BSD Coder Denies Adding FBI Backdoor

jfruhlinger writes "Theo de Raadt has made the shocking claim that OpenBSD includes a backdoor that the FBI paid coders to build. Brian Proffitt has tracked down one of the programmers named as being on the FBI payroll (actually, he tracked down two programmers with the same name). Both deny working with the FBI."

Re:Oh come on

[TheRaven64]

The difference is that the original story is posted by kdawson, so no registered users will see it, because we've all blocked him from the front page. This one is posted by Taco, so we'll see it.

Re:Please correct.

[skids]

I would go on a rant about how anyone who wants to post main stories should really be forced to attend at least a half-day seminar on basic journalistic essentials.

But considering how an entire degree in journalism does not seem to have helped the professional media....

Well it might

[Sycraft-fu]

The normal length for classified material is 50 years. That isn't to say it can't last longer or be declassified earlier, but 50 years is the normal NDA length. Why would this be any different? In particular there was the implication that they'd been heavily pushing it because of the backdoor. Ok but they had to know that the NDA was about to expire and thus the jig would be up and it would be, if anything, harmful.

Makes no sense. I am not buying this in the slightest without some proof. Some guy claiming something in an e-mail isn't proof, that is Internet nuttery as normal.

What the hell?

[mysidia]

There was never any OpenBSD contributor named Scott Lowe. Did anyone actually bother to read the source material or check facts, before claiming as such?

The finger was being pointed at Scott Lowe FOR HIS Virtualization BLOG, which are merely articles that discuss the use of OpenBSD.

The mailing list author, was making a totally reckless claim with no proof shown that He was advocating OpenBSD for the benefit of the FBI which is downright ludicrous attention whoring attempt on the part of someone reposting that claim without corroboration.

A mailing list posting by one person is not a credible source to be taken at face value. Information needs to be corroborated. Posting some random person's vague accusations as front page news borders on gross negligence.

Re:Please correct.

[John Hasler]

It isn't totally your fault. It is also the fault of the Slashdot editor who didn't bother to read the article.

Re:Please correct.

[tenchikaibyaku]

Even if there's no truth whatsoever behind the initial claim, I suspect we'll be seeing this pop up in various more and less accurate forms for several years to come.

Theo didn't make the claim

[7x7]

Someone sent an email to Theo making the claim. Theo put it on the internet. Now it's true.

Re:Oh come on

[ledow]

Funnily, that's exactly what happened to me - I wondered what people were talking about when they said it was a dupe. This is the only website I've ever had to block a submitter on, and kdawson the ONLY author I've ever had to block on any website because every submission I read from them annoyed me or was blatantly complete bollocks.

Re:Smells like FUD to me

[TheRaven64]

This means that a code audit would find this so-called back door, yes?

Nope. OpenBSD is audited, but the auditors are human (well, some aren't, but they can only spot categories of bug that are well documented). The code is not formally, mathematically verified (doing so for nontrivial C code is basically impossible), so there's always the possibility of a bug and, as the OpenBSD team says, the only difference between a bug and a vulnerability is the intelligence of the attacker.

Regular code audits increase the probability that a backdoor would be found, but they don't guarantee it. That's why this is such effective FUD: it's basically impossible to prove that it's not true.