Full Disclosure mailing list archives

Re: OpenBSD IPSEC has backdoor

From: John Bond <john.r.bond () gmail com>
Date: Thu, 16 Dec 2010 09:10:50 +0000

This is not make sense. Is you say: Theo is will never allow backdoor,
he is responsible, then is you say

No one said this.  If someone is determined and bright enough then it
is possible they could place a vulnerability in the code.  one can
only audit for vulnerabilities they know about

"The code is audited and for all
you know any back door which was placed in this code has been found
and fixed." then is why there is never mention from OpenBSD long time
ago: "Is we find backdoor code in audit and fix" is that to me would
be responsible. Is you cannot have your sarmale and eat it too.

What are you talking about???  the allegation here is that this
happened 10 years ago.  Do you really believe that no security issues
or errors, which could later be identified as security issues, have
been fixed in that time.  Don't be stupid, the fact that these issues
where most likely identified as human error as opposed to malicious
intent is because this is an open source project built on trust

Something wrong with this is picture. If is this Theo responsible like
you is say, and he is find backdoor long ago, because he is
responsible, he should have is said long time ago

As i have tried to make clear above.  I said that this alleged issue
could have been fixed, that does not infer that it was identified as a
backdoor.

I am not an OpenBSD developer so please read the following which puts
across the point i am trying to make much more elegantly
http://marc.info/?l=openbsd-tech&m=129237675106730&w=2

It should be mentioned that at this point this is still just an
accusation and one that is becoming more and more uncredible[1][2]



[1]http://blog.scottlowe.org/2010/12/14/allegations-regarding-fbi-involvement-with-openbsd/
[2]http://marc.info/?l=openbsd-tech&m=129244045916861&w=2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

OpenBSD IPSEC has backdoor musnt live (Dec 14)
- Re: OpenBSD IPSEC has backdoor Graham Gower (Dec 14)
  - Re: OpenBSD IPSEC has backdoor musnt live (Dec 14)
    - Re: OpenBSD IPSEC has backdoor Cody Robertson (Dec 14)
- Re: OpenBSD IPSEC has backdoor John Bond (Dec 15)
  - Re: OpenBSD IPSEC has backdoor Nahuel Grisolia (Dec 15)
    - Re: OpenBSD IPSEC has backdoor Benji (Dec 15)
    - Re: OpenBSD IPSEC has backdoor huj huj huj (Dec 15)
    - Re: OpenBSD IPSEC has backdoor R0me0 *** (Dec 15)
  - Re: OpenBSD IPSEC has backdoor musnt live (Dec 15)
    - Re: OpenBSD IPSEC has backdoor John Bond (Dec 16)