Full Disclosure mailing list archives
Re: Allegations regarding OpenBSD IPSEC
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Wed, 15 Dec 2010 13:25:14 -0600
--On December 15, 2010 10:55:39 AM -0800 bk <chort0 () gmail com> wrote:
On Dec 15, 2010, at 10:32 AM, Paul Schmehl wrote:--On December 14, 2010 8:40:14 PM -0500 bugs () fbi dhs org wrote:http://www.downspout.org/?q=node/3 Seems IPSEC might have a back door written into it by the FBI?So for 10 years IPSEC has had a backdoor in it and not one person examining the code has noticed it? <snip> Read The Cathedral and The Bazaar. -- Paul Schmehl, Senior Infosec AnalystI call bullshit on all the people claiming this couldn't possibly have existed because "anyone can read the source." How many of you understand crypto. OK, now how many of you _actually_ understand crypto? And of those, how many look at *BSD? There have been plenty of recent examples of Open Source projects that have had undetected security flaws for multiple years. It's not difficult to believe a relatively uncommon OS could have a subtle weakness in a difficult-to-understand part of the code. In this particular case, it looks to be total FUD by some lunatic with an axe to grind, but we shouldn't be so arrogant to assume that such a flaw _could not_ exist. BTW I actually use OpenBSD on many of my systems and I happen to think it's a very simple and practical OS, but I'm not blind to potential problems.
Reading comprehension problems? I said it was not likely. I did not say it was not possible. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Allegations regarding OpenBSD IPSEC bugs (Dec 14)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC musnt live (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC bk (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC J. Oquendo (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Aldis Berjoza (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Steve Pinkham (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Michal Zalewski (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Valdis . Kletnieks (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC phil (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC clément Game (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC BMF (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Graham Gower (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 15)