--On December 15, 2010 10:55:39 AM -0800 bk <[email protected]> wrote:
> > On Dec 15, 2010, at 10:32 AM, Paul Schmehl wrote: > >> --On December 14, 2010 8:40:14 PM -0500 [email protected] wrote: >>> >>> http://www.downspout.org/?q=node/3 >>> >>> Seems IPSEC might have a back door written into it by the FBI? >>> >> >> So for 10 years IPSEC has had a backdoor in it and not one person >> examining the code has noticed it? <snip> >> >> Read The Cathedral and The Bazaar. >> >> -- >> Paul Schmehl, Senior Infosec Analyst > > I call bullshit on all the people claiming this couldn't possibly have > existed because "anyone can read the source." How many of you understand > crypto. OK, now how many of you _actually_ understand crypto? And of > those, how many look at *BSD? > > There have been plenty of recent examples of Open Source projects that > have had undetected security flaws for multiple years. It's not > difficult to believe a relatively uncommon OS could have a subtle > weakness in a difficult-to-understand part of the code. > > In this particular case, it looks to be total FUD by some lunatic with an > axe to grind, but we shouldn't be so arrogant to assume that such a flaw > _could not_ exist. > > BTW I actually use OpenBSD on many of my systems and I happen to think > it's a very simple and practical OS, but I'm not blind to potential > problems. > Reading comprehension problems? I said it was not likely. I did not say it was not possible. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
