Re:Please correct. (2)

skids (119237) | more than 3 years ago | (#34561912)

You mean they believe things like "I have received a mail" and "It is alleged..."? How horrible.

Or do you mean that CmdrTaco being who he is, people believe what he says Theo has to say.

Re:Please correct. (1)

delt0r (999393) | more than 3 years ago | (#34561772)

So instead of Some guys found something, its I know a guy who think he found something.... Yea really credible.

Re:Please correct. (1)

Lumpy (12016) | more than 3 years ago | (#34562342)

It works for the MOB and gangs... want a rival killed? start rumors they are working for the cops, fbi, are dirty and skimming from the boss, etc.. Keep it up and word wil spread and get back to his guys who end up "fixing the problem".

Works in the non-cime world as well. Sysadmin acting like a BOFH? start planting small rumors he is stealing or hacking from work. Want to put questions in the minds of people who might switch from windows? put out there a "rumor" that it has Government backdoors in it.

FUD works great in all walks of life.

Re:Please correct. (1)

0123456 (636235) | more than 3 years ago | (#34562576)

It works for the MOB and gangs... want a rival killed? start rumors they are working for the cops, fbi, are dirty and skimming from the boss, etc.. Keep it up and word wil spread and get back to his guys who end up "fixing the problem".

Interestingly, I was reading this morning about the FBI in the 70s spreading false claims that members of radical groups were actually FBI informants in the hope of disrupting said radical groups.

Re:Please correct. (5, Informative)

jfruhlinger (470035) | more than 3 years ago | (#34561910)

I'm the one who submitted it to Slashdot, and it's totally my fault, not a mistake in TFA. Apologies.

Re:Please correct. (5, Insightful)

John Hasler (414242) | more than 3 years ago | (#34562012)

It isn't totally your fault. It is also the fault of the Slashdot editor who didn't bother to read the article.

Re:Please correct. (1)

santax (1541065) | more than 3 years ago | (#34562014)

You are forgiven my son. Just stay clear from ssh on openbsd for now. Cause I'm not sure Theo will forgive you too :P

Re:Please correct. (4, Insightful)

tenchikaibyaku (1847212) | more than 3 years ago | (#34562068)

Even if there's no truth whatsoever behind the initial claim, I suspect we'll be seeing this pop up in various more and less accurate forms for several years to come.

well (1)

stillpixel (1575443) | more than 3 years ago | (#34561538)

even if it was you, would you admit to it? Reputations and careers could be ruined by something like that.

Re:well (2)

gstoddart (321705) | more than 3 years ago | (#34561794)

even if it was you, would you admit to it?

Depending on the situation, they might not legally be able to admit it. If your work was Classified, you might be prohibited by law from admitting to it.

Not saying that is true or even likely in this case, but it is possible. I wouldn't want to run afoul of a government NDA.

The whole story seemed a bit off (4, Interesting)

Fibe-Piper (1879824) | more than 3 years ago | (#34561570)

I mean the idea that this person would still be alive when "the NDA expired..." was odd.

Why would the FBI make any NDA on something as shameful as this that would expire during one's lifetime?

Well it might (4, Insightful)

Sycraft-fu (314770) | more than 3 years ago | (#34561848)

The normal length for classified material is 50 years. That isn't to say it can't last longer or be declassified earlier, but 50 years is the normal NDA length. Why would this be any different? In particular there was the implication that they'd been heavily pushing it because of the backdoor. Ok but they had to know that the NDA was about to expire and thus the jig would be up and it would be, if anything, harmful.

Makes no sense. I am not buying this in the slightest without some proof. Some guy claiming something in an e-mail isn't proof, that is Internet nuttery as normal.

Re:Well it might (2)

Fibe-Piper (1879824) | more than 3 years ago | (#34562432)

The normal length for classified material is 50 years. That isn't to say it can't last longer or be declassified earlier, but 50 years is the normal NDA length. Why would this be any different?

FTA -

"...sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago."

I think that 50 years sounds normal for an agency whose job has become protecting secrets. A decade does not sound like something that would benefit them at all. That's what seemed strange to me about the original article.

Re:The whole story seemed a bit off (1)

cinderellamanson (1850702) | more than 3 years ago | (#34562326)

Because this is soooo, not the FBI's job. This shit belongs in the jurisdiction of the NSA. Barney Fifes across the US will be partying tonight.

