Forgot your password?
typodupeerror
Government Security BSD

BSD Coder Denies Adding FBI Backdoor 239

Posted by CmdrTaco
from the not-gonna-quote-the-doors dept.
jfruhlinger writes "Theo de Raadt has made the shocking claim that OpenBSD includes a backdoor that the FBI paid coders to build. Brian Proffitt has tracked down one of the programmers named as being on the FBI payroll (actually, he tracked down two programmers with the same name). Both deny working with the FBI."
This discussion has been archived. No new comments can be posted.

BSD Coder Denies Adding FBI Backdoor

Comments Filter:
  • Re:Oh come on (Score:5, Insightful)

    by TheRaven64 (641858) on Wednesday December 15, 2010 @12:05PM (#34561568) Journal
    The difference is that the original story is posted by kdawson, so no registered users will see it, because we've all blocked him from the front page. This one is posted by Taco, so we'll see it.
  • Re:Please correct. (Score:3, Insightful)

    by skids (119237) on Wednesday December 15, 2010 @12:16PM (#34561754) Homepage

    I would go on a rant about how anyone who wants to post main stories should really be forced to attend at least a half-day seminar on basic journalistic essentials.

    But considering how an entire degree in journalism does not seem to have helped the professional media....

  • Well it might (Score:5, Insightful)

    by Sycraft-fu (314770) on Wednesday December 15, 2010 @12:20PM (#34561848)

    The normal length for classified material is 50 years. That isn't to say it can't last longer or be declassified earlier, but 50 years is the normal NDA length. Why would this be any different? In particular there was the implication that they'd been heavily pushing it because of the backdoor. Ok but they had to know that the NDA was about to expire and thus the jig would be up and it would be, if anything, harmful.

    Makes no sense. I am not buying this in the slightest without some proof. Some guy claiming something in an e-mail isn't proof, that is Internet nuttery as normal.

  • What the hell? (Score:5, Insightful)

    by mysidia (191772) on Wednesday December 15, 2010 @12:28PM (#34561978)

    There was never any OpenBSD contributor named Scott Lowe. Did anyone actually bother to read the source material or check facts, before claiming as such?

    The finger was being pointed at Scott Lowe FOR HIS Virtualization BLOG, which are merely articles that discuss the use of OpenBSD.

    The mailing list author, was making a totally reckless claim with no proof shown that He was advocating OpenBSD for the benefit of the FBI which is downright ludicrous attention whoring attempt on the part of someone reposting that claim without corroboration.

    A mailing list posting by one person is not a credible source to be taken at face value. Information needs to be corroborated. Posting some random person's vague accusations as front page news borders on gross negligence.

  • Re:Please correct. (Score:5, Insightful)

    by John Hasler (414242) on Wednesday December 15, 2010 @12:31PM (#34562012) Homepage

    It isn't totally your fault. It is also the fault of the Slashdot editor who didn't bother to read the article.

  • Re:Please correct. (Score:5, Insightful)

    by tenchikaibyaku (1847212) on Wednesday December 15, 2010 @12:35PM (#34562068)
    Even if there's no truth whatsoever behind the initial claim, I suspect we'll be seeing this pop up in various more and less accurate forms for several years to come.
  • by 7x7 (665946) on Wednesday December 15, 2010 @12:35PM (#34562078)
    Someone sent an email to Theo making the claim. Theo put it on the internet. Now it's true.
  • Re:Oh come on (Score:4, Insightful)

    by ledow (319597) on Wednesday December 15, 2010 @12:56PM (#34562440) Homepage

    Funnily, that's exactly what happened to me - I wondered what people were talking about when they said it was a dupe. This is the only website I've ever had to block a submitter on, and kdawson the ONLY author I've ever had to block on any website because every submission I read from them annoyed me or was blatantly complete bollocks.

  • by TheRaven64 (641858) on Wednesday December 15, 2010 @01:05PM (#34562574) Journal

    This means that a code audit would find this so-called back door, yes?

    Nope. OpenBSD is audited, but the auditors are human (well, some aren't, but they can only spot categories of bug that are well documented). The code is not formally, mathematically verified (doing so for nontrivial C code is basically impossible), so there's always the possibility of a bug and, as the OpenBSD team says, the only difference between a bug and a vulnerability is the intelligence of the attacker.

    Regular code audits increase the probability that a backdoor would be found, but they don't guarantee it. That's why this is such effective FUD: it's basically impossible to prove that it's not true.

Passwords are implemented as a result of insecurity.

Working...