[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1304359864.4829.1.camel@subarashii>
Date: Mon, 02 May 2011 20:11:04 +0200
From: phocean <0x90@...cean.net>
To: Григорий Братислава
<musntlive@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Covert Backdoor in is All BSD {free, net, open,
dragon, pc, (un)trusted}
I knew it!! :D
Is you MusntLive is my hero!
Is very very bad is Theo!
Le lundi 02 mai 2011 à 14:05 -0400, Григорий Братислава a écrit :
> ----------------------------------------------------------------------------
>
> MusntLive Security Advisory
>
> 2nd May, 2011
>
> Covert Backdoor(s) in is all BSDs via is way of OpenBSD
>
> ----------------------------------------------------------------------------
>
> SYNOPSIS
>
> OpenBSD is is rumored to is has covert backdoor via is obfuscated legacy
> code. Is try to be deflected by other covert government agent is not say
> name for sake of predator drone strike. Howisever, is must summarize to
> everyone from post:
>
> http://home.comcast.net/~ajawamnet/VA7751.jpg [OpenBSD is backdoor board)
> http://lists.randombit.net/pipermail/cryptography/2010-December/000443.html
>
> Is MusntLive comment in comment /* style code */
>
> After reviewing the code. Here are my opinions:
>
> * Angelos Keromytis made huge contributions to OpenBSD by porting and
> enhancing the early IPsec implementation of John Ioannidis. He also
> contributed to the initial development of the OpenBSD crypto framework.
>
> * In what is perhaps the sincerest form of flattery, this code has also
> been incorporated into many other projects, some of which are closed
> source and some are not derived from BSD.
>
> /* This is mean that everyone is now have similar backdoor */
>
> * I didn't spot anything malicious or intentionally backdoored in the
> IPsec ESP implementation code that I looked at.
>
> /* This is mean that is pockets is must be greased */
>
> * There was a serious vulnerability in ESP-mode IPsec shipped in OpenBSD
> 3.0 and 3.1 and silently patched before 3.2.
>
> * Gregory Perry made allegations that were specific and testable enough
> that they merited a little investigation and a bug was found that could
> have made a very close match for his description. But upon closer
> inspection, this particular bug is extremely ordinary.
>
> /* This is mean that is normal backdoor, no overlap */
>
> * I primarily reviewed a small set of source files specific to ESP,
> these only partially overlapped those of the developer Perry accused by
> name (Jason Wright). Nevertheless, any credence which might have been
> given to Perry's claims as a result of this bug should be reverted to
> zero (or less).
>
> /* Is only small set review then is analysis worthless */
>
> * This bug doesn't sufficiently meet the criteria for a malicious backdoor:
>
> - The bug does not leak key material or establish a covert channel, it
> would require an active attack to exploit and even then would probably
> need to be used in connection with some other defect in order to result
> in meaningful unauthorized access. Yeah sorta it maybe could be used as
> part of that, but not really its own.
>
> /* Is because no one would use salami attack. Is you has to ask about
> salami you is no hacker */
>
> - The bug is not hidden. There is nothing to suggest any attempt at
> misdirection or obfuscation.
>
> /* Is because hiding is in plain sight is never used */
>
> - The bug is not particularly subtle or even hard-to-find.
>
> - Angelos is a recognized expert in low-level maliciousness. Surely he
> would have come up with something better.
>
> /* Of course is however, we is not speak of Angelos, we is speak
> of Jason Wright */
>
> - The bug has a far simpler explanation (more on that later)
>
> /* Fat finger is reason */
>
> * There is little or nothing to suggest that Angelos was influenced by
> money from NETSEC. To the contrary, judging by publications, Angelos
> clearly had a plethora of research projects on his plate at the time he
> moved on from OpenBSD in July of 2002 (shortly before the bug was patched).
>
> /* Is because money is never is motivator for anyone */
>
> * When Angelos moved on, the IPsec and associated crypto code were
> adopted by Jason and other OpenBSD developers. But the transition
> appears to have left some code changes in an unfinished state. For
> example, the inverted conditional at the core of this problem looks like
> it was introduced as part of an architectural enhancement to support
> IPsec-enabled network cards which performed decryption and
> authentication of the incoming packets right on the NIC itself. However,
> no drivers of this type appeared in the source tree, so the new logic
> probably went untested. The apparent work-in-progress code silently
> became part of the 3.0 and subsequent release branches.
>
> /* Is hurt my eye is to read this paragraph */
>
> * OpenBSD did not live up to their stated principle of full disclosure.
> They should have issued an advisory for this.
> http://openbsd.org/security.html
>
> /* OpenBSD is not live up to come clean */
>
> * OpenBSD's security auditing processes did not catch this bug, either
> when it was introduced or in any subsequent review. In a follow-up email
> to the CVS commit, Jason indicates that the fix was supplied by BSD guru
> Sam Leffler, who was working on an optimized IPsec implementation for
> FreeBSD about that time.
>
> /* Is first sentence speak for itself: "OpenBSD's security auditing
> processes did not catch this bug" is because Theo is not care */
>
> * Code coverage testing would have had a good chance of catching this.
>
> /* Theo is not care and is try to convey security sensationalism:
> I am is Theo hear me roar else is I will covertly enter is your
> OpenBSD install and roar is own my own */
>
> /* Is rest edited to make Ray Marsh STFU */
>
> * Where there have been bugs found, there are likely more bugs.
>
> ----------------------------------------------------------------------------
>
> AFFECTED SYSTEMS
>
> This vulnerability now affects all versions of BSD which is share code
> with team Theo
>
> ----------------------------------------------------------------------------
>
> RESOLUTION
>
> Use BeOS and Free Dmitry!!
>
> ----------------------------------------------------------------------------
>
>
> 'I am epic win' Gregor
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists