En busca del «backdoor» en OpenBSD.

Según el mensaje del líder del proyecto OpenBSD, el gobierno de los EEUU presionó a sus desarrolladores entre 2000 y 2001 para que incluyeran en este sistema una puerta trasera a partir de la cual pudieran colarse en este sistema operativo.

Una pena...

Theo de Raadt ha solicitado la ayuda de la comunidad para auditar este código y dejarlo limpito…. La verdad, si se descubre esto en un proyecto Open Source, qué no esconderán las soluciones cerradas de dos empresas tan yankis como Microsoft o Apple… con o sin presión de su gobierno. Miedo me da.

I have received a mail regarding the early development of the OpenBSD
IPSEC stack.  It is alleged that some ex-developers (and the company
they worked for) accepted US government money to put backdoors into
our network stack, in particular the IPSEC stack.  Around 2000-2001.

Since we had the first IPSEC stack available for free, large parts of
the code are now found in many other projects/products.  Over 10
years, the IPSEC code has gone through many changes and fixes, so it
is unclear what the true impact of these allegations are.

The mail came in privately from a person I have not talked to for
nearly 10 years.  I refuse to become part of such a conspiracy, and
will not be talking to Gregory Perry about this.  Therefore I am
making it public so that
    (a) those who use the code can audit it for these problems,
    (b) those that are angry at the story can take other actions,
    (c) if it is not true, those who are being accused can defend
         themselves.

Of course I don't like it when my private mail is forwarded.  However
the "little ethic" of a private mail being forwarded is much smaller
than the "big ethic" of government paying companies to pay open source
developers (a member of a community-of-friends) to insert
privacy-invading holes in software.

Más información en muylinux.

En Securitybydefault aprovechan el caso para hablarnos de las Backdoors más escandalosas.