Hacker News new | past | comments | ask | show | jobs | submit login

In 2001, Angelos Keromytis --- then a grad student at Penn, now a Columbia professor --- added support for hardware-accelerated IPSEC NICs. When you have an IPSEC NIC, the channel between the NIC and the IPSEC stack keeps state to tell the stack not to bother doing the things the NIC already did, among them validating the IPSEC ESP authenticator. Angelos' code had a bug; it appears to have done the software check only when the hardware had already done it, and skipped it otherwise.

The bug happened during a change that simultaneously refactored and added a feature to OpenBSD's ESP code; a comparison that should have been == was instead !=; the "if" statement with the bug was originally and correctly !=, but should have been flipped based on how the code was refactored.

HD Moore may as we speak be going through the pain of reconstituting a nearly decade-old version of OpenBSD to verify the bug, but stipulate that it was there, and here's what you get: IPSEC ESP packet authentication was disabled if you didn't have hardware IPSEC. There is probably an elaborate man-in-the-middle scenario in which this could get you traffic inspection, but it's nowhere nearly as straightforward as leaking key bits.

To entertain the conspiracy theory, you're still suggesting that the FBI not only introduced this bug, but also developed the technology required to MITM ESP sessions, bouncing them through some secret FBI-developed middlebox.

One year later, Jason Wright from NETSEC (the company at the heart of the [I think silly] allegations about OpenBSD IPSEC backdoors) fixed the bug.

It's interesting that the bug was fixed without an advisory (oh to be a fly on the wall on ICB that day; Theo had a, um, a, "way" with his dev team). On the other hand, we don't know what releases of OpenBSD actually had the bug right now.

It seems vanishingly unlikely that there could have been anything deliberate about this series of changes. You are unlikely to find anyone who will impugn Angelos. Meanwhile, the diffs tell exactly the opposite of the story that Greg Perry told.

> It's interesting that the bug was fixed without an advisory (oh to be a fly on the wall on ICB that day; Theo had a, um, a, "way" with his dev team).

This would be my question. That seemingly small change has large security implications since it means that branch was disabled on certain erroneous conditions for some extended period of time and then silently changed back. I think you're right that Jason fixed it, but why wasn't it announced as a major security flaw in OpenBSD 3.0 which I believe released with this code?

Another spin on this drama could be either of these two:

1. Jason actually went in and fixed bugs placed by other NETSEC employees, and now is the victim of reprisals.

2. NETSEC was incompetent, not malicious, and then silently went around fixing things without telling anyone.

Interesting stuff, can't wait to see the rewrite of this file! :-)

Angelos was never a NETSEC employee; his work on the OpenBSD IPSEC code was at one point funded by NETSEC, but if you're familiar with how OS kernel "volunteer" development works, that's not a weird situation at all --- there were, if I remember my semi-sober conversations with him at the Ship & Anchor correctly --- plenty of times Theo found himself in similar relationships.

It's unlikely that NETSEC would have had any management influence over Angelos during that work.

The most worrying thing about it is probably just that it took a year to notice - you would think "throw a forged authenticator at it" would be in the regression tests for an IPSEC implementation.

"Regression tests for an IPSEC implementation". Heh.

lol.. are there any tests at all..

de Raadt: "We've been auditing since the mail came in! We have already found two bugs in our cryptographic code. We are assessing the impact."


"Until 2 days ago I had no idea that both Jason and Angelos in the past did work for a company that does that business"

There is no way Theo didn't know Jason worked at NETSEC; Jason's a co-author of an academic paper about the OpenBSD cryptography implementation, under a NETSEC address.

yep, you can see this post from 2000. http://monkey.org/openbsd/archive/misc/0004/msg00583.html

I think this followup is even more illustrative: http://monkey.org/openbsd/archive/misc/0004/msg00573.html

rest of quote: "And it is true, wow, that company really was in that business! Now they (the company) belong to Verizon."

What the company did is surprising, not who worked there.

I assume you mean "what the company is alleged, by one guy, to have done".

Sure. I was saying "no idea" == "that business" as opposed to the "no idea" == "jason and angelos" interpretation.

for what it's worth (not much), angelos also contracted for netsec.

Did he have a contracting relationship beyond accepting funding for the OpenBSD IPSEC work? Because that's a subtly different relationship for him to have had than "contractor".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact