http://www.darkreading.com/database-security/167901020/security/attacks-breaches/228900060/openbsd-project-finds-two-bugs-in-software-s-ipsec-implementation.html By Mathew J. Schwartz, InformationWeek Special to Dark Reading Dec 22, 2010 The OpenBSD project has found two bugs in how OpenBSD, a Unix-like open source operating system, implements Internet protocol security (IPsec). The bugs are of interest given the recent allegation made by Gregory Perry, former CTO of now-defunct Federal Bureau of Investigation contractor Network Security Technology (NetSec), that the FBI created a backdoor in the OpenBSD code base, specifically in how it implements IPsec. He also alleged that multiple developers involved in contributing code to OpenBSD were on the payroll of NetSec, and that the FBI had hired it to create the backdoors. Are the bugs a smoking gun? According to Theo de Raadt, the founder and leader of the OpenBSD project, one IPsec bug in OpenBSD relates to a "CBC oracle problem," and was fixed in the software crypto stack by Angelos Keromytis, the architect and primary developer for its IPsec, but ignored in device drivers, overseen by device driver author Jason Wright. Interestingly, both men had worked for NetSec, at different times. "Neither Jason nor Angelos were working for NetSec at that time, so I think this was just an accident," said de Raadt. "Pretty serious accident." [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Thu Dec 23 2010 - 01:13:27 PST
This archive was generated by hypermail 2.2.0 : Thu Dec 23 2010 - 01:26:30 PST