As Theo says DeRaadt OpenBSD in the list, someone has warned of the possibility that the IPSEC stack code of this operating system has rear doors for courtesy of the U.S. Government. I have to say that Theo DeRaadt is a person who has my confidence and when he says things so serious, must have strong grounds for it, especially if we consider the high involvement Theo in the OpenBSD project ...
Everything has begun with a disturbing email you received from Gregory Perry, a personperson who was involved in the development of OpenBSD and had long had no contact with Theo. Perry claims that it has expired the confidentiality agreement he had signed with the FBI, has warned that some developers of OpenBSD and the company he worked at the time, accepted money from the Government USA, between 2000 and 2001, to put backdoors in the IPSEC stack of OpenBSD, which incidentally, is a code that until now enjoyed a good reputation worldwide. The intent of these back doors was to be able to spy on virtual private networks (VPN) setieran with OpenBSD. in particular, were intended to "monitor" the encryption system used by the VPN EOUSA (Executive Office for United States Attorneys) " , which I must say is an official agency of the Department of Justice, which does not make much sense.
Keep in mind that from the moment it was available the first free version of the OpenBSD IPsec stack, much of this code has been used in many other projects and products and what Worse, over the years, the original code has also undergone amany changes and adaptations, so it is very difficult to estimate the extent and impact on the security that could have had this disturbing fact, if it ultimately turns out to be true.
Once Theo has documented this possibility, has taken the decision not to join a possible conspiracióny instead of arguing with Perry to get this ugly business by e-mail, has decided to go public in the development mailing list OpenBSD with the intention that:
(a) Those who use the code can be audited to find backdoors in it,
(b) that those who est & amp; eacute; n angered by this story, to take other actions,
(c) and that if not true, those who are unjustly accused, can be defended publicly.
Theo acknowledges that he does not like being forwarded by others their private emails, but feels that this is a much more ethical than a government paid by businesses and free software (which are a group of friends), to insert back doors with the intention of spying on people.
Now tell me, how come nobody has noticed this in 10 a & amp; about girls, and over, when it comes to free software?. Well, the truth is I have no answer to this interesting question, but now that it has opened a can of worms, to be free, no issues to audit carefully all of this code, which could not be done if proprietary software. Of course we can also say, if it is confirmed that back doors that open source is not audited and no real safety is a painted bench, but we must not forget that have noticed some attempts maliciously modify free and proprietary applications, but even free software can be easier to modify, alsoN is easier to audit and amend if necessary.
Since said Hugo Scolnik and Andrew Fernandez denounced , the existence of backdoors into proprietary software, was more than a mere suspicion. Some governments, aware of the enormous risk that could assume the existence of backdoors in the systems containing sensitive information, decided to take urgent action without waiting for further confirmation and sterile debates. But what made a good decision which opted for OpenBSD at that time?
One of the first countries decided to eliminate proprietary products of systems with sensitive information was Germany. This country, wisely and in record time, chose GNU / Linux alternative to systems related to national security. Other countries, around 2005, also expressed concern about the possibility that it could access the information contained in their governmental systems and some, like China, also took preventive measures.
But the most significant and surprising about thisstory is that even the U.S., aware of potential security problems of proprietary software, also decided to use open source systems in some of its sensitive systems and in particular those related to national defense.
Now, this interesting debate between proprietary security software and free returns to the spotlight nearly five years later, with new and interesting arguments for defending each of these opposing positions. UPDATED
24DIC10
Apparently, after looking at the code, say FUD or Fake, I'm glad a lot.
http://article.gmane.org/gmane.os.openbsd.tech/22727
" Copyleft 2010 Fernando Acero Martín. Verbatim copying, translation and distribution of this article is permitted in Entire Any digital medium, Provided this notice is preserved. Quotation is allowed. "
0 comments:
Post a Comment