Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Allegations regarding OpenBSD IPSEC

From: "Aldis Berjoza" <aldis () bsdroot lv>
Date: Wed, 15 Dec 2010 21:41:30 +0200
On Wed, 15 Dec 2010 10:55:39 -0800 bk <chort0 () gmail com> wrote


I call bullshit on all the people claiming this couldn't possibly have
existed because "anyone can read the source."  How many of you understand
crypto.  OK, now how many of you _actually_ understand crypto?  And of those,
how many look at *BSD?

There have been plenty of recent examples of Open Source projects that have
had undetected security flaws for multiple years.  It's not difficult to
believe a relatively uncommon OS could have a subtle weakness in a
difficult-to-understand part of the code.




A good example of old (Even ancient) bug:
Link http://www.osnews.com/story/19731/The-25-Year-Old-UNIX-Bug

--
Aldis Berjoza


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: