This story is one that slips under the radar, but it has the potential to be as big of story as the warrantless wiretapping cases. This is another case with widespread implications for computer network security. IPSEC is a separate TCP/IP protocol designed for creating encrypted tunnels suitable for VPN traffic. For example, it is widely used to create encrypted tunnels between "home office" and "branch office" networks. The general idea is to create a wide area network with connections via the internet over secure and encrypted tunnels. The potential compromise of OpenBSD's IPSEC implementation raises serious security concerns because OpenBSD's permissive license allowed it to be used on a lot of hardware, especially "dedicated" VPN boxes.
This is a story to watch. A bunch of people are going to be taking a second look at the code. If it turns out there is a backdoor, it will be especially ironic because Theo de Raadt forked OpenBSD from FreeBSD mostly because he insisted on better security code auditing.
Here is Slashdot's headline.
Also,
The Fourth Amendment doesn't really count for much any more. The disposition of the Mark Klein case is discouraging. I heard part of this interview.
Here it is broken into 10 minute segments:
1.
2.
3.
4.
5.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment