On Dec 21, 2010, at 10:39 AM, János Löbb wrote: > Folks, > > If you have time read this: > > http://blogs.techrepublic.com.com/security/?p=4857&tag=nl.e101 > > According to the OSX License it also contains code from OpenBSD. Does it > mean that OSX also has some problem ?
First I know that OS X contains quite a bit of code from FreeBSD, but wasn't aware that it contains code from OpenBSD, they are different, but it is possible. OS X contains code from lots of sources and FOSS projects. So do most other unices and linuxes. Second, these are unproven allegations, and those allegedly involved have denied that this occurred or is true. It's also interesting that no other parties that have reviewed the code found such back-doors as part of their reviews, but I suppose that just means that there's a "large conspiracy", So this is all rumor at this point and I'm sure that many will be reviewing the OpenBSD IPSEC stack. All of this makes for good press hype, but so far not much more. Thirdly, there is no "problem", that is everything works, nothing is broken, even if these rumors are true. IPSEC does function. Fourth, if we are to believe these claims should we not suspect that those evil FBI dweebs (who interestingly enough don't normally involve themselves in these sorts of matters, that would more likely fall to the NSA) might not have insisted on the same sorts of backdoors in other OSen, especially closed source systems? My ghods, OS X is closed source and might be riddled with backdoors for the Feds, heck there's one crawling along my Ethernet cable as I speak! We'd never know if close systems have such backdoors for the feds as there's no way for anyone to ever tell. So pump up the FUD. [Fear. Uncertainty. Doubt.] All of this supposed backdoor cruft involves IPSEC, the part of the network stack responsible for creating secure IP6 connections and VPN tunnels. If you're not using IPSEC or L2TP VPN tunnels then even if this exists in OpenBSD and you're using OpenBSD you're not effected. OS X's IPSEC and network stack was based on racoon[sic] and KAME but has undergone much alteration. You'd have thought that someone would have noticed backdoors if they were in that code while porting it. (Of course maybe the Feds got to them too.) While KAME is also used as a basis for OpenBSD, it's alleged that this backdoor injection occurred when the network stack was implemented for OpenBSD. That would suggest, should we believe the speculative allegations, that this effects just OpenBSD. Of course their could be huge worldwide conspiracy with OpenBSD being just the tip of the iceberg, you may choose to believe that the Feds are over the shoulders of coders all over the world. So take the advice of the 2010 security expert Antoine Dodson and "you need to hide your kids, hide your wife, and hide your husbands 'cause their raping everybody." http://www.youtube.com/watch?v=uzKtPezPsqE Sort answer is: Probably not. Even if so, it effects IPSEC only. But who can you trust. I might be working for the Feds too. -d ------------------------------------------------------------------------ Dan Shoop [email protected] GoogleVoice: 1-646-402-5293 aim: iWiring twitter: @colonelmode _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
