lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 24 Dec 2010 19:53:23 -0800 (PST)
From: Dave Nett <dave.nett@...oo.com>
To: full-disclosure@...ts.grok.org.uk, asmo@...n-station.us
Subject: Re: OpenBSD - grey user's oppinion.

You has not know what theses guys are ableĀ  to do.
There are very very dangerous. Be warned by me Dave.

So you hasn't want to open the doors to your system to these men.

Anyway here has the way to always use OpenBSD (from a long time ago to me) within 10 rules :

0x01 standalone test machine with no network connection
0x02 OR virtualized guest with no network access
0x03 has in no way mount an ipsec tunnel
0x04 shut off your wifi router and to has sure your dsl like box
0x05 has remove any rj45 cable off in a range of 5 meter from the OBSD machine
0x06 has not watch the boot sequence has all this text moving can has contain malicious content
0x07 has never ever listen to there CD songs, even better listen to scientology CDs
0x08 has start again from 0x01 to make sure that NO NETWORK 

As the FBI agents set OpenBSD mostly has a router, the coders did probably not bother with other stuff like user interface so you has still able to transfer file with usb key.

--- On Fri, 12/24/10, asmo <asmo@...n-station.us> wrote:

From: asmo <asmo@...n-station.us>
Subject: [Full-disclosure] OpenBSD - grey user's oppinion.
To: full-disclosure@...ts.grok.org.uk
Date: Friday, December 24, 2010, 1:25 AM

reading this whole discussion, did you ever considered if grey user, 
just like me, will ever care ? if backdooring major *bsd distribution 
will make a difference whether to choose OpenBSD or something else when 
it's really no real choice between backdoored or "not" backdoored distro 
have any matter ? even without such Theo's confesion with his so called 
private mail that got released to the public.. do i care? sure i do, but 
i don't have any alternative.

i keep using it in hope that it's too serious for my needs. If someone 
want to invigilate me, i will check if A-Team is somewhere near my 
house, i would need to have serious reasons to worry.

Pretty lame to worry about it, and me - grey user - well, prove or die, 
can't take such claims seriously if really skilled set of coders can't 
figure it out whether it's backdoored or not.

I don't need such confession to stop using OpenBSD, it serve well for my 
purposes but i would use nothing that is well known, for critical 
communication.


Some posts are paranoid about it, some IS MUST is annoying but sounds 
like the person does CARE about it.


i don't. at least since it's not proved... sorry for my lame english.

marry x-mass eve, stop please. or prove. (even if you do, prove me that 
the alternative is safe, no? 2bad).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



      
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