AOH :: ISNQ7232.HTM

OpenBSD Project Finds Two Bugs In Software's IPsec Implementation




OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation



http://www.darkreading.com/database-security/167901020/security/attacks-breaches/228900060/openbsd-project-finds-two-bugs-in-software-s-ipsec-implementation.html 

By Mathew J. Schwartz, InformationWeek
Special to Dark Reading
Dec 22, 2010

The OpenBSD project has found two bugs in how OpenBSD, a Unix-like open 
source operating system, implements Internet protocol security (IPsec).

The bugs are of interest given the recent allegation made by Gregory 
Perry, former CTO of now-defunct Federal Bureau of Investigation 
contractor Network Security Technology (NetSec), that the FBI created a 
backdoor in the OpenBSD code base, specifically in how it implements 
IPsec. He also alleged that multiple developers involved in contributing 
code to OpenBSD were on the payroll of NetSec, and that the FBI had 
hired it to create the backdoors.

Are the bugs a smoking gun? According to Theo de Raadt, the founder and 
leader of the OpenBSD project, one IPsec bug in OpenBSD relates to a 
"CBC oracle problem," and was fixed in the software crypto stack by 
Angelos Keromytis, the architect and primary developer for its IPsec, 
but ignored in device drivers, overseen by device driver author Jason 
Wright. Interestingly, both men had worked for NetSec, at different 
times.

"Neither Jason nor Angelos were working for NetSec at that time, so I 
think this was just an accident," said de Raadt. "Pretty serious 
accident."

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/ 

Site design & layout copyright © 1986-2014 CodeGods