Re: [Full-disclosure] RHEL Linux Kernel Exploit

[PsychoBilly]

http://28.media.tumblr.com/tumblr_l4sobiXxwf1qza4ndo1_400.jpg

[[   rancor   ]] @ [[   15/12/2010 20:44   
]]--
 -g musnt live is a parody of must live... humor this =)
 
 // rancor
 
 2010/12/15 Greg Whynott gwhyn...@gmail.com mailto:gwhyn...@gmail.com
 
 funny... 
 1. you were root when you ran the code!  epic elite.
 2. he said red hat  NOT redhat based.   Redhat has no control over what 
 others do to redhat based efforts.
 you need more coffee!  8)
 
 -g
 
 
 
 
 musnt live spewed:
 
 [musntl...@pizda ~]# awk '/rel/' /etc/issue
 Scientific Linux SL release 5.5 (Boron)
 [musntl...@pizda ~]# uname -a
 Linux allotropos 2.6.18-194.3.1.el5 #1 SMP Fri May 7 01:52:57 EDT 2010
 i686 athlon i386 GNU/Linux
 [musntl...@pizda ~]# md5sum fullnullson.c
 b16e2a647bc8de1f72f25ab29aa916da  fullnullson.c
 [musntl...@pizda ~]# gcc -o hakaruski fullnullson.c  ./hakaruski
 [*] Failed to open file descriptors.
 [musntl...@pizda ~]# id
 uid=0(root) gid=0(root)
 
 groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),1337(hakaruskis)
 [musntl...@pizda ~]# whoami
 musntlive
 
 Is this exploit work and is my Linux is RedHat based. Thank you Dan
 and Ryan Seacrest!
 
 
 
 -- 
 --
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 
 
 
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OpenBSD IPSEC has backdoor

[John Bond]

 This is not make sense. Is you say: Theo is will never allow backdoor,
 he is responsible, then is you say
No one said this.  If someone is determined and bright enough then it
is possible they could place a vulnerability in the code.  one can
only audit for vulnerabilities they know about

 The code is audited and for all
 you know any back door which was placed in this code has been found
 and fixed. then is why there is never mention from OpenBSD long time
 ago: Is we find backdoor code in audit and fix is that to me would
 be responsible. Is you cannot have your sarmale and eat it too.
What are you talking about???  the allegation here is that this
happened 10 years ago.  Do you really believe that no security issues
or errors, which could later be identified as security issues, have
been fixed in that time.  Don't be stupid, the fact that these issues
where most likely identified as human error as opposed to malicious
intent is because this is an open source project built on trust


 Something wrong with this is picture. If is this Theo responsible like
 you is say, and he is find backdoor long ago, because he is
 responsible, he should have is said long time ago
As i have tried to make clear above.  I said that this alleged issue
could have been fixed, that does not infer that it was identified as a
backdoor.

I am not an OpenBSD developer so please read the following which puts
across the point i am trying to make much more elegantly
http://marc.info/?l=openbsd-techm=129237675106730w=2

It should be mentioned that at this point this is still just an
accusation and one that is becoming more and more uncredible[1][2]



[1]http://blog.scottlowe.org/2010/12/14/allegations-regarding-fbi-involvement-with-openbsd/
[2]http://marc.info/?l=openbsd-techm=129244045916861w=2

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Making Security Suck Less

[Pete Herzog]

Hi,

Now not everything about the old security model is bad. Personally, I 
really like the Zen feel of it. It's like raking the fine, white, 
beach sand into those concentric lines and around rocks and dead fish 
and stuff. It's very Zen. Then as the tide rises, the wind blows, and 
Frisbees get badly thrown you have to do it all over again in a very 
Zen way like this: Install. Harden. Configure. Patch. Scan. Patch 
again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. 
Configure. And then you do it all over again! With so much Zen 
practice it's hard not to become a Master of the security repeat 
cycle. But you know what else is Zen? NOT doing that. It's less 
stressful to maintain an existing balance between operations, 
limitations, and controls then running around and putting out fires.

