lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Dec 2010 09:18:24 -0500
From: "McGhee, Eddie" <Eddie.McGhee@....com>
To: Григорий Братислава <musntlive@...il.com>, coderman
	<coderman@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	"mickey@...ifer.net" <mickey@...ifer.net>
Subject: Re: how i stopped worrying and loved the backdoor

I is Love musntlive. 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of ???????? ??????????
Sent: 24 December 2010 13:05
To: coderman
Cc: full-disclosure@...ts.grok.org.uk; mickey@...ifer.net
Subject: Re: [Full-disclosure] how i stopped worrying and loved the backdoor

Hello full disclosure!!!

I'd like to warn you about many things but not bucketing. However is you must read and not be troll for you is to understand this for your own. musntlive cannot be all everyone's guide to common sense.

"A Provably Secure And Efficient Countermeasure Against Timing Attacks"
http://eprint.iacr.org/2009/089.pdf

"Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks"
http://users.cis.fiu.edu/~smithg/papers/csf10.pdf

In is musntlive's interpretation is everyone miss OpenBSD big picturuski:

a1) Hiding in plain sight
a2) Developer Deception

Is musntlive establish (proven: this is not theory) that developers lied all along. So while is many cry troll, musntlive laugh and think of Cassandra.

b1) Is OpenBSD not audit anything otherwise this not happen
b2) For those trolls (Schmehl) who state: `Someone would have caught it` - they is forget that crypto is highly specialized and is all a part of the corruption machine, there is none to catch [is see Juvenal quote who watching watchers]
b3) We is now privy to see how Theo via foreign financial accounts is tied into this - he can disprove this is he like but he is likely stay shut
b4) Theo is come clean not to show public `I come clean I not know` but more is to say `is I come clean before is beans spilled, everyone is believe me`

[Response a1] Is because crypto implementation very hard is difficult for to someone to audit is code. In normal programming a simple operator can is change the entire game. Is difference between < and is say > is all one need. For this we is now take into account 'salami attacks' (do not is say musntlive not warn you)

[Response a2] Is everyone forget KGII (key goal is indicators) of everything. Money is talk (see b3) and when is everyone is on the same ledger[payroll] and is give geek dream job of one being superspyman, egos run stupid. Geeks is like Jason is stupid for to government say:
"Give is stupid nerd some Mountain Dew, mousepad, new laptop, he ours!" versus old school "he is wants Ferrari, cash and ladies" (see Mafiosi requirements for cash).

When money is motivator is one be surprised at what someone is capable of is... is. Is everyone too stupid to remember this or do everyone is believe no one is above corruption particularisly "FOSS" developers.
(I is pity you is you think this)

[Response b1] Is who will come clean when all is dirty on the developer team. 3 people on code all on the same covert team and is one head honchoruski (Theo see b3) is getting kickbacks in covert accounts

[Response b2] For Paul Schmehl and other trolls I is like to introduce you to is Cassandra Complex
http://en.wikipedia.org/wiki/Cassandra_(metaphor)

[Response b3] http://www.youtube.com/watch?v=bjZRAvsZf1g

[Response b4] Theo is not to be believed on this whole matter see Cassandra Complex


Happy Merry Jolly and is Merry Happy New Year.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists