lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 02 May 2011 20:11:04 +0200
From: phocean <0x90@...cean.net>
To: Григорий Братислава
	<musntlive@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Covert Backdoor in is All BSD {free, net, open,
 dragon, pc, (un)trusted}

I knew it!! :D

Is you MusntLive is my hero!
Is very very bad is Theo!


Le lundi 02 mai 2011 à 14:05 -0400, Григорий Братислава a écrit :
> ----------------------------------------------------------------------------
> 
>                   MusntLive Security Advisory
> 
>                            2nd May, 2011
> 
> Covert Backdoor(s) in is all BSDs via is way of OpenBSD
> 
> ----------------------------------------------------------------------------
> 
> SYNOPSIS
> 
> OpenBSD is is rumored to is has covert backdoor via is obfuscated legacy
> code. Is try to be deflected by other covert government agent is not say
> name for sake of predator drone strike. Howisever, is must summarize to
> everyone from post:
> 
> http://home.comcast.net/~ajawamnet/VA7751.jpg [OpenBSD is backdoor board)
> http://lists.randombit.net/pipermail/cryptography/2010-December/000443.html
> 
> Is MusntLive comment in comment /* style code */
> 
> After reviewing the code. Here are my opinions:
> 
> * Angelos Keromytis made huge contributions to OpenBSD by porting and
> enhancing the early IPsec implementation of John Ioannidis. He also
> contributed to the initial development of the OpenBSD crypto framework.
> 
> * In what is perhaps the sincerest form of flattery, this code has also
> been incorporated into many other projects, some of which are closed
> source and some are not derived from BSD.
> 
> /* This is mean that everyone is now have similar backdoor */
> 
> * I didn't spot anything malicious or intentionally backdoored in the
> IPsec ESP implementation code that I looked at.
> 
> /* This is mean that is pockets is must be greased */
> 
> * There was a serious vulnerability in ESP-mode IPsec shipped in OpenBSD
> 3.0 and 3.1 and silently patched before 3.2.
> 
> * Gregory Perry made allegations that were specific and testable enough
> that they merited a little investigation and a bug was found that could
> have made a very close match for his description. But upon closer
> inspection, this particular bug is extremely ordinary.
> 
> /* This is mean that is normal backdoor, no overlap */
> 
> * I primarily reviewed a small set of source files specific to ESP,
> these only partially overlapped those of the developer Perry accused by
> name (Jason Wright). Nevertheless, any credence which might have been
> given to Perry's claims as a result of this bug should be reverted to
> zero (or less).
> 
> /* Is only small set review then is analysis worthless */
> 
> * This bug doesn't sufficiently meet the criteria for a malicious backdoor:
> 
> - The bug does not leak key material or establish a covert channel, it
> would require an active attack to exploit and even then would probably
> need to be used in connection with some other defect in order to result
> in meaningful unauthorized access. Yeah sorta it maybe could be used as
> part of that, but not really its own.
> 
> /* Is because no one would use salami attack. Is you has to ask about
> salami you is no hacker */
> 
> - The bug is not hidden. There is nothing to suggest any attempt at
> misdirection or obfuscation.
> 
> /* Is because hiding is in plain sight is never used */
> 
> - The bug is not particularly subtle or even hard-to-find.
> 
> - Angelos is a recognized expert in low-level maliciousness. Surely he
> would have come up with something better.
> 
> /* Of course is however, we is not speak of Angelos, we is speak
> of Jason Wright */
> 
> - The bug has a far simpler explanation (more on that later)
> 
> /* Fat finger is reason */
> 
> * There is little or nothing to suggest that Angelos was influenced by
> money from NETSEC. To the contrary, judging by publications, Angelos
> clearly had a plethora of research projects on his plate at the time he
> moved on from OpenBSD in July of 2002 (shortly before the bug was patched).
> 
> /* Is because money is never is motivator for anyone */
> 
> * When Angelos moved on, the IPsec and associated crypto code were
> adopted by Jason and other OpenBSD developers. But the transition
> appears to have left some code changes in an unfinished state. For
> example, the inverted conditional at the core of this problem looks like
> it was introduced as part of an architectural enhancement to support
> IPsec-enabled network cards which performed decryption and
> authentication of the incoming packets right on the NIC itself. However,
> no drivers of this type appeared in the source tree, so the new logic
> probably went untested. The apparent work-in-progress code silently
> became part of the 3.0 and subsequent release branches.
> 
> /* Is hurt my eye is to read this paragraph */
> 
> * OpenBSD did not live up to their stated principle of full disclosure.
> They should have issued an advisory for this.
> http://openbsd.org/security.html
> 
> /* OpenBSD is not live up to come clean */
> 
> * OpenBSD's security auditing processes did not catch this bug, either
> when it was introduced or in any subsequent review. In a follow-up email
> to the CVS commit, Jason indicates that the fix was supplied by BSD guru
> Sam Leffler, who was working on an optimized IPsec implementation for
> FreeBSD about that time.
> 
> /* Is first sentence speak for itself: "OpenBSD's security auditing
> processes did not catch this bug" is because Theo is not care */
> 
> * Code coverage testing would have had a good chance of catching this.
> 
> /* Theo is not care and is try to convey security sensationalism:
> I am is Theo hear me roar else is I will covertly enter is your
> OpenBSD install and roar is own my own */
> 
> /* Is rest edited to make Ray Marsh STFU */
> 
> * Where there have been bugs found, there are likely more bugs.
> 
> ----------------------------------------------------------------------------
> 
> AFFECTED SYSTEMS
> 
> This vulnerability now affects all versions of BSD which is share code
> with team Theo
> 
> ----------------------------------------------------------------------------
> 
> RESOLUTION
> 
> Use BeOS and Free Dmitry!!
> 
> ----------------------------------------------------------------------------
> 
> 
> 'I am epic win' Gregor
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