Full Disclosure mailing list archives
Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo
From: mrx <mrx () propergander org uk>
Date: Thu, 23 Dec 2010 00:36:03 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/12/2010 00:00, Dan Kaminsky wrote:
On Wed, Dec 22, 2010 at 3:47 PM, Dave Nett <dave.nett () yahoo com> wrote:http://marc.info/?l=openbsd-tech&m=129296046123471&w=2 Long mail which just admit has backdoor, poor Theo.(g) I believe that NETSEC was probably contracted to write backdoors as alleged. (h) If those were written, I don't believe they made it into our tree. They might have been deployed as their own product. You had only one more sentence to read! Just one!
"> where would you start auditing the code? It's just too much. Actually, it is a very small part of the tree..." I am aware that compilers can be coded to introduce "features" into binaries that are not in the actual source code itself. So with all due respect and possibly much ignorance on my part, what is a code audit going to achieve if one uses the shipped compiler to compile the source? Unless one codes ones own compiler can any binary be trusted? Would not reversing the compiled code lead to a proper insight? Are the compiled binaries that handle these crypto functions so complex that they cannot be reversed by a skilled assembly coder? I guess that such a coder would have to be an expert cryptographer too, or at least collaborate with one. My curiosity is genuine, I am trying to educate myself about such things. regards Dave - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTRKZc7Ivn8UFHWSmAQIL9Af/e4HawFmXZc2zIHqEz1mah5+NuNiAH6o2 VJkPiC955moZ5L07rKtfSsV8ktDYUw6EczmPQI5UWFrFsu5SON2LPHkh2ifSrzMS Y5fj+Qjg7BWiamO3iDklJS50x1rEVTSAT6ErydKNGFHkQqieTgjAfemhRQBrjQuo IYQtF3Ij3v0+gIx+mhQ5mEsxLqKST5Gz6M45VZ9MtfX8fUMkBIQoRBNTHv10oqP+ pMsQD+M/UG+cCWd+8DuKmvRCHnhIsJPnZqxQZ5b5P0ZVgSx3XbrTB2+st1+B5xNQ LI57VElZWEmNVcEAYZ+5T5AG3tJonjCBtwg832fXuk3pHq62C06uag== =qHih -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OpenBSD has Open Backdoored Software Distribution - admitted by Theo Dave Nett (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Dan Kaminsky (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo mrx (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Valdis . Kletnieks (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Paul Schmehl (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo The Sp3ctacle (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Graham Gower (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo mrx (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Carlos Alberto Lopez Perez (Dec 23)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Dan Kaminsky (Dec 22)