Is Any OS Really Secure?

[TaZMAniac]

A former NETSEC CTO alleges that the FBI paid developers and companies to plant backdoors into the IPSEC stack of OpenBSD 10 years ago!

FBI accused of planting backdoor in OpenBSD IPSEC stack

If these allegations are true, it puts the OpenBSD in a bad position as they have claimed for many years that their OS is very secure and the code has been audited for any security flaws.

It also makes one think about the OS they are using.
Is it really secure or has the government placed backdoors in the flavor you are using?
This is a very troubling story and if it is found to be true, it will have many developers and code writers scurrying to get hold of the source code of their favorite flavor of Linux and pour through piles of code looking for these backdoors.

Windows and Mac users are out of luck as the source code for these OS's are not available to scrutiny. Besides it has been said for many years that Windows is backdoor'ed by the government.

[rokytnji]

Windows and Mac users are out of luck

I guess money can't buy you everything.

[rcgreen]

Back door - Define Back door at WordIQ Online Dictionary

ACM Classic: Reflections on Trusting Trust

[elija]

A former NETSEC CTO alleges that the FBI paid developers and companies to plant backdoors into the IPSEC stack of OpenBSD 10 years ago!

FBI accused of planting backdoor in OpenBSD IPSEC stack

If these allegations are true, it puts the OpenBSD in a bad position as they have claimed for many years that their OS is very secure and the code has been audited for any security flaws.

It also makes one think about the OS they are using.
Is it really secure or has the government placed backdoors in the flavor you are using?
This is a very troubling story and if it is found to be true, it will have many developers and code writers scurrying to get hold of the source code of their favorite flavor of Linux and pour through piles of code looking for these backdoors.

Windows and Mac users are out of luck as the source code for these OS's are not available to scrutiny. Besides it has been said for many years that Windows is backdoor'ed by the government.

The only way, at the moment, to be secure on line is to only go online in a VM which is running in a VM. Breaking out of the first VM and attacking the host is trivial. Breaking out of the second one is much much harder to the point where I don't think it's been done. Yet!

Live CD's are typically easy to compromise but obviously they are OK again when you reboot. Unless you store persistent data somewhere

This is according to a security consultant friend of mine

I think the only way to be truly secure is to not be networked in any way and to allow no-one else to use your machine.

[markcole]

A former NETSEC CTO alleges that the FBI paid developers and companies to plant backdoors into the IPSEC stack of OpenBSD 10 years ago!

FBI accused of planting backdoor in OpenBSD IPSEC stack

If these allegations are true, it puts the OpenBSD in a bad position as they have claimed for many years that their OS is very secure and the code has been audited for any security flaws.

It also makes one think about the OS they are using.
Is it really secure or has the government placed backdoors in the flavor you are using?
This is a very troubling story and if it is found to be true, it will have many developers and code writers scurrying to get hold of the source code of their favorite flavor of Linux and pour through piles of code looking for these backdoors.

Windows and Mac users are out of luck as the source code for these OS's are not available to scrutiny. Besides it has been said for many years that Windows is backdoor'ed by the government.

I don't know about Apple, but Microsoft has been giving governments (domestic and foreign) a copy of their source for years.

Frequently asked questions (FAQ): About Microsoft programs for government agencies and organizations

[rcgreen]

I don't know about Apple, but Microsoft has been giving governments (domestic and foreign) a copy of their source for years.

Maybe Wikileaks will publish it.

[MASONTX]

Maybe Microsoft protects its secrets better than the government.

[Jonathan183]

It also makes one think about the OS they are using.
Is it really secure or has the government placed backdoors in the flavor you are using?
This is a very troubling story and if it is found to be true, it will have many developers and code writers scurrying to get hold of the source code of their favorite flavor of Linux and pour through piles of code looking for these backdoors.

ACM Classic: Reflections on Trusting Trust

The only way, at the moment, to be secure on line is to only go online in a VM which is running in a VM. Breaking out of the first VM and attacking the host is trivial. Breaking out of the second one is much much harder to the point where I don't think it's been done. Yet!

This is all worrying stuff ... at least with open source it will be more difficult to hide.

[Manko10]

One smart guy has once said: “If you need your data to be secure, put them into a thick-walled safe and and drop it at an unknown position into the ocean.”

No operating system is really safe, everything can be compromised. The FBI might have built a backdoor into IPSec, but that doesn't mean that OpenBSD is completely insecure. It might still be more secure than many other operating systems. Also Linux could have some backdoors, some cryptographic systems like AES-256 are said to have backdoors, Windows might have backdoors. Nothing is 100% secure. The main problem is that you can prove that there is a hole if you've found it, but you can't make sure that there is no backdoor. Just because you haven't found any, it doesn't meant that there is none.

But you shouldn't worry about that too much, because even if a system would be completely secure, it could still be compromised as soon as it's used. The greatest security risks is always PEBKAC.

[ryokimball]

lol plus if the FBI are the only ones with access to these backdoors, you probably still gotta be in some sort of trouble to begin with in order to get them to use it.