I came across an article that seems to be an attempt for a possible scare tactic, or could it be the truth? The article is about a variant of Linux/BSD, called OpenBSD. OpenBSD is an open source operating system which touts that it is ” the most secure operating system in the world”. Those of you who operate on Linux systems would agree, would you not? Yet, the following article claims that Linux is not as safe as one might like to think, which is news to me.
*Note to our readers: If you have a Linux system, we ask if you can please contact us and let us know the validity of this article .
According to the article:
OpenBSD: Not Free Not Fuctional and Definetly Not Secure
“Worse, Theo de Raadt willing allowed government agencies and possible terrorist organizations to put back doors into OpenBSD. An example of this is shown in December 2010 when de Raadt allowed FBI agents to plant backdoors in OpenBSD’s Cryptographic Framework which they had taken from Linux and illegally removed the GPL license. The firewall PF which OpenBSD claimed to have invented (which in fact is a copy of iptables with most of the features stripped away and the remaining code completely mucked up) has 3 buffer overflow vulnerabilities which when combine with the fact that it is running within the kernel can be used by hackers to taken control of OpenBSD’s kernel. Finally like all BSDs, third party applications are not audited for vulnerabilities and research has show that nearly 3 out of 5 of the applications are actually trojans.”
Other claims that this article makes are as follows:. For example, pertaining to firewalls it states that OpenBSD they have invented their own due to licensing issues. It also mentions that as a rule firewalls are not compatible with each other, therefor need to be converted, implying that the OpenBSD versions are inferior. If this is the case, it’s a major security issue, wouldn’t you say?
Let’s address third party applications. Third party applications are often used by all the Linux variants , and again the article claims that “non Windows applications contain more trojan viruses than other apps.” This is actually the opposite of what we have been taught since the inception of laptops and home computers in general.
The FBI created a back door?
Now some of you may say that, “Hey this is old news, didn’t we see this in every global tabloid in 2010?
Take a look:
FBI accused of planting backdoor in OpenBSD IPSEC stack
“Perry says that his nondisclosure agreement with the FBI has expired, allowing him to finally bring the issue to the attention of OpenBSD developers. Perry also suggests that knowledge of the FBI’s backdoors played a role in DARPA’s decision to withdraw millions of dollars of grant funding from OpenBSD in 2003.
“I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI,” wrote Perry. “This is also probably the reason why you lost your DARPA funding, they more than likely caught wind of the fact that those backdoors were present and didn’t want to create any derivative products based upon the same.”
The e-mail became public when de Raadt forwarded it to the OpenBSD mailing list on Tuesday, with the intention of encouraging concerned parties to conduct code audits. To avoid entanglement in the alleged conspiracy, de Raadt says that he won’t be pursuing the matter himself. Several developers have begun the process of auditing the OpenBSD IPSEC stack in order to determine if Perry’s claims are true.”
The LINUX JOURNAL claims that Theo de Raadt allowed the FBI to put the code.
I found this recent article to be interesting because the allegations become even more significant because the code of OpenBSD may also been used by OpenSSH. OpenSSH is used by many operating system and applicances, including Linux, Mac OS X and Cisco. Most webhosting use it as well .
If the article is correct in it’s allegations, then most of the internet is vulnerable right now. If it was a lie, then it may be an attempt to lure you into using something that is actually unsafe. Either way, do your homework and stay aware, after all, it’s a new world!
Valid information that you should read:
RELEASE 9-2013 At the keynote speech at LinuxCon, Linus Torvalds, creator and lead developer of the Linux kernel, was asked if the National Security Agency (NSA) had asked him to insert a backdoor into the popular open source operating system. Linus responded by nodding yes while saying the word, “no,” implying that he had been asked to do so, but was not able to discuss it.
This has caused quite a stir in the Linux community, who has always considered the ‘open’ nature of the source, that is, anyone can view the code, would make it impossible to hide such a deliberate security hole. But how many actually have looked at the kernel code and how many could identify such a backdoor in the millions of lines, especially if care were taken to obfuscate the process?http://bits-n-bytes-tech.blogspot.com/2013/09/can-linux-be-trusted-linus-confirms-nsa.html
Regarding spying associated with GOOGLE, FACEBOOK, MICROSOFT, PRISM
The US National Security Agency and Federal Bureau of Investigation have been harvesting data such as audio, video, photographs, emails, and documents from the internal servers of nine major technology companies, according to a leaked 41-slide security presentation obtained by The Washington Post and The Guardian. According toThe Washington Post, the program’s slides were provided by a “career intelligence officer” that had “firsthand experience with these systems, and horror at their capabilities,” and wished to expose the program’s “gross intrusion on privacy.”http://www.theverge.com/2013/6/6/4403868/nsa-fbi-mine-data-apple-google-facebook-microsoft-others-prism
We will follow the updates on internet security issues, and if any of our readers have any ideas as to how the general public can protect their privacy, we suggest you write us at firstname.lastname@example.org