This is from my new article called, Making Security Suck Less you 
can read finished at:

https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html

There's some more, new articles reviewing the OSSTMM and the new 
security model at InfoSec Island here:

https://www.infosecisland.com/osstmm.html

Sincerely,
-pete.

-- 
Pete Herzog - Managing Director - p...@isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Making Security Suck Less

[Christian Sciberras]

I might be lead by the leash on your little rant here, but let me say one
thing...

Half of the enthusiasm I had for your post evoparated after;

How many of you have ever had a virus, scareware, cracks, hacks, or
spontaneous reboots even though you've got your wares updated and patches
installed? Many of you are keeping your hands up.

Enthusiasm simply got replaced with some doubts after reading...

Why did so many buy into the crap about There's no such thing as perfect
security. and Security is a process.? Why?

An unused harddisk under several meters of concrete is perfectly vulnerable
to all kinds of attacks.
Let alone servers which are supposed to be running 24/7.

I'm sorry, but your rant is unrealistic. The next best approach to
patch-test-release would be not releasing anything at all.


Just my 2cents-worth.

Chris.








On Thu, Dec 16, 2010 at 8:46 AM, Pete Herzog li...@isecom.org wrote:

 Hi,

 Now not everything about the old security model is bad. Personally, I
 really like the Zen feel of it. It's like raking the fine, white,
 beach sand into those concentric lines and around rocks and dead fish
 and stuff. It's very Zen. Then as the tide rises, the wind blows, and
 Frisbees get badly thrown you have to do it all over again in a very
 Zen way like this: Install. Harden. Configure. Patch. Scan. Patch
 again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install.
 Configure. And then you do it all over again! With so much Zen
 practice it's hard not to become a Master of the security repeat
 cycle. But you know what else is Zen? NOT doing that. It's less
 stressful to maintain an existing balance between operations,
 limitations, and controls then running around and putting out fires.

 This is from my new article called, Making Security Suck Less you
 can read finished at:

 https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html

 There's some more, new articles reviewing the OSSTMM and the new
 security model at InfoSec Island here:

 https://www.infosecisland.com/osstmm.html

 Sincerely,
 -pete.

 --
 Pete Herzog - Managing Director - p...@isecom.org
 ISECOM - Institute for Security and Open Methodologies
 www.isecom.org - www.osstmm.org
 www.hackerhighschool.org - www.badpeopleproject.org

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[Abuse007]

Binaries can be (and are) analysed just like source code can. That's how a lot 
of bugs have been found in Windows for example.

A lot of open source software has bugs that have gone unnoticed for years. A 
backdoor can be in the form of an innocent looking programming error (which 
gives a plausible excuse and therefore deniability).

In my opinion it is possible to hide a back door in open source software. 
Whether it's probable is a different question.

Changing the s-boxes in DES (and therefore Triple DES as well) would break 
comparability with other implementations as it would no longer decrypt the same 
as a standard implementation.

Why purposely program a backdoor when there are already probably already a 
latent vulnerability in it already? Then there is no deniability concerns and 
no audit trail of the source code.

My 2 cents

On 16/12/2010, at 1:04 PM, mark seiden m...@seiden.com wrote:

 
 On Dec 15, 2010, at 5:23 PM, Graham Gower wrote:
 
 On 16 December 2010 09:50, Larry Seltzer la...@larryseltzer.com wrote:
 Has anyone read this yet?
 
 http://www.downspout.org/?q=node/3
 
 Seems IPSEC might have a back door written into it by the FBI?
 
 Surely the thing to do now is not to audit *your own* OpenBSD code, but to
 audit the OpenBSD code from about 8 years ago. If there's nothing there,
 then the claim is BS.
 
 LJS
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 
 
 Or get hold of the old version of OpenBSD used at EOUSA and compare it
 to the OpenBSD code from the same time.
 
 __
 
 why should anyone other than a us attorney or perhaps an asst us attorney 
 give a rat's ass
 what may have been going on in their govt issue vpn some years ago?
 
 but, as they prosecute federal crimes, if anyone committed a federal crime 
 within
 their office due to this they are certainly equipped to go after them.
 
 these guys have nothing to do with the fbi (they are familially one of the 
 fbi's little
 first cousins within justice dept) and also have nothing to do with the 
 openbsd 
 distribution.
 
 justice and fbi and darpa barely talk with each other about technology is my 
 very
 strong impression.
 
 this whole story makes very little sense to anyone who was at all acquainted 
 with this
 scene at the time.
 
 unless you control the compiler (see ken thompson's turing award lecture) 
 it's a 
 fanciful idea that you could successfully plant a backdoor in an open source 
 OS and 
 expect it to survive.  why even bother?
 
 (now, watering down the s boxes in single des, that might be feasible...)
 
 
 
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[Valdis . Kletnieks]

On Thu, 16 Dec 2010 23:26:25 +1100, Abuse007 said:

 Changing the s-boxes in DES (and therefore Triple DES as well) would break
 comparability with other implementations as it would no longer decrypt the 
 same
 as a standard implementation.

Not if you managed to tweak the s-boxes while DES was still being designed.

It's been known for years that while IBM was designing DES, they had some talks
with the NSA, and the rumor was that NSA convinced them to tweak the s-boxes to
allow a backdoor.  Recently, it was revealed that the NSA *did* give advice
about the S-boxes, but it was because the IBM guys had independently come up
with the concept of differential cryptanalysis, which the NSA knew about but
nobody else did at that time.  So NSA gave IBM some hints how to design the
s-boxes to harden it against differential cryptanalysis.

Or so they said. :)


pgpjeCoqoywTL.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[Larry Seltzer]

Interesting. Abuse007's observations make me think that maybe the
backdoor was a vulnerability that was patched sometime in the past. Time
to scan the CVE list for OpenBSD...

-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Abuse007
Sent: Thursday, December 16, 2010 7:26 AM
To: mark seiden
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

Binaries can be (and are) analysed just like source code can. That's how a
lot of bugs have been found in Windows for example.

A lot of open source software has bugs that have gone unnoticed for years.
A backdoor can be in the form of an innocent looking programming error
(which gives a plausible excuse and therefore deniability).

In my opinion it is possible to hide a back door in open source software.
Whether it's probable is a different question.

Changing the s-boxes in DES (and therefore Triple DES as well) would break
comparability with other implementations as it would no longer decrypt the
same as a standard implementation.

Why purposely program a backdoor when there are already probably already a
latent vulnerability in it already? Then there is no deniability concerns
and no audit trail of the source code.

My 2 cents

On 16/12/2010, at 1:04 PM, mark seiden m...@seiden.com wrote:


 On Dec 15, 2010, at 5:23 PM, Graham Gower wrote:

 On 16 December 2010 09:50, Larry Seltzer la...@larryseltzer.com
wrote:
 Has anyone read this yet?

 http://www.downspout.org/?q=node/3

 Seems IPSEC might have a back door written into it by the FBI?

 Surely the thing to do now is not to audit *your own* OpenBSD code,
but to
 audit the OpenBSD code from about 8 years ago. If there's nothing
there,
 then the claim is BS.

 LJS

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


 Or get hold of the old version of OpenBSD used at EOUSA and compare it
 to the OpenBSD code from the same time.

