bes said:
Gregory Perry - John Young correspondence published on
Cryptome.org
Wow that post was a trip. Especially this link:
http://mickey.lucifier.net/b4ckd00r.html . That is the exact stuff conspiracy theories are made of. Where is the tin-foil hat smilie? An OpenBSD hacker was talking about intelligence agents from the Navy and FBI telling him to keep his mouth shut over OpenBSD. This stuff has been going on since early '90s! Incredible.
Well obviously there are "feds in your systems."
Privacy is important. Also, catching tourists is important too, but citizens civil (and human) right to privacy is of higher priority than catching tourists.
Firstly, I say we use the nature of open source software to uproot them from our systems. We need to do a full code audit of the secure kernel.
Secondly, strict coding and format rules should be devised so as to prevent the insertion of obfuscated code. Coding standards exist for most free software projects today, but these special set of rules will be structured in such a way as to highlight "devious and obfuscate code" or code that does not make it obvious to what it is doing.
Thirdly, we have a "chieftan" or "a roundtable of chieftans" that are switched yearly to review each and every piece of code on a certain part of the system; core of the kernel, networking, IPSEC stuff, etc. Debates, investigations, and discussions will be had before any suspected code is let loose.
Fourthly, I say a website be created that scrolls recently added code on a screen for at least 3 months. Then each day, a piece of code is picked from the screen and inspected for nefariousness.
Fifthly, create a code auditing suite of analysis apps that find obfuscated code, or code that is suspected of being obfuscated. Data analysis is being applied to everything today. Why not apply it to some C files?