Re:The whole story seemed a bit off (1)

Anonymous Coward | more than 3 years ago | (#34562652)

This wouldn't be under NDA, it would be classified, and the only way it would be releasable was if it had a declassification date. If that were the case, it would be available under FOIA.

Wrong summary (3, Informative)

Anonymous Coward | more than 3 years ago | (#34561622)

Oh please, de Raadt didn't claim shit. Here's the original mail [marc.info].

Theo seems skeptical himself, he just didn't want to hold back a potential security issue.

NDA (1)

Ismellpoop (1949100) | more than 3 years ago | (#34561628)

If you made a deal to keep a secret you keep that secret. Also I'm sure there could be repercussions for blabbing. My job they just fire you and there is a possibility of being sued by the individual whoes confidence you broke.

Re:NDA (0)

Anonymous Coward | more than 3 years ago | (#34561692)

Too bad they don't fire you for the horrible spelling and grammar.

Re:NDA (0)

Anonymous Coward | more than 3 years ago | (#34562386)

Too bad no one has taken you behind the barn and shot you for being a jackass.

Re:NDA (0)

Anonymous Coward | more than 3 years ago | (#34561768)

If you made a deal to keep a secret you keep that secret. Also I'm sure there could be repercussions for blabbing. My job they just fire you and there is a possibility of being sued by the individual whoes confidence you broke.

Not really. It's common for NDAs to be limited in time & scope. And this guy doesn't claim to have done it himself, he claims that he was aware that other people did this. This guy's NDA may have been a blanket boilerplate NDA not to discuss anything related to his work for 10 years.

Further, assuming this backdoor actually exists and the NDA actually exists, is the FBI going to come out and admit to it so that they can sue the guy? Not likely.

Re:NDA (-1)

Ismellpoop (1949100) | more than 3 years ago | (#34562062)

Not really. It's common for NDAs to be limited in time & scope
So when you go to your doctor or shrink can they say hey its been ten year I can blab about so and so's mental problems or how about lawyers, police, fire, ambulance etc?

Re:NDA (3, Informative)

zn0k (1082797) | more than 3 years ago | (#34562188)

No.

But that's because they're bound by patient confidentiality, and not a boilerplate 10 year "don't talk about anything you learned at work" NDA.

So the two cases don't really compare. At all.

Re:NDA (1)

Pi1grim (1956208) | more than 3 years ago | (#34562212)

Depends on their NDAs. For crying out loud, read the goddamn definition of NDA and what limitations it might have. There is a completely different thing, called patient (in case of a doctor) or client (in case of a lawyer) confidentiality, where they cannot disclose the data of their patient/client without police warrant. In this case it is told, that the guy had a ten-year NDA signed, ten years have passed, he can talk as much as he wants about that job of his. Simple.

Re:NDA (1)

John Hasler (414242) | more than 3 years ago | (#34562266)

Don't be an ass. Professional confidentiality is not the same as an NDA contract, and he didn't claim that all such agreements expire after ten years in any case.

Re:NDA (1)

Qzukk (229616) | more than 3 years ago | (#34562310)

So when you go to your doctor or shrink can they say hey its been ten year I can blab about so and so's mental problems

If you signed a contract saying after 10 years the doctor can blab all he wants, sure.

Re:NDA (1)

PPH (736903) | more than 3 years ago | (#34561836)

I'm sorry, but I'm prohibited by an NDA from discussing any work I may have done for any government organization on that project.

captcha: confuses

Re:NDA (2)

John Hasler (414242) | more than 3 years ago | (#34562402)

> If you made a deal to keep a secret you keep that secret.

If I made a deal to keep a secret for five years I keep it for five years.

Theo made no such claim (0)

Anonymous Coward | more than 3 years ago | (#34561716)

All he did is, properly forward a private email.

Theo de Raadt is clearly an ethical and conscientious person, who deserves our gratitude.

Thanks, Theo. Great job!

Not BSD coder (0)

Anonymous Coward | more than 3 years ago | (#34561740)

FTA: I have not ever contributed a single line of code to OpenBSD;

Funny... (1)

cobrausn (1915176) | more than 3 years ago | (#34561762)

Back before I used Linux (in college), I made a habit out of making all Linux users paranoid by saying if I were the CIA / FBI / NSA / other TLA, I would worm somebody in as a contributor and do my best to put hidden backdoors into all open source operating systems. I know if I were in any of said agencies and had no respect for privacy, I would.

Re:Funny... (1)

BESTouff (531293) | more than 3 years ago | (#34561920)

Whereas you can be sure no one at Microsoft or Apple is coding backdoors for a TLA ?

Re:Funny... (2)

tlhIngan (30335) | more than 3 years ago | (#34562224)

Whereas you can be sure no one at Microsoft or Apple is coding backdoors for a TLA ?

More like, you KNOW there are backdoors in Windows, Mac OS X, iOS, and all the other products they have. But don't switch to open-source purely because it's open-source and therefore, backdoors can't be hidden in the code. Even very careful audits can still miss cleverly hidden backdoors.

The silly thing about this issue is that no one can confirm or deny it, short of a full on hard core code review. The people who did it certainly won't say either way (other than "it might"), the ones who know about it won't acknowledge it. And the backdoor doesn't have to be a shell-granting root access. It can a simple matter of key leakage through subtle means and the code looks otherwise innoculous.

Re:Funny... (2)

Lumpy (12016) | more than 3 years ago | (#34562434)

OF course not. such a coder would be easily spotted because they know what they are doing and produce clean code that works... This will stand out BIG TIME at Microsoft.

Re:Funny... (1)

cobrausn (1915176) | more than 3 years ago | (#34562506)

tlhIngan hit it on the head. I figured they were there for Microsoft and Apple. I just liked screwing with Linux guys who were insisting they were perfectly secure because they used an open source OS.

As I said, I use Linux, so I don't have any axe to grind against open source. I'm just suspicious of pretty much everything.

BSD coder? (1)

Tomun (144651) | more than 3 years ago | (#34561780)

Both deny being BSD coders too!

Re:BSD coder? (1)

Java Pimp (98454) | more than 3 years ago | (#34562184)

Exactly. In the email sent to Theo, Scott Lowe isn't identified as one of the OpenBSD contributors accused of inserting the alleged backdoor.

He is "accused" of advocating OpenBSD while being on the FBI payroll. Which shouldn't matter anyway since that alone does not confirm a backdoor was actually inserted.

Isn't this expected? (1)

Arrepiadd (688829) | more than 3 years ago | (#34561816)

I'm not familiar with these things, but if someone is installing backdoors for the FBI on some software, will he be telling everyone that he works/has worked with the FBI? I wouldn't really expect anything else other than denying it!

This doesn't mean he does work for the FBI, but saying he doesn't isn't going to clear all things up!

I'm shocked! (0)

Anonymous Coward | more than 3 years ago | (#34561868)

I'm shocked to learn that these guys denied it! I mean, if you were working with the FBI, wouldn't you admit to it the moment someone asked?

That's not to say there's necessarily any validity to the claim one way or the other, but the non-acknowledgement from these guys comes as zero surprise, and is in itself a total non-story.

The first sentence of the summary is false. (2)

John Hasler (414242) | more than 3 years ago | (#34561970)

Theo de Raadt has made the shocking claim that OpenBSD includes a backdoor that the FBI paid coders to build.

Theo did no such thing. Perry did.

What the hell? (5, Insightful)

mysidia (191772) | more than 3 years ago | (#34561978)

There was never any OpenBSD contributor named Scott Lowe. Did anyone actually bother to read the source material or check facts, before claiming as such?

The finger was being pointed at Scott Lowe FOR HIS Virtualization BLOG, which are merely articles that discuss the use of OpenBSD.

The mailing list author, was making a totally reckless claim with no proof shown that He was advocating OpenBSD for the benefit of the FBI which is downright ludicrous attention whoring attempt on the part of someone reposting that claim without corroboration.

A mailing list posting by one person is not a credible source to be taken at face value. Information needs to be corroborated. Posting some random person's vague accusations as front page news borders on gross negligence.

Re:What the hell? (2)

John Hasler (414242) | more than 3 years ago | (#34562182)

> There was never any OpenBSD contributor named Scott Lowe.

I don't see where Perry claimed that there was.

Re:What the hell? (1)

Java Pimp (98454) | more than 3 years ago | (#34562218)

There was never any OpenBSD contributor named Scott Lowe.

I don't see where Perry claimed that there was.

He didn't. But TFA does...