 __

 why should anyone other than a us attorney or perhaps an asst us
attorney give a rat's ass
 what may have been going on in their govt issue vpn some years ago?

 but, as they prosecute federal crimes, if anyone committed a federal
crime within
 their office due to this they are certainly equipped to go after them.

 these guys have nothing to do with the fbi (they are familially one of
the fbi's little
 first cousins within justice dept) and also have nothing to do with the
openbsd
 distribution.

 justice and fbi and darpa barely talk with each other about technology
is my very
 strong impression.

 this whole story makes very little sense to anyone who was at all
acquainted with this
 scene at the time.

 unless you control the compiler (see ken thompson's turing award
lecture) it's a
 fanciful idea that you could successfully plant a backdoor in an open
source OS and
 expect it to survive.  why even bother?

 (now, watering down the s boxes in single des, that might be
feasible...)




 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2010:256 ] git

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2010:256
 http://www.mandriva.com/security/
 ___

 Package : git
 Date: December 16, 2010
 Affected: 2010.0, 2010.1
 ___

 Problem Description:

 A vulnerability was discovered and corrected in git (gitweb):
 
 A cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and
 previous versions allows remote attackers to inject arbitrary web
 script or HTML code via f and fp variables (CVE-2010-3906).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3906
 ___

 Updated Packages:

