[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] OpenBSD IPSEC has backdoor

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] OpenBSD IPSEC has backdoor
From: John Bond <john.r.bond@xxxxxxxxx>
Date: Thu, 16 Dec 2010 09:10:50 +0000

> This is not make sense. Is you say: Theo is will never allow backdoor,
> he is responsible, then is you say
No one said this.  If someone is determined and bright enough then it
is possible they could place a vulnerability in the code.  one can
only audit for vulnerabilities they know about

> "The code is audited and for all
> you know any back door which was placed in this code has been found
> and fixed." then is why there is never mention from OpenBSD long time
> ago: "Is we find backdoor code in audit and fix" is that to me would
> be responsible. Is you cannot have your sarmale and eat it too.
What are you talking about???  the allegation here is that this
happened 10 years ago.  Do you really believe that no security issues
or errors, which could later be identified as security issues, have
been fixed in that time.  Don't be stupid, the fact that these issues
where most likely identified as human error as opposed to malicious
intent is because this is an open source project built on trust


> Something wrong with this is picture. If is this Theo responsible like
> you is say, and he is find backdoor long ago, because he is
> responsible, he should have is said long time ago
As i have tried to make clear above.  I said that this alleged issue
could have been fixed, that does not infer that it was identified as a
backdoor.

I am not an OpenBSD developer so please read the following which puts
across the point i am trying to make much more elegantly
http://marc.info/?l=openbsd-tech&m=129237675106730&w=2

It should be mentioned that at this point this is still just an
accusation and one that is becoming more and more uncredible[1][2]



[1]http://blog.scottlowe.org/2010/12/14/allegations-regarding-fbi-involvement-with-openbsd/
[2]http://marc.info/?l=openbsd-tech&m=129244045916861&w=2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] OpenBSD IPSEC has backdoor
  - From: musnt live
- Re: [Full-disclosure] OpenBSD IPSEC has backdoor
  - From: John Bond
- Re: [Full-disclosure] OpenBSD IPSEC has backdoor
  - From: musnt live

Prev by Date: Re: [Full-disclosure] RHEL Linux Kernel Exploit
Next by Date: [Full-disclosure] Making Security Suck Less
Previous by thread: Re: [Full-disclosure] OpenBSD IPSEC has backdoor
Next by thread: [Full-disclosure] Allegations regarding OpenBSD IPSEC
Index(es):
- Date
- Thread