Re:What the hell? (1)

Java Pimp (98454) | more than 3 years ago | (#34562314)

Actually, not even TFA does, only the Slashdot summary... which shouldn't surprise anyone...

No BBlobs? (1)

spyingwind (961097) | more than 3 years ago | (#34562076)

Wouldn't we be able to search the code for said backdoor? And correct me if I'm wrong, but BSD can't have binary blobs in it's code.

Re:No BBlobs? (1)

satuon (1822492) | more than 3 years ago | (#34562460)

Are you sure this means the backdoor is obvious? Like "if user == CIA then give_full_root_rights" code snippet lying somewhere?

Re:No BBlobs? (5, Interesting)

Lumpy (12016) | more than 3 years ago | (#34562554)

You dont realize how it is possible to hide evil code in front of someone's face..

http://underhanded.xcott.com/ [xcott.com]

go there and read, look at the winning and runner up entries... If you are a competent coder you can hide things right in front of someone and they will not spot it. It's scary as hell what some of these guys can do.

Re:No BBlobs? (1)

ray-auch (454705) | more than 3 years ago | (#34562602)

The allegation is inclusion of a side-channel in the crypto algorithm for leakage of key bits.

If you know about crypto coding, you'll know instantly why that would be easy to hide and hard to find.

If you don't, then any explanation is likely to be as much gibberish to you as the code would be.

Re:No BBlobs? (2)

0123456 (636235) | more than 3 years ago | (#34562666)

The allegation is inclusion of a side-channel in the crypto algorithm for leakage of key bits.

If you know about crypto coding, you'll know instantly why that would be easy to hide and hard to find.

IPSEC is a well-documented standard: you can't just stick 'random numbers' which happen to contain parts of the key in the data stream as you could with some home-grown crypto system. The fact that it is a standard which has to interoperate with other implementations of the standard eliminates most of the usual methods of deliberately leaking keys.

Certainly there could be deliberate timing effects, etc, but everyone these days should be using crypto implementations which protect against such things.

Theo didn't make the claim (4, Insightful)

7x7 (665946) | more than 3 years ago | (#34562078)

Someone sent an email to Theo making the claim. Theo put it on the internet. Now it's true.

Re:Theo didn't make the claim (2)

interval1066 (668936) | more than 3 years ago | (#34562368)

It looks to me like de Raadt received an email from this Perry saying that he had some kind of NDA with the FBI that was part of a project the FBI hired Perry to do to add a back door to the OBSD ipsec stack, and the tone *seems* to be "ha ha ha, I screwed you" a little bit, shown by his comment about OBSD's DARPA funding. de Raadt isn't confirming or denying, he's simply saying "Look, this asshole is making claims." Claims that should be easily refuted if the OBSD stack is as heavily audited as the group claims.

Re:Theo didn't make the claim (0)

Anonymous Coward | more than 3 years ago | (#34562598)

and the tone *seems* to be "ha ha ha, I screwed you" a little bit,

No it doesn't. It sounds more like "If you wondered why X happened, here is why it might have happened."

Slashdot: "News" (2)

BitHive (578094) | more than 3 years ago | (#34562122)

Because it's too much trouble to quote or reproduce Theo's brief email and people wouldn't know what to make of it anyway.

Bump (5, Interesting)

AdmV0rl0n (98366) | more than 3 years ago | (#34562174)

The raw and cold truth is that contributors to all the open OSs can't really be vetted. Not in a meaningful way. And the number of people who are deep low level 'hackers' capable of writing the code is relatively small. The numbers able to code audit to a level of examination are even fewer. So yes, the code is open, the code is visible, the code can and could be audited. But here is the thing, being auditable is not the same as being audited. And personally, I would not be shocked if a full audit was run if something might be found.

That being said, this is one step better than closed source, where some of the above is not possible or viable, and in cases where money crosses palms, may in fact be unwanted.

Further to this though, I personally don't expect government to simply roll over and die. I expect them to take steps to try and stay one step ahead of bad things, and the relaxing of technology limits has benefitted people across the world, even if I were to make a case that the cost is that at the point of a pyramid - the goves can hunt down the world culprits and suspects. In some cases - releasing the tech in fact has your enemy using that tech after some time and you get to tap into it.

At least its an interesting story :)

Re:Bump (2)

Xemu (50595) | more than 3 years ago | (#34562628)

The raw and cold truth is that contributors to all the open OSs can't really be vetted. Not in a meaningful way.

