lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Dec 2010 13:46:48 +0000 (GMT)
From: Blank Reg <blankreg@...khotmail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: OpenBSD Smoking Gun

> Musntlive has warned you all about
> OpenB(ackdoored)S(oftwared)D(istrobution) for is some time and is all

At risk of feeding the troll, this whole business has a positive side 
that no-one seems to have mentioned:

1> The seeding of "evil" developers into large software projects by The 
Man(tm) has now shifted from conspiracy theory to conspiracy in many 
peoples minds.

2> OpenBSD is the only project *we currently know of* that has been 
infiltrated. It seems highly likely that other projects/OS's will have 
been similarly treated.

3> As a result of being Open Source, the damage to OpenBSD's IPSec 
stack was pretty pathetic, and is now subject to scrutiny. In the end 
this will lead to the OpenBSD IPSec being the *only* trustworthy 
implementation.

4> A big questionmark now hangs over the security of closed-source crypto 
implementations. Seriously, can anyone really trust Windows IPSec after 
this incident? Do you trust your Apple AES-128 encrypted dmg 
files?

Reg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists