|
|||
Allegations regarding OpenBSD IPSEC
A mail from Theo to the OpenBSD tech mailing list:
Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
The mail has turned up in the mailing list archives. See http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
For those wishing to waste their time on slashdot : http://bsd.slashdot.org/story/10/12/...Ds-IPSEC-Stack
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
It's sure spreading, people tossing around a lot of FUD as usual.. several developers have stated that there isn't probably any FBI tainted "code" per se but perhaps something more sinister, like IPSEC protocol flaws that governments may be able to exploit.
I personally think what Theo did was warranted, he's disclosing an accusation so it can be discussed openly, so it can be audited by those who make use of it on a daily basis.. and go from there. Personally, I don't use IPSEC.. I would probably use SSH for tunnelling information securely. |
|
|||
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
|||
Quote:
|
|
|||
And REALLY denial means nothing. "They" do that all the time.
I don't know what to think about this. On one hand, it won't be the first time something similar happens. I may be wrong, and it may have been debunked since then, but there was an NSA backdoor inside Windows' advapi.dll. On the other hand, I doubt such backdoor would be left undetected in OpenBSD for a decade when closed source applications get dissected like they do by security experts/hackers. It doesn't seem plausible. Anyway, like BSDfan666 said, Theo de Raadt made the right decision.
__________________
May the source be with you! |
|
||||
Quote:
__________________
religions, worst damnation of mankind "If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”. vermaden's: links resources deviantart spreadbsd |
|
||||
More details from the author of the mail:
http://blogs.csoonline.com/1296/an_f...oor_in_openbsd Quote:
__________________
use UNIX or die :-) |
|
||||
DAG-ERLING SMØRGRAV: OpenBSD IPSec backdoor allegations: triple $100 bounty
http://maycontaintracesofbolts.blogs...legations.html Quote:
__________________
use UNIX or die :-) |
|
|||
The award has jumped $2400 last I checked.
Only opposition is a dystopian theorist who like to argue. |
|
|||
Some comments from Theo:
Quote:
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
|||
Maybe intentional "bugs" and/or obfuscation.
__________________
May the source be with you! |
|
|||
Quote:
But just because a compiler would be a great target doesn’t mean that an IPSEC stack would not be a target. I’m not suggesting that there is a backdoor in OpenBSD; in fact, I think it’s extremely unlikely. But that doesn’t mean that we don’t need to audit—constant auditing is a good thing whether we believe in backdoors or not. And this is proven by the fact that the audit has already fixed two bugs that were not backdoors. I think this is the view that Theo holds as well: Quote:
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
||||
Quote:
I don't trust GCC, but until PCC takes over, it's the best we've got...so I use it. And even though it'd be "more difficult", I'm not implying it couldn't be done... |
|
||||
Quote:
http://www.openbsd.org/cgi-bin/man.c...86&format=html
__________________
use UNIX or die :-) |
|
||||
Bruce Schneier: http://www.schneier.com/blog/archive...e_fbi_pla.html
Quote:
__________________
use UNIX or die :-) |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Need Help Please About IPsec | wong_baru | FreeBSD Security | 2 | 21st June 2010 08:00 AM |
Securing wifi networks with ipsec/ssh and openbsd | Oko | OpenBSD Security | 4 | 16th April 2009 07:32 AM |
openBSD IPSEC gateway w/WINDOWS XP roadwarrior | s2scott | OpenBSD Security | 7 | 13th January 2009 11:01 AM |
Ipsec freebsd openbsd failure | kasse | OpenBSD General | 3 | 31st December 2008 01:42 AM |
IPsec on openbsd | hitete | OpenBSD Installation and Upgrading | 1 | 12th July 2008 01:57 AM |