[kwlug-disc] openbsd backdoored by FBI
unsolicited
unsolicited at swiz.ca
Thu Dec 16 18:52:53 EST 2010
Insurance Squared Inc. wrote, On 12/16/2010 4:20 PM:
> Isn't OpenBSD opensource? How can someone backdoor OSS?
The same way standards, aren't. Especially de facto ones.
Open source means many eyeballs can look at the source. Doesn't mean
they do.
Just because something's open source doesn't mean that source is good
source. Just because it's on sourceforge ... well, it actually doesn't
mean much of anything other than it's on sourceforge. No guarantee of
anything.
Think back to the openssl issue (last year?). Where they didn't detect
a vulnerability for years. In that case, I suspect accident, not
deliberate sabotage. But the principle is the same.
Granted - the more widely used the source, the less likely <bad stuff>
is in it.
Granted - the more involved educational / research institutions are
involved, the less likely <bad stuff> is in it.
I'd be doubtful that OpenBSD is compromised. I'm even more doubtful
that it won't be fixed lickety-split if it has indeed been compromised.
OTOH, given the Patriot Act ...
More information about the kwlug-disc
mailing list