FBI contractor admits that there are backdoors in OpenBSD ipsec (cryptography) | |
Anonymous Coward User ID: 1195488 United States 12/14/2010 08:33 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1195191 Poland 12/14/2010 08:37 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 11954882. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. When they are found. These programmers that have turned to the dark side are highly skilled .... and without conscience. |
Anonymous Coward User ID: 1168303 Ireland 12/14/2010 08:39 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1195436 United States 12/14/2010 08:40 PM Report Abusive Post Report Copyright Violation | |
smart guy User ID: 1195531 United States 12/14/2010 08:48 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 1195488indeed. i personally examined 5 linux distributions this afternoon and found no problems. my mom found a couple flaws in sp3 for xp. |
Anonymous Coward User ID: 930120 United Kingdom 12/14/2010 08:56 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 930120 United Kingdom 12/14/2010 09:10 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 11954882. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. True but cryptography mechanisms take years to develop and are inherently obfuscated. I imagine it is feasible to add a back door with enough effort. It would probably only take an obscure rouge variable strategically placed here and there in the calculations and the whole system could be covertly compromised and no one would be any the wiser. |
Anonymous Coward User ID: 1168303 Ireland 12/14/2010 09:11 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1195191 Poland 12/14/2010 09:17 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: smart guy 1195531indeed. i personally examined 5 linux distributions this afternoon and found no problems. my mom found a couple flaws in sp3 for xp. So .... who the fuck are you? The real deal or a fedgov shill? |
Anonymous Coward User ID: 1181066 United States 12/14/2010 09:22 PM Report Abusive Post Report Copyright Violation | Well, it's official. We are screwed and don't think for a second that OpenSSL, OpenSSH, Linux, Windows and friends don't have any back doors. Quoting: Anonymous Coward 1090353From: Gregory Perry <[email protected]> To: "[email protected]" <[email protected]> Subject: OpenBSD Crypto Framework Thread-Topic: OpenBSD Crypto Framework Thread-Index: AcuZjuF6cT4gcSmqQv+Fo3/+2m80eg== Date: Sat, 11 Dec 2010 23:55:25 +0000 Message-ID: <[email protected]021.domain.local> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Status: RO Hello Theo, Long time no talk. If you will recall, a while back I was the CTO at NETSEC and arranged funding and donations for the OpenBSD Crypto Framework. At that same time I also did some consulting for the FBI, for their GSA Technical Support Center, which was a cryptologic reverse engineering project aimed at backdooring and implementing key escrow mechanisms for smart card and other hardware-based computing technologies. My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC. This is also probably the reason why you lost your DARPA funding, they more than likely caught wind of the fact that those backdoors were present and didn't want to create any derivative products based upon the same. This is also why several inside FBI folks have been recently advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments, for example Scott Lowe is a well respected author in virtualization circles who also happens top be on the FBI payroll, and who has also recently published several tutorials for the use of OpenBSD VMs in enterprise VMware vSphere deployments. Merry Christmas... Gregory Perry Chief Executive Officer GoVirtual Education "VMware Training Products & Services" 540-645-6955 x111 (local) 866-354-7369 x111 (toll free) 540-931-9099 (mobile) 877-648-0555 (fax) Make no mistake, this means that we are being watched, and that there are no secure communications. Where did this come from? Are you Greg? |
Anonymous Coward User ID: 1169494 United States 12/14/2010 09:22 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1145117 United States 12/14/2010 09:37 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 737901 Israel 12/14/2010 09:39 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 11954882. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. Exactly its open source we have the source code lol ffs how stupid is this. |
Dr. Woo User ID: 1145117 United States 12/14/2010 09:39 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: smart guy 1195531indeed. i personally examined 5 linux distributions this afternoon and found no problems. my mom found a couple flaws in sp3 for xp. Yeah right. It takes me that long to get the shrink wrap off the package..... |
Anonymous Coward User ID: 997697 United States 12/14/2010 09:42 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1118750 United Kingdom 12/14/2010 09:42 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 7379012. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. Exactly its open source we have the source code lol ffs how stupid is this. Read the comments, get a clue [link to bsd.slashdot.org] |
Me Again User ID: 1145117 United States 12/14/2010 09:43 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 7379012. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. Exactly its open source we have the source code lol ffs how stupid is this. Oh I agree. The Spooks would NEVER try anything fishy. |
