Language Selection

English French German Italian Portuguese Spanish

Backdoors in OpenBSD? Reply hazy, try again

Filed under
Security
BSD

The fallout from last month's allegations that the Federal Bureau of Investigations attempted to deploy backdoors in the OpenBSD operating system are continuing to echo through developer circles, as more potential clues are unearthed. But if anything, these clues tend to muddy the answer to the key question: did the US government employ contractors to insert deliberate security holes into OpenBSD?

Former FBI cyber-crime agent E.J. Hilbert added fuel to the fire due to a Dec. 14 tweet that stated, "I was one of the few FBI cyber agents when the coding supposedly happened. Experiment yes. Success No." However, Hilbert's original meaning of the quote was initially taken as confirmation that Perry's allegations had merit. In subsequent tweets, Hilbert clarified that he was referring to the FBI's own security audits of code they were planning to deploy, a point on which he elaborated within a Dec. 15 article on ThreatPost:

rest here




More in Tux Machines

Programming/Development: fwupd, LLVM and More

  • CSR devices now supported in fwupd
    The BlueCore CSR chips are used everywhere. If you have a “wireless” speaker or headphones that uses Bluetooth there is a high probability that it’s using a CSR chip inside. This makes the addition of CSR support into fwupd a big deal to access a lot of vendors. It’s a lot easier to say “just upload firmware” rather than “you have to write code” so I think it’s useful to have done this work.
  • Skylake Server Scheduler Model Updated In LLVM 6.0 Along With Other Intel CPU Updates
  • Most Software Code Will Be Written By Machines By 2040, Researchers Predict
    Imagine a scenario where a programmer needs to follow a couple of tried and tested procedures to write code that becomes a part of a bigger program that needs some insightful contribution from another programmer. So, is the first programmer really needed? Can’t we find a robotic replacement for the same? In the past, GitHub CEO had already made a prediction which says that future of coding is no coding at all. A similar speculation has been made by the researchers at the Oak Ridge National Laboratory, Tennessee, who have said that machines will write most of their own code by 2040.
  • Hazelcast joins Eclipse, JCache is key focal point
    Open source In-Memory Data Grid (IMDG) company Hazelcast has joined the Eclipse Foundation – and it has done so for a reason. Hazelcast’s primary focus will be on JCache the Eclipse MicroProfile and EE4J. In particular, Hazelcast will be collaborating with members to popularize JCache, a Java Specification Request (JSR-107). So what place does JCache fill in the universe then?

Software: Darktable, VLC, Mesa, Audacity, Toplip, GNUstep

  • Darktable 2.4-RC1 Rolls Out With Windows Support, OpenCL Improvements
    The open-source Darktable RAW photography software that's long been available for Linux and macOS has finally been ported to Microsoft Windows. But fortunately that's not all to be found in Darktable 2.4. While Windows support is their big headline feature of Darktable 2.4, the RC1 release that came out today is also packed with other improvements.
  • Linux Release Roundup: VLC, Mesa, Audacity + More
    Another week has flown by, making it time for another round-up of pertinent Linux app releases that didn’t manage to wangle a full post’s worth of waffle on this site. This week’s crop of curios includes updates to the world’s most popular open-source video player, the world’s most popular open-source audio editor, and the world’s most popular open-source graphics drivers.
  • Toplip – A Very Strong File Encryption And Decryption CLI Utility
    There are numerous file encryption tools available on the market to protect your files. We have already reviewed some encryption tools such as Cryptomater, Cryptkeeper, CryptGo, Cryptr, Tomb, and GnuPG etc. Today, we will be discussing yet another file encryption and decryption command line utility named “Toplip”. It is a free and open source encryption utility that uses a very strong encryption method called AES256, along with an XTS-AES design to safeguard your confidential data. Also, it uses Scrypt, a password-based key derivation function, to protect your passphrases against brute-force attacks.
  • GNUstep Takes Another Step Forward For Implementing Apple's Cocoa Frameworks
    GNUstep is the long-standing free software project working to implement Apple's Cocoa Objective-C frameworks used by macOS. The GNU project has made new releases of their GUI and Back libraries. GNUstep GUI 0.26 is out this morning as the latest update to their graphical user-interface library. GNUstep GUI 0.26 has a number of compatibility improvements, translation updates, mouse tracking logic improvements, bug fixes, and other work.

today's howtos

Fedora and Red Hat News