Full Disclosure mailing list archives
Re: OpenBSD IPSEC has backdoor
From: John Bond <john.r.bond () gmail com>
Date: Thu, 16 Dec 2010 09:10:50 +0000
This is not make sense. Is you say: Theo is will never allow backdoor, he is responsible, then is you say
No one said this. If someone is determined and bright enough then it is possible they could place a vulnerability in the code. one can only audit for vulnerabilities they know about
"The code is audited and for all you know any back door which was placed in this code has been found and fixed." then is why there is never mention from OpenBSD long time ago: "Is we find backdoor code in audit and fix" is that to me would be responsible. Is you cannot have your sarmale and eat it too.
What are you talking about??? the allegation here is that this happened 10 years ago. Do you really believe that no security issues or errors, which could later be identified as security issues, have been fixed in that time. Don't be stupid, the fact that these issues where most likely identified as human error as opposed to malicious intent is because this is an open source project built on trust
Something wrong with this is picture. If is this Theo responsible like you is say, and he is find backdoor long ago, because he is responsible, he should have is said long time ago
As i have tried to make clear above. I said that this alleged issue could have been fixed, that does not infer that it was identified as a backdoor. I am not an OpenBSD developer so please read the following which puts across the point i am trying to make much more elegantly http://marc.info/?l=openbsd-tech&m=129237675106730&w=2 It should be mentioned that at this point this is still just an accusation and one that is becoming more and more uncredible[1][2] [1]http://blog.scottlowe.org/2010/12/14/allegations-regarding-fbi-involvement-with-openbsd/ [2]http://marc.info/?l=openbsd-tech&m=129244045916861&w=2 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OpenBSD IPSEC has backdoor musnt live (Dec 14)
- Re: OpenBSD IPSEC has backdoor Graham Gower (Dec 14)
- Re: OpenBSD IPSEC has backdoor musnt live (Dec 14)
- Re: OpenBSD IPSEC has backdoor Cody Robertson (Dec 14)
- Re: OpenBSD IPSEC has backdoor musnt live (Dec 14)
- Re: OpenBSD IPSEC has backdoor John Bond (Dec 15)
- Re: OpenBSD IPSEC has backdoor Nahuel Grisolia (Dec 15)
- Re: OpenBSD IPSEC has backdoor Benji (Dec 15)
- Re: OpenBSD IPSEC has backdoor huj huj huj (Dec 15)
- Re: OpenBSD IPSEC has backdoor R0me0 *** (Dec 15)
- Re: OpenBSD IPSEC has backdoor Nahuel Grisolia (Dec 15)
- Re: OpenBSD IPSEC has backdoor musnt live (Dec 15)
- Re: OpenBSD IPSEC has backdoor John Bond (Dec 16)
- Re: OpenBSD IPSEC has backdoor Graham Gower (Dec 14)