Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14
A former NETSEC CTO alleges that the FBI paid developers and companies to plant backdoors into the IPSEC stack of OpenBSD 10 years ago! FBI accused of planting backdoor in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User TaZMAniac's Avatar
    Join Date
    Jan 2009
    Posts
    269

    Is Any OS Really Secure?


    A former NETSEC CTO alleges that the FBI paid developers and companies to plant backdoors into the IPSEC stack of OpenBSD 10 years ago!

    FBI accused of planting backdoor in OpenBSD IPSEC stack

    If these allegations are true, it puts the OpenBSD in a bad position as they have claimed for many years that their OS is very secure and the code has been audited for any security flaws.

    It also makes one think about the OS they are using.
    Is it really secure or has the government placed backdoors in the flavor you are using?
    This is a very troubling story and if it is found to be true, it will have many developers and code writers scurrying to get hold of the source code of their favorite flavor of Linux and pour through piles of code looking for these backdoors.

    Windows and Mac users are out of luck as the source code for these OS's are not available to scrutiny. Besides it has been said for many years that Windows is backdoor'ed by the government.

  2. #2
    Linux Guru rokytnji's Avatar
    Join Date
    Jul 2008
    Location
    Desert
    Posts
    4,010
    Windows and Mac users are out of luck
    I guess money can't buy you everything.
    Linux Registered User # 475019
    Lead,Follow, or get the heck out of the way. I Have a Masters in Raising Hell
    Tech Books
    Free Linux Books
    Newbie Guide
    Courses at Home

  3. #3

  4. #4
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,488
    Quote Originally Posted by TaZMAniac View Post
    A former NETSEC CTO alleges that the FBI paid developers and companies to plant backdoors into the IPSEC stack of OpenBSD 10 years ago!

    FBI accused of planting backdoor in OpenBSD IPSEC stack

    If these allegations are true, it puts the OpenBSD in a bad position as they have claimed for many years that their OS is very secure and the code has been audited for any security flaws.

    It also makes one think about the OS they are using.
    Is it really secure or has the government placed backdoors in the flavor you are using?
    This is a very troubling story and if it is found to be true, it will have many developers and code writers scurrying to get hold of the source code of their favorite flavor of Linux and pour through piles of code looking for these backdoors.

    Windows and Mac users are out of luck as the source code for these OS's are not available to scrutiny. Besides it has been said for many years that Windows is backdoor'ed by the government.
    The only way, at the moment, to be secure on line is to only go online in a VM which is running in a VM. Breaking out of the first VM and attacking the host is trivial. Breaking out of the second one is much much harder to the point where I don't think it's been done. Yet!

    Live CD's are typically easy to compromise but obviously they are OK again when you reboot. Unless you store persistent data somewhere

    This is according to a security consultant friend of mine

    I think the only way to be truly secure is to not be networked in any way and to allow no-one else to use your machine.
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    Conkybots: Interactive plugins for your Conkys!

  5. #5
    Linux Newbie
    Join Date
    Apr 2007
    Posts
    119
    Quote Originally Posted by TaZMAniac View Post
    A former NETSEC CTO alleges that the FBI paid developers and companies to plant backdoors into the IPSEC stack of OpenBSD 10 years ago!

    FBI accused of planting backdoor in OpenBSD IPSEC stack

    If these allegations are true, it puts the OpenBSD in a bad position as they have claimed for many years that their OS is very secure and the code has been audited for any security flaws.

    It also makes one think about the OS they are using.
    Is it really secure or has the government placed backdoors in the flavor you are using?
    This is a very troubling story and if it is found to be true, it will have many developers and code writers scurrying to get hold of the source code of their favorite flavor of Linux and pour through piles of code looking for these backdoors.

    Windows and Mac users are out of luck as the source code for these OS's are not available to scrutiny. Besides it has been said for many years that Windows is backdoor'ed by the government.
    I don't know about Apple, but Microsoft has been giving governments (domestic and foreign) a copy of their source for years.

    Frequently asked questions (FAQ): About Microsoft programs for government agencies and organizations

  6. #6
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    I don't know about Apple, but Microsoft has been giving governments (domestic and foreign) a copy of their source for years.
    Maybe Wikileaks will publish it.

  7. #7
    Linux Engineer MASONTX's Avatar
    Join Date
    May 2010
    Location
    Mason Texas
    Posts
    934
    Maybe Microsoft protects its secrets better than the government.
    Registered Linux user #526930

  8. #8
    Linux Guru Jonathan183's Avatar
    Join Date
    Oct 2007
    Posts
    3,042
    Quote Originally Posted by TaZMAniac View Post
    It also makes one think about the OS they are using.
    Is it really secure or has the government placed backdoors in the flavor you are using?
    This is a very troubling story and if it is found to be true, it will have many developers and code writers scurrying to get hold of the source code of their favorite flavor of Linux and pour through piles of code looking for these backdoors.
    Quote Originally Posted by rcgreen View Post
    Quote Originally Posted by elija View Post
    The only way, at the moment, to be secure on line is to only go online in a VM which is running in a VM. Breaking out of the first VM and attacking the host is trivial. Breaking out of the second one is much much harder to the point where I don't think it's been done. Yet!
    This is all worrying stuff ... at least with open source it will be more difficult to hide.

  9. #9
    Linux User Manko10's Avatar
    Join Date
    Sep 2010
    Posts
    250
    One smart guy has once said: “If you need your data to be secure, put them into a thick-walled safe and and drop it at an unknown position into the ocean.”

    No operating system is really safe, everything can be compromised. The FBI might have built a backdoor into IPSec, but that doesn't mean that OpenBSD is completely insecure. It might still be more secure than many other operating systems. Also Linux could have some backdoors, some cryptographic systems like AES-256 are said to have backdoors, Windows might have backdoors. Nothing is 100% secure. The main problem is that you can prove that there is a hole if you've found it, but you can't make sure that there is no backdoor. Just because you haven't found any, it doesn't meant that there is none.

    But you shouldn't worry about that too much, because even if a system would be completely secure, it could still be compromised as soon as it's used. The greatest security risks is always PEBKAC.
    Refining Linux Advent calendar: 24 Outstanding ZSH Gems

  10. #10
    Linux Newbie
    Join Date
    Jul 2007
    Location
    Here. There. Anywhere.
    Posts
    157
    lol plus if the FBI are the only ones with access to these backdoors, you probably still gotta be in some sort of trouble to begin with in order to get them to use it.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •