Language Selection

English French German Italian Portuguese Spanish

Developer defends claims of backdoors in OpenBSD

Filed under
Security
BSD

The former OpenBSD developer who has caused a stir by claiming that the FBI had, through certain other OpenBSD developers, planted backdoors in its cryptographic code, says he raised the matter only to encourage a source code audit of the OpenBSD project.

Gregory Perry made the claim in an email to OpenBSD founder Theo de Raadt who posted the mail along with his comments to the openbsd-tech mailing list.

Perry, chief executive of a company named GoVirtual, told iTWire: "I have absolutely, positively nothing to gain from making those statements to Theo, and only did so to encourage a source code audit of the OpenBSD Project based upon the expiry of my NDA with the FBI. Being in any limelight is not my bag at all."

An audit of the cryptographic code has commenced and de Raadt told iTWire yesterday that two bugs had been found.

Perry said he had sent a private email to de Raadt, urging him to perform a source code audit of the OpenBSD Project based upon the allegations contained within the mail.

rest here




More in Tux Machines

Security: Updates, Reproducible Builds and Windows 'Fun'

  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #164
  • PyRoMineIoT cryptojacker uses NSA exploit to spread
    Larry Trowell, principal consultant with Synopsys Software Integrity Group, said the government shares some of the blame for the NSA exploit. "It's in every country's interest to develop systems enabling offensive and defensive strategies to protect individuals and national services," Trowell wrote via email. "There is no fault in that. If the NSA does have some blame to share in this situation, it is for allowing secrets to be exfiltrated -- not in developing them." Jett said although the NSA exploit was stolen, "they didn't create the vulnerabilities that allow for the malware to exploit devices." "As such, you can't hold them responsible for the malware that has emerged from the EternalRomance exploit. Vendors whose products are vulnerable to EternalRomance are responsible for resolving the exploit problem," Jett wrote. "Additionally, it has been more than a year since the NSA exploits were released, and vendors have created patches. It becomes incumbent on the users to make sure they are properly patching their software and reducing the threat surface for these exploits."
  • Can Hackers Crack the Ivory Towers?
    While both researchers agreed that their colleagues would gain from incorporating hackers' discoveries into their own work, they diverged when diagnosing the source of the gulf between the two camps and, to a degree, even on the extent of the rift.
  • 6-Year-Old Malware Injects Ads, Takes Screenshots On Windows 10
    A sneaky and persistent malware has surfaced which spams Windows 10 PCs with ads and takes screenshots to eventually send it to the attackers. Security researchers at Bitdefender found this malware named Zacinlo which first appeared in 2012. About 90% of Zacinlo’s victims are from the US running Microsoft Windows 10. There are other victims too from Western Europe, China, and India with a small fraction running Windows 7 or 8.

25th Anniversary for FreeBSD

  • 25th Anniversary for FreeBSD
    On June 19, 1993 the name FreeBSD was officially agreed on and has been used ever since. Find out more about how to celebrate this important day with us.
  • June 19 Has Been Declared National FreeBSD Day, Happy 25th Anniversary FreeBSD!
    The FreeBSD Foundation is pleased to announce today that June 19 has been declared National FreeBSD Day to celebrate the project's official name 25th anniversary. Exactly 25 years ago on this day, on June 19, 1993, David Greenman sent an email to one of the mailing lists available at that point in time to suggest "FreeBSD" as the name for the Unix-like operating system used by billions of people all over the world, which continues to have a positive impact on us every single day.

Android Leftovers

SparkyLinux 5.4 GameOver, Multimedia, and Rescue Special Editions Are Out Now

Released last week on June 11, 2018, the SparkyLinux 5.4 "Nibiru" rolling release operating system was available only as LXQt, MinimalGUI, and MinimalCLI editions. Today, the project launches three more editions, namely GameOver, Multimedia, and Rescue. "New live/install ISO images of special editions of SparkyLinux 5.4 "Nibiru": GameOver, Multimedia & Rescue are out. Sparky 5 follows the rolling release model and is based on Debian testing branch "Buster"," reads today's announcement. Read more