Finally break its decade NDA enforced silence, former NETSEC CTO Gregory Perry revealed that the devs (allegedly) helped the plant "a number of backdoors" FBI's encryption OpenBSD.
Perry confirmed stolen door hacks in an e-mail to Theo de Raadt, OpenBSD project leader in the 1990s.
The email said: "I wanted to make you aware of the fact put FBI implemented a number of backdoors and side channel which leakage mechanisms in the FCO, for the express purpose of monitoring site VPN encryption system key to implemented by EOUSA, the parent organization to the FBI."
Continuing to talk about the year 2003 when Perry OpenBSD lost millions of dollars the US Defense Advanced Research Projects Agency (DARPA) develops new military technology grants.
"It is also probably the reason why you lost your DARPA funding, they most probably caught wind of the fact that these backdoors were present and that he would not only create derivative products based on the same."
Immediately after receiving the email, Theo de Raadt transmitted its content to everyone on the calling code audits OpenBSD mailing list to ensure safety.
In a declaration De Raadt said: "it is alleged that some developers-ex (and society, they worked for) accepted money from U.S. Government put the gates stolen our network stack."
He continued, "given that we had the first IPSEC stack available free of charge, large parts of the code are now found in many other projects/products." More than 10 years, IPSEC code went through many changes and fixes, so it is not known what the real impact of these allegations. »
It is true that technologists wonder if this email is legitimate or simply rubbish. Perry says have been steering technique for NETSEC ten years ago. NETSEC was apparently the deal closes professional services with the security architecture and engineering as well as a 24/7 Office of United States computer emergency response team.
Curiously, failed attempts to contact the site, and there is no formal evidence that Perry is Director technical enterprise.
TechNewsWorld contacted Chris Wysopal, co-founder and CTO of Veracode to get an idea where not an agency of the Government in fact put a door code back into open source code.
"There are a few things that way," said Wysopal. "Is that if the Government had a contract with an organization to implement a back door, which would be a secret government that expires after a certain period of time." If I can see how a NDA about it will expire. »
But Wysopal admits that it would be difficult to detect the backdoors if they exist.
"You need to make an in-depth analysis of line-by-line of the code and to seek different side effects which may have the code," explained the Wysopal. He added: "If you are not an expert in crypto, I don't think you'd find the backdoor by just browsing the code".
Rumours are that the Government has put door code stolen in algorithms encrypted in the past, adds validity to the claims of Perry.
Regardless of the question if it is true or not, Raadt hopes that the community will find no problem in the code, but intends to take no further action in court on this subject.
No comments:
Post a Comment