Full Disclosure mailing list archives
Re: Allegations regarding OpenBSD IPSEC
From: "J. Oquendo" <sil () infiltrated net>
Date: Thu, 16 Dec 2010 18:57:01 -0600
I can only speculate the following with regards to Perry coming out of the blue with this news and it obviously means nothing as I'm not a profiler, psychologist, etc. and even if I were, who cares at the end of the day. There is probably some form of credibility to perhaps the government wanting to backdoor OpenBSD or any other operating system but that obviously does not mean this occurred. What I think about his disclosure is, Perry sought to make something known to Theo which took Theo by surpise and Theo being who he is disclosed it to the public. The following strike me as odd though: I have never seen Theo come out of the blue publicly for something non-BSD related. I never struck him as the type to put his business out there especially in a case like this. My thoughts are: If he DID know something, why would he PUBLICLY out himself like that. It would have made more sense for him to keep that conversation private and lie enough to dissuade this Perry go to hush/think about things differently, etc. I'm think if it were me, I would have done the same had I no knowledge. Had I knowledge, my first thought would be: "By publicly disclosing anything, the people I report(ed) to will be pissed and it'll kick up a firestorm" (this is for those who speculate Theo had something to do with this). So I think, what does this Perry guy have against the others. Are there any documented exchanges or disagreements between Perry, Wright or Lowe? For someone to come out of the blue, name names 10 years later makes little sense. It must have been a hell of a bone to grind to wait 10 years once an NDA has expired to "out" someone. For that, an anonymous email to a mailing list would have sufficed as opposed to waiting 10 years. I then think, wait a minute, something like this (backdooring anything) must go beyond a 10 year NDA. Even if it didn't, the potential blowback Perry could face would be so enormous, it would not only be insane to come out of the woodworks, but likely career suicide as well. The 'bone to pick' doesn't sound realistic. After all, he could have submitted an anonymous email years ago to air his dirt. What I believe happened is an iteration of rumors. Perhaps there came a time when an agency in government wanted to place backdoors, maybe even approached BSD developers [1]. Did it fly? Only three people would completely know at the end of the day: Perry, Scott Lowe (whomever he is) Jason Wright. "Would you like to help the government... We need you to ..." which after time became "the government placed a backdoor." Ten years is an awful long time to sit around with whiffs of news like this. I doubt a secret like that could have been kept secret for 10 long years. At the same time though, I doubt there is reason for Perry to outright make this up. I think maybe he heard a rumor and rolled with it. I've re-read Perry's email to Theo and another response. His initial e-mail didn't impose a sense of "payback is a bitch" but more of a "I think you should know" so for those claiming "he wanted to get back at Theo" you may be oblivious to the fact that he sent the email to Theo in private, not to a mailing list. That debunks any notion to me that he was trying to hurt Theo. He would have had to have known 100% that Theo would disclose the email. So the point of him coming out of the closet to hurt Theo is weak and moot if you ask me. As for the credibility of a former agent saying "we tried it didn't work" sounds fishy as well. I don't know about anyone else but I can't imagine him admitting to anything "sure we backdoored it" That wouldn't make any sense and would likely make him a few enemies both on and off that agency. At the end of the day though, I could honestly care less if they backdoored my VPN. They'd be might bored wondering why terminals are always tail -f'ing, and how the hell I manage to type so much without shutting up ;) [1] https://twitter.com/ejhilbert/status/14891845825863680 -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Allegations regarding OpenBSD IPSEC, (continued)
- Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Graham Gower (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC mark seiden (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Abuse007 (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC Valdis . Kletnieks (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC malfy (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC John Horn (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC J. Oquendo (Dec 16)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 17)
- Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 17)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 17)
- Re: Allegations regarding OpenBSD IPSEC Gary Baribault (Dec 17)
- Re: Allegations regarding OpenBSD IPSEC news (Dec 17)
- Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 15)
- Re: Allegations regarding OpenBSD IPSEC Valdis . Kletnieks (Dec 17)
- Re: Allegations regarding OpenBSD IPSEC Григорий Братислава (Dec 17)
- Re: Allegations regarding OpenBSD IPSEC Григорий Братислава (Dec 17)
- Re: Allegations regarding OpenBSD IPSEC Charlie Derr (Dec 18)
- Re: Allegations regarding OpenBSD IPSEC Григорий Братислава (Dec 17)