undefined | Better HN

0 pointskyuudou6y ago0 comments

I'm sure the Linux kernel would never be compromised by state actors, even if a retired US Army general was on the board of directors[1] of the most popular Linux distro, or that the US' most infosec oriented intel agency didn't come up with the main method for RBAC with it[2]. Or that hardware and the numerous bits of firmware that control it would ever get back-doored by any state actor!

"OpenBSD co-founder Theo de Raadt, cited as a top el8 target, angrily refused to discuss the compromise in late July of a file server maintained by the open-source, Unix-based operating-system project. On Aug. 1, a dangerous Trojan horse program was discovered amid the code for OpenBSD, which is used by thousands of organizations and renowned for its security.

While de Raadt wouldn't comment on whether there were any suspects in the case, the lead article in the latest el8 newsletter, published in early July, contains an obvious smoking gun. The article begins with several lines of screen-display from what appears to be an OpenBSD.org system. The "w-command" output suggests that attackers had access to one of de Raadt's accounts."[3]

[1]https://www.redhat.com/en/about/press-releases/shelton

[2]https://www.nsa.gov/what-we-do/research/selinux/documentatio...

[3]https://www.cc.gatech.edu/computing/acmnews/msg00221.html

0 comments

imglorp6y ago

And there's the time someone did try to sneak something into an open source kernel [1].

The cool thing is, anyone can audit the kernels any time, and even if Theo's or Linus's accounts get compromised, the backdoor will be observable by everyone.

Try that with Windows: we have no idea what's in there, we never will, and MS has zero incentive to tell us.

1. https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-...

j / k navigate · click thread line to collapse