Anonymous Coward User ID: 1192242 United States 12/14/2010 09:44 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 737901 Israel 12/14/2010 09:44 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Me Again 11451172. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. Exactly its open source we have the source code lol ffs how stupid is this. Oh I agree. The Spooks would NEVER try anything fishy. They can try it but not with the actual OS because everyone would see what they did as it has the source code. But they can no doubt get you at the network level anyway. |
Anonymous Coward User ID: 1168303 Ireland 12/14/2010 09:45 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 997697 United States 12/14/2010 09:51 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 997697 United States 12/14/2010 09:53 PM Report Abusive Post Report Copyright Violation | they just trap everything coming out, filter it, decrypt it, and save it. Kind of like here lol. Quoting: Anonymous Coward 1168303And do what with it? Run it thru traps for keywords. Lol, I don't BS you, it exist and is used extensibly worldwide. It's my understanding the extra server filter never slows the traffic down. Just creates an extra hop. |
Anonymous Coward User ID: 997697 United States 12/14/2010 09:54 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 7379012. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. Exactly its open source we have the source code lol ffs how stupid is this. Oh I agree. The Spooks would NEVER try anything fishy. They can try it but not with the actual OS because everyone would see what they did as it has the source code. But they can no doubt get you at the network level anyway. Bingo |
Anonymous Coward User ID: 1168303 Ireland 12/14/2010 09:55 PM Report Abusive Post Report Copyright Violation | they just trap everything coming out, filter it, decrypt it, and save it. Kind of like here lol. Quoting: Anonymous Coward 997697And do what with it? Run it thru traps for keywords. Lol, I don't BS you, it exist and is used extensibly worldwide. It's my understanding the extra server filter never slows the traffic down. Just creates an extra hop. |
Anonymous Coward User ID: 930120 United Kingdom 12/14/2010 09:56 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 11187502. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. Exactly its open source we have the source code lol ffs how stupid is this. Read the comments, get a clue [link to bsd.slashdot.org] Thanks for the link. A comment from that article: It isn't necessarily obvious. Quoting: [email protected]Basically, the idea is that bits of the key leak. And how is this accomplished? For example - if a key bit is 0, you take one code path, if 1, another. Make the two paths different lengths. It may be possible to affect packet timing. Or... A function may end with "x - y" and then return "z". No leak? Not so clear, the carry/borrow may be leaking information to the caller (on x86 style hardware). Anyway, it probably isn't a "back door", just some means of determining enough key bits to make brute force practical is enough. And this sort of thing can be subtle. It can even be based on the machine code generated for certain sequences by a particular compiler (the "x-y; return z" sequence above, for example). This is basically the thing I had in mind when I made my first comment on the feasibility of compromising open source software. |
Anonymous Coward User ID: 776713 United States 12/14/2010 09:58 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 9976972. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. Exactly its open source we have the source code lol ffs how stupid is this. Oh I agree. The Spooks would NEVER try anything fishy. They can try it but not with the actual OS because everyone would see what they did as it has the source code. But they can no doubt get you at the network level anyway. Bingo Every major hub is "compromised" by NSA activities. |
Anonymous Coward User ID: 1194883 Puerto Rico 12/14/2010 09:59 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 776713 United States 12/14/2010 10:00 PM Report Abusive Post Report Copyright Violation | they just trap everything coming out, filter it, decrypt it, and save it. Kind of like here lol. Quoting: Anonymous Coward 1168303And do what with it? Run it thru traps for keywords. Lol, I don't BS you, it exist and is used extensibly worldwide. It's my understanding the extra server filter never slows the traffic down. Just creates an extra hop. Not even an extra hop. Its all duplicated in real time one copy continues on its way, the other gets analyzed. |
Anonymous Coward User ID: 737901 Israel 12/14/2010 10:03 PM Report Abusive Post Report Copyright Violation | 1. With open source software, backdoors are found and fixed. Quoting: Anonymous Coward 7767132. Back doors doesnt necessarily have anything to do with whether or not end user communication is secure or not. Exactly its open source we have the source code lol ffs how stupid is this. Oh I agree. The Spooks would NEVER try anything fishy. They can try it but not with the actual OS because everyone would see what they did as it has the source code. But they can no doubt get you at the network level anyway. Bingo Every major hub is "compromised" by NSA activities. Yep it is I know this even the onion router is not secure in this way but, the NSA generally don't care or deal with petty things. In fact they wont even provide assistance to the FBI in murder investigations for serial killers. |
Anonymous Coward User ID: 997697 United States 12/14/2010 10:05 PM Report Abusive Post Report Copyright Violation | Lol don't be freaked. Code gets run on almost all the sites. I had a forum buddy show me some nice stuff awhile back, inserts in a OP post (thread starter) and logs every IP/response on the thread. No such thing as anonymity lol. |