Hacker News new | past | comments | ask | show | jobs | submit login

The reason OpenBSD was thought of so secured is because they audited the entire code at one time and continuously audit code for new holes. The reason they audited the code in the first place was because way back in the day the main OpenBSD server was compromised and backdoors were placed in the code. They do not like people to know this.



Source?


http://www.cert.org/advisories/CA-2002-24.html I am still looking for the break-in that predates this breakin, my memory is fucking horrible. I apologize. It will take me a while for me to find it.


Thanks for the advisory, but you've got the facts wrong:

1) Main OpenBSD server wasn't compromised, main FTP server ("ftp.openbsd.org") was.

2) Source code (the one in CVS) wasn't compromised, only .tar.gz packages placed on the FTP server were.

3) They did want people to know about this, that's why they released security advisory [1].

On top of that, at the time "ftp.openbsd.org" wasn't even running OpenBSD, the FTP server was part of SunSITE powered by Solaris [2].

[1] http://marc.info/?l=openbsd-misc&m=102821528812161&w...

[2] http://www.openbsd.org/cgi-bin/cvsweb/www/faq/faq8.html.diff...


This wasn't in 2002, this was back in the 90s, I want to say 1996 or 1997. The source code was back-doored. The advisory you found was for completely different break-in in 2002.


I found? You linked to this incident in your previous comment.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: