Slashdot Mirror


BSD Coder Denies Adding FBI Backdoor

jfruhlinger writes "Theo de Raadt has made the shocking claim that OpenBSD includes a backdoor that the FBI paid coders to build. Brian Proffitt has tracked down one of the programmers named as being on the FBI payroll (actually, he tracked down two programmers with the same name). Both deny working with the FBI."

3 of 239 comments (clear)

  1. What the hell? by mysidia · · Score: 5, Insightful

    There was never any OpenBSD contributor named Scott Lowe. Did anyone actually bother to read the source material or check facts, before claiming as such?

    The finger was being pointed at Scott Lowe FOR HIS Virtualization BLOG, which are merely articles that discuss the use of OpenBSD.

    The mailing list author, was making a totally reckless claim with no proof shown that He was advocating OpenBSD for the benefit of the FBI which is downright ludicrous attention whoring attempt on the part of someone reposting that claim without corroboration.

    A mailing list posting by one person is not a credible source to be taken at face value. Information needs to be corroborated. Posting some random person's vague accusations as front page news borders on gross negligence.

  2. Re:Please correct. by John+Hasler · · Score: 5, Insightful

    It isn't totally your fault. It is also the fault of the Slashdot editor who didn't bother to read the article.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:Smells like FUD to me by TheRaven64 · · Score: 5, Insightful

    This means that a code audit would find this so-called back door, yes?

    Nope. OpenBSD is audited, but the auditors are human (well, some aren't, but they can only spot categories of bug that are well documented). The code is not formally, mathematically verified (doing so for nontrivial C code is basically impossible), so there's always the possibility of a bug and, as the OpenBSD team says, the only difference between a bug and a vulnerability is the intelligence of the attacker.

    Regular code audits increase the probability that a backdoor would be found, but they don't guarantee it. That's why this is such effective FUD: it's basically impossible to prove that it's not true.

    --
    I am TheRaven on Soylent News