Announcement

**Asher** · December 15, 2010, 11:55

Here's a better example (found at slashdot), not obfuscated code but underhanded code.

Its purpose (and it does do this) is:

read a PPM file in ASCII (P3) format, scanned over the numbers, and zeroed out the redacted pixels in the most obvious way possible:

Code:

for(c = buf;*c;c++) {
          if(isdigit(*c)) {
                    if(!ws) {   // new number, increment location.
                              ws = 1; x++;
                              if(x >= width * 3) {
                                        y++; x = 0;
                              }
                    }
                    if(x > rx * 3 && x <= (rx + rwidth) * 3 && y > ry && y < ry + rheight)
                              putchar('0');
                    else
                              putchar(*c);

          }  else {
                    ws = 0;
                    putchar(*c);
          }
}

Can you tell what this code does, HC?

Spoiler:

**Tuberski** · December 15, 2010, 11:55

Originally posted by Asher View Post

Uh. What?

This guy hasn't had anything to do with that industry for ten years. He has nothing to gain or lose by this allegation except clearing his conscience.

He's also not some cook, he's a professional and a businessman -- he's been a CTO/CEO for over a decade in various companies.

10 years? The DARPA funding was pulled 3 years later.

How do you know he isn't a cook? Like you said he isn't a programmer, so he doesn't live off of delivery pizza and Jolt cola.

ACK!

**Tuberski** · December 15, 2010, 12:00

Originally posted by Asher View Post

It's not pathetic to be wary of the US government allegedly inserting security vulnerabilities and backdoors into security-oriented software.

It IS, however, pathetic for someone to wave their hands and say "nothing to see here!" just because you're young enough to have absolute faith in the government...

Benevolent governments don't actively try to make legal, secure devices fundamentally insecure for their use (and potentially ANY use). Benevolent governments don't grope old ladies at security checkpoints, either.

I agree with you about being wary but you seem to think it's absolutely certain the FBI did this. When all you have is one guy that signed an NDA 10 years ago, before 9/11 and the Patriot Act, when it would have, at least, made twisted sense for the FBI to order the backdoors installed.

ACK!

**Asher** · December 15, 2010, 12:02

Originally posted by Tuberski View Post

10 years? The DARPA funding was pulled 3 years later.

Huh? How are these connected?

And it wasn't pulled 3 years later. The code was inserted in late 2000 (allegedly), and they lost their DARPA funding in every early 2003. That's a couple years.

And it need not be immediate. Given the government bureaucracy, is it not conceivable that DARPA grant people didn't find out about this until sometime after it was done? DARPA and the FBI aren't exactly sister organizations.

However, DARPA has little incentive to continue giving grants to a project they knew to be insecure by the government's own actions. There was no rational explanation for why their funding was mysteriously pulled, as OpenBSD was a very respected organization. Now we've got something plausible.

How do you know he isn't a cook? Like you said he isn't a programmer, so he doesn't live off of delivery pizza and Jolt cola.

ACK!

There's no reason at all to believe he's a kook, except an agenda to protect the government.

**Asher** · December 15, 2010, 12:04

Originally posted by Tuberski View Post

I agree with you about being wary but you seem to think it's absolutely certain the FBI did this. When all you have is one guy that signed an NDA 10 years ago, before 9/11 and the Patriot Act, when it would have, at least, made twisted sense for the FBI to order the backdoors installed.

ACK!

I'm operating under the assumption for the purposes of this thread for a number of reasons:
1) We don't get anything by shrugging our shoulders and saying we don't know anything. The US invaded Iraq and killed many thousands of people under flimsier evidence.
2) The whistleblower here has no reason to lie at all, and the timelines align with what he's alleging
3) It's always been a mystery why OpenBSD had its DARPA grant revoked, as no reason was given and there was no reason to do so. This goes a long way to explaining why.

I'm seeing a lot of signs pointing to the legitimacy of the guy's claims, but no firm proof. On the other hand, I see absolutely no reason to believe the government would NOT do this.

**Tuberski** · December 15, 2010, 12:04

Kook not cook.

ACK!

**Tuberski** · December 15, 2010, 12:09

Originally posted by Asher View Post

I'm operating under the assumption for the purposes of this thread for a number of reasons:
1) We don't get anything by shrugging our shoulders and saying we don't know anything. The US invaded Iraq and killed many thousands of people under flimsier evidence.
2) The whistleblower here has no reason to lie at all, and the timelines align with what he's alleging
3) It's always been a mystery why OpenBSD had its DARPA grant revoked, as no reason was given and there was no reason to do so. This goes a long way to explaining why.

I'm seeing a lot of signs pointing to the legitimacy of the guy's claims, but no firm proof. On the other hand, I see absolutely no reason to believe the government would NOT do this.

The DARPA thing, I was upset they were granting money to a project run by a Canadian, in Canada, among other, American, places.

I, personally, have little doubt that they at least tried to do it. Yet, I don't see a lot of threads by you about the thousands of hackers exploiting security holes in other, non-government related programs either.

ACK!

**Asher** · December 15, 2010, 12:10

Originally posted by Tuberski View Post

I, personally, have little doubt that they at least tried to do it. Yet, I don't see a lot of threads by you about the thousands of hackers exploiting security holes in other, non-government related programs either.

ACK!

For the life of me, I cannot decipher an intelligent argument in that quote.

**Tuberski** · December 15, 2010, 12:17

You ***** about the US government, but not the thousands of *******s trying to steal your identity online.

It's not an argument it's an observation.

ACK!

**notyoueither** · December 15, 2010, 12:29

I've always assumed that the NSA has access to most any system any time they want.

**Asher** · December 15, 2010, 13:16

Originally posted by Tuberski View Post

You ***** about the US government, but not the thousands of *******s trying to steal your identity online.

It's not an argument it's an observation.

ACK!

Why would I ***** about something incredibly obvious that need not be said?

**Asher** · December 15, 2010, 13:16

Originally posted by notyoueither View Post

I've always assumed that the NSA has access to most any system any time they want.

A very reasonable assumption. The NSA openly admits working with companies like Microsoft.

**notyoueither** · December 15, 2010, 13:38

The FBI works with the NSA, no?

**Asher** · December 15, 2010, 13:39

Likely.

As I said, it's been reasonably assumed that the US government has been secretly inserting backdoors in all kinds of software (and hardware). This has been suspected for many years.

Far as I know, this is the first time we've been able to get any reasonable allegations to support it.

Additionally, if true, this REALLY discredits the "many eyes" theory of security for OSS, which I've always dismissed as bull****. Urban Ranger and I used to really get into it over that.

This is also why countries like India and China are developing their own OSes and software stacks now. They have reason to believe that Windows, OS X, and Linux are all backdoored. Even parts of OpenBSD apparently may be. Is nothing sacred?

**Hauldren Collider** · December 15, 2010, 13:41

The FBI works with the NSA, no?

Depends. The FBI, as I recall, usually only works with the NSA on very high-priority targets.

Announcement

Welcome to the US government. How can we secretly piss you off today?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment