Full Disclosure mailing list archives
Re: OpenBSD Smoking Gun
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 23 Dec 2010 11:49:42 -0500
On Thu, Dec 23, 2010 at 8:46 AM, Blank Reg <blankreg () fuckhotmail com> wrote:
Musntlive has warned you all about OpenB(ackdoored)S(oftwared)D(istrobution) for is some time and is allAt risk of feeding the troll, this whole business has a positive side that no-one seems to have mentioned:
http://www.collegehumor.com/video:1926079
1> The seeding of "evil" developers into large software projects by The Man(tm) has now shifted from conspiracy theory to conspiracy in many peoples minds.
Spies are as old as war itself.
2> OpenBSD is the only project *we currently know of* that has been infiltrated. It seems highly likely that other projects/OS's will have been similarly treated.
The end game is a broken implementation. I have not seen any C code flagged as defective (but have not looked too hard). Has anyone produced such code? Otherwise, a weak or broken implementation might have been weeded out before being distributed (assuming it was checked in).
3> As a result of being Open Source, the damage to OpenBSD's IPSec stack was pretty pathetic, and is now subject to scrutiny. In the end this will lead to the OpenBSD IPSec being the *only* trustworthy implementation.
"Only" is a little strong.
4> A big questionmark now hangs over the security of closed-source crypto implementations. Seriously, can anyone really trust Windows IPSec after this incident? Do you trust your Apple AES-128 encrypted dmg files?
I still remember the NSAKEY and Microsoft. http://en.wikipedia.org/wiki/NSAKEY. Jeff. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OpenBSD Smoking Gun Григорий Братислава (Dec 23)
- Re: OpenBSD Smoking Gun Blank Reg (Dec 23)
- Re: OpenBSD Smoking Gun Jeffrey Walton (Dec 23)
- Re: OpenBSD Smoking Gun Georgi Guninski (Dec 23)
- Re: OpenBSD Smoking Gun Paul Schmehl (Dec 23)
- Re: OpenBSD Smoking Gun Blank Reg (Dec 23)