Full Disclosure mailing list archives
Re: Allegations regarding OpenBSD IPSEC
From: Steve Pinkham <steve.pinkham () gmail com>
Date: Wed, 15 Dec 2010 14:15:53 -0500
On 12/15/2010 01:32 PM, Paul Schmehl wrote:
--On December 14, 2010 8:40:14 PM -0500 bugs () fbi dhs org wrote: So for 10 years IPSEC has had a backdoor in it and not one person
examining
the code has noticed it? Or even questioned it? That's a bit hard to believe. It's along the same lines as the stories that Microsoft
captures
all your packets and harvests your personal information. Read The Cathedral and The Bazaar.
Yeah, just like there was no way to miss the SSL renegotiation flaw for so many years. Or "The Kaminsky Bug". Or the recent downgrade flaw in OpenSSL. Or.. Note all those examples are (assumed?) non-malicious. Imagine if really knowledgeable programmers and crypto people got together to try to hide such things. See the "Underhanded C" contest for examples. http://underhanded.xcott.com/ This stuff is *hard*, and talent is valuable and already spread thin. -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Allegations regarding OpenBSD IPSEC bugs (Dec 14)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC musnt live (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC bk (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC J. Oquendo (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Aldis Berjoza (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Steve Pinkham (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Michal Zalewski (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Valdis . Kletnieks (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC phil (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC clément Game (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC BMF (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Graham Gower (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC mark seiden (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Abuse007 (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC Valdis . Kletnieks (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 15)