lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 17 Dec 2010 13:29:44 -0500
From: Charlie Derr <cderr@...ons-rock.edu>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Allegations regarding OpenBSD IPSEC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/17/2010 12:52 PM, Paul Schmehl wrote:
> --On December 17, 2010 12:31:37 PM -0500 Larry Seltzer 
> <larry@...ryseltzer.com> wrote:
> 
>>> The one thing Mr. Perry has not done, and which, if his claims have any
>>> merit at all, he could easily do, since he claims he's no longer under
>> NDA,
>>> is post the code that proves that there is a backdoor.  After all, he
>>> supposedly wrote it, along with others.
>>
>> Actually, he did not say that he wrote code. He said that "Jason
>> Wright and several other developers were responsible for those
>> backdoors"
>>
> 
> I quote Mr. Perry:
> 
> "I left NETSEC in 2000 to start another venture, I had
> some fairly significant concerns with many aspects of these projects,
> and I was the lead architect for the site-to-site VPN project
>       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> developed for Executive Office for United States Attorneys, which was
> a statically keyed VPN system used at 235+ US Attorney locations and
> which later proved to have been backdoored by the FBI so that they
> could recover (potentially) grand jury information from various US
> Attorney sites across the United States and abroad."
> 
> Still think he never wrote any and had no knowledge of the code?  What does 
> "lead architect" mean?
> 

I actually thought about this as possibly providing more motivation for Mr. Perry to whine about the FBI being
responsible for subverting a project that he was in charge of.  While the previous motivations that you guessed at all
seem plausible, this one jumped out at me.  Being able to pin his failure to secure the VPN for US Attorneys on the FBI
(and at least partially steer attention away from his own culpability) seems like potentially a very good reason for him
to have made these allegations in the first place.  But of course I have no evidence and am just guessing.

   best,
      ~c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNC6wXAAoJELuLPXMxqTZ/9CYQAMfDyu3ObqzrC0yK1pZxlim8
OTbbYXME5afuTpSONb/JDbBnJcRW024oXykU59KNJ8y8DTE+IgvnoihKaA8s143G
bkbA3zT60NFkUR+vQMgSVRDff2RNyGRBNSImEaWQP0kLva/ouaDsbyNqLFKhqaVB
b6+T600Gfb65gOSX3IbbIzJ64r7CinJvxY5aIYxCk4fHfTcy28+YxAtfFz2F3BLL
xwYHEcYZnHqnCFV1xpKLraAixeovqslCQG8HpM76KtZrTWoJ2Nc3ki5E4D/BOoZH
pTi8GcDZRrgesZQYmbeMGirJLSMD1LTZ6szg0Ul/z4HCOlcCWPC/Z30iAT+JcjqP
5FGh74n/PPirMBMzfb78Qd33j1AEyw0bZ5QEpLJG5rQjfDTZHJ7BHNJdvfie418N
/pyheNAdk3MFdgAt5fCUiWcMsQIixsqjn3hqaTolgxA34VCmhlaQyMrfEg/gPRbp
lFQJNNTOyWX3IWPIOhGRJNSc7XfrE6LIddcspDkYXOQt0jICpNdoHeDDCZddcVkR
hkGbQOS4kcVWPZ0lUjIlmXzLRtgnhnFI3t3VZpGqGOF5T5gi8Ax25lrdc6BT4XRd
TTVuBwylvtxYUUaI/nje1NFWgrXJikOJ+N1KLPBrT+w6IYfRchOOGNslsSCROduM
qedxwhjr9doLfkjmhaM2
=lUG1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