Indeed. However, the raw truth is that open source contributions can be vetted in a meaningful way.

Don't fool yourself into believing that there are no backdoors in closed-source software.

ofcourse they denied (0)

Anonymous Coward | more than 3 years ago | (#34562216)

It is not so hard to imagine that they are not allowed to say the truth.
For the same reason NSA had chosen new encryption standards (they should be hackable by them).

America is a police state, anything is related to security; for sure they have the privat keys of verisign and many others.
Or do you think that Stucnet worm was uniquely working with fake signed keys; the fact that smaller countries could create something like that.
Means the country with the most supercomputers, can easily crack root keys of any major signer.

take a blowfish

just another info leak between the spam; ... can you read it yahoo

Backdoor? But it's open-source! (-1)

Anonymous Coward | more than 3 years ago | (#34562234)

You people keep preaching that with open-source, bugs will get fixed immediately, backdoors are impossible, etc...

And yet here we are, with backdoors that have been there for the LAST DECADE.

Explain yourselves.

Re:Backdoor? But it's open-source! (1)

ledow (319597) | more than 3 years ago | (#34562328)

What backdoor? Nobody has found ANYTHING yet. They just have a rumour, duly propogated onwards because of its *potential* security applications, that someone may have once been paid to do such a thing. Doesn't mean it's true, that they succeeded, or that it hasn't been removed since.

It's impossible to prove something *isn't* there, of course, but it would be a cinch to prove it *was*. Nobody has yet stepped forward with anything even approaching a slight vulnerability in their IPSec implementation that isn't well documented and patched already (or even suspected of being planted maliciously). That's the beauty of OS - we can go back and check and see and hold people accountable, and YOU can take a look if you don't believe us, or think we're in league with the FBI. There's absolutely *nothing* to stop you. Now go ask about proprietry software vendors and *their* relationships with the FBI and see how many answers you get.

And I don't even care about BSD - I've only ever used it once, and Linux has a *completely* independent IPSec implementation made by completely separate people. If it's a concern for you, audit the code, or pay someone to do it. Chances are you'll never be *allowed* to audit similar code from, say, Microsoft and certainly not allowed to publish your findings if you *did* find a backdoor in it. In the OS world, though, we publish even potential RUMOURS of a possible hole, so that you can be the judge and not anyone else.

Smells like FUD to me (1)

ilovecheese (301274) | more than 3 years ago | (#34562294)

What really gets me, is this is all open sourced code. This means that a code audit would find this so-called back door, yes? I seriously doubt this so-called claim.

Re:Smells like FUD to me (5, Insightful)

TheRaven64 (641858) | more than 3 years ago | (#34562574)

This means that a code audit would find this so-called back door, yes?

Nope. OpenBSD is audited, but the auditors are human (well, some aren't, but they can only spot categories of bug that are well documented). The code is not formally, mathematically verified (doing so for nontrivial C code is basically impossible), so there's always the possibility of a bug and, as the OpenBSD team says, the only difference between a bug and a vulnerability is the intelligence of the attacker.

Regular code audits increase the probability that a backdoor would be found, but they don't guarantee it. That's why this is such effective FUD: it's basically impossible to prove that it's not true.

Unlikely... (1)

JustNiz (692889) | more than 3 years ago | (#34562336)

It seems unlikely that someone could hide one or more backdoors in such a ubiquitous piece of code without _anyone_ else ever spotting it.

It also seems unlikely because Perry didn't share actual technical details of the backdoor(s) so their existence can be proven. Surely when making such a radical claim its just human nature to also justify it with all the evidence you have.

Is (was) the FBI ever working w/ OpenBSD -AT ALL-? (1)

clone52431 (1805862) | more than 3 years ago | (#34562404)

If so, where’s this NDA that Theo claims just expired? Surely he didn’t run it through the shredder already.

Re:Is (was) the FBI ever working w/ OpenBSD -AT AL (1)

clone52431 (1805862) | more than 3 years ago | (#34562448)

Correction, Gregory Perry claimed to have an NDA with the FBI. Theo was just the messenger. Damn, this is confusing...

This is why I only use windows. (2, Funny)

Anonymous Coward | more than 3 years ago | (#34562526)

I only use OSes I can trust!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...