 Mandriva Linux 2010.0:
 15c6c8e663e112968a98f67243d4165c  2010.0/i586/git-1.6.4.4-6.2mdv2010.0.i586.rpm
 ea519ed2c9e56e0594c0771107356732  
2010.0/i586/git-arch-1.6.4.4-6.2mdv2010.0.i586.rpm
 895446404fa0dfce5d19144671ed1d58  
2010.0/i586/git-core-1.6.4.4-6.2mdv2010.0.i586.rpm
 e1ab40047940ba28c6c0c9a5a68277ea  
2010.0/i586/git-core-oldies-1.6.4.4-6.2mdv2010.0.i586.rpm
 b5fca4236ba01fb8fc0d6e40dd74eeda  
2010.0/i586/git-cvs-1.6.4.4-6.2mdv2010.0.i586.rpm
 d6026b630526334ace8a9420b8cd1dc9  
2010.0/i586/git-email-1.6.4.4-6.2mdv2010.0.i586.rpm
 1d2ab4948d75bfb7af68bcd6de18a79e  
2010.0/i586/gitk-1.6.4.4-6.2mdv2010.0.i586.rpm
 e000cbff804e4bb6dced1dfd15678d98  
2010.0/i586/git-prompt-1.6.4.4-6.2mdv2010.0.i586.rpm
 fce22e0903d3dc13755d05ec1dcd7358  
2010.0/i586/git-svn-1.6.4.4-6.2mdv2010.0.i586.rpm
 2b9a48fb82d2521fce11d2eab51298b8  
2010.0/i586/gitview-1.6.4.4-6.2mdv2010.0.i586.rpm
 0e3f625e4b886577abce568a7db75da0  
2010.0/i586/gitweb-1.6.4.4-6.2mdv2010.0.i586.rpm
 fe80f6e5e4db38dec9b8334378dc0e14  
2010.0/i586/libgit-devel-1.6.4.4-6.2mdv2010.0.i586.rpm
 f2710d68e2c0290fa2b22000cef76a3f  
2010.0/i586/perl-Git-1.6.4.4-6.2mdv2010.0.i586.rpm 
 730c9b5525ac0e2da39f8ef32a1498cd  2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a3afd97e663cb90681d50139edce49c7  
2010.0/x86_64/git-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 12e76316c218b3d083d950d57a8194af  
2010.0/x86_64/git-arch-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 92675ada81afedbad206f9c680210bef  
2010.0/x86_64/git-core-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 9af754c3e680fd22802238f0cf583584  
2010.0/x86_64/git-core-oldies-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 4ee453fd305589d3c64ffbd164eea546  
2010.0/x86_64/git-cvs-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 d9325cbbec0fb01f00b90cc159f2af2c  
2010.0/x86_64/git-email-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 87be13e1d689c930b1af08c1ed3d904f  
2010.0/x86_64/gitk-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 3962c77c3076c3b549d59ab1d4788586  
2010.0/x86_64/git-prompt-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 508ce5a1e7532bf1241cce30248b1787  
2010.0/x86_64/git-svn-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 3f0ea846c90614d0cccb6fc5a5d0e133  
2010.0/x86_64/gitview-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 879caf7d5367b1cf6d09a0fb73c73e0d  
2010.0/x86_64/gitweb-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 f6d384b435e7f40a247e5c39cfc13bc5  
2010.0/x86_64/lib64git-devel-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 af291198629803300cf20d660eecb976  
2010.0/x86_64/perl-Git-1.6.4.4-6.2mdv2010.0.x86_64.rpm 
 730c9b5525ac0e2da39f8ef32a1498cd  2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 62eb011ee3b83954a7507ecca7b7a4ca  2010.1/i586/git-1.7.1-1.2mdv2010.1.i586.rpm
 1dab4de8f3ecb6707863b0175e96d29e  
2010.1/i586/git-arch-1.7.1-1.2mdv2010.1.i586.rpm
 e4441bda2654842a96a65d4ca3cf8015  
2010.1/i586/git-core-1.7.1-1.2mdv2010.1.i586.rpm
 491f4f4bbd1c1f02c6cf7f87b73a82c0  
2010.1/i586/git-core-oldies-1.7.1-1.2mdv2010.1.i586.rpm
 8533935734290a831f0f4214726eab0c  
2010.1/i586/git-cvs-1.7.1-1.2mdv2010.1.i586.rpm
 fb98b059578c98a512de02d4949571a6  
2010.1/i586/git-email-1.7.1-1.2mdv2010.1.i586.rpm
 cacb3c8b70b9e96084db260d1dda3d10  2010.1/i586/gitk-1.7.1-1.2mdv2010.1.i586.rpm
 3c7b76d7f637d53ba45554fbff24823b  
2010.1/i586/git-prompt-1.7.1-1.2mdv2010.1.i586.rpm
 0a304d8e50e7a9e57b69db4ab74af45c  
2010.1/i586/git-svn-1.7.1-1.2mdv2010.1.i586.rpm
 9eb13c3489600816342700b7b2b32c96  
2010.1/i586/gitview-1.7.1-1.2mdv2010.1.i586.rpm
 3f1df41a0701012b68652d956a631bed  
2010.1/i586/gitweb-1.7.1-1.2mdv2010.1.i586.rpm
 1bc26d6014ac921ef984bb24f7f6e3fc  
2010.1/i586/libgit-devel-1.7.1-1.2mdv2010.1.i586.rpm
 fe5ad73829671056af9e74cf93447a51  
2010.1/i586/perl-Git-1.7.1-1.2mdv2010.1.i586.rpm
 117bb2fbc9c76897eab3a259710a7dda  
2010.1/i586/python-git-1.7.1-1.2mdv2010.1.i586.rpm 
 0768add7131acc7c4534b0004bf6ad25  2010.1/SRPMS/git-1.7.1-1.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 998a1b44740e7e9e60028fd729274fd2  
2010.1/x86_64/git-1.7.1-1.2mdv2010.1.x86_64.rpm
 

Re: [Full-disclosure] Making Security Suck Less

[Paul Schmehl]

--On December 16, 2010 12:06:03 PM +0100 Christian Sciberras 
uuf6...@gmail.com wrote:

 I'm sorry, but your rant is unrealistic. The next best approach to
 patch-test-release would be not releasing anything at all.


Which, come to think of it, is a release cycle that certain software 
vendors should consider.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] PR10-06: Cross-domain redirect on PGP Universal Web Messenger

[research]

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-06


PR10-06 Cross-domain redirect on PGP Universal Web Messenger
Advisory publicly released: Thursday, 16 December 2010
Vulnerability found: Wednesday, 10 February 2010
Vendor informed: Wednesday, 10 February 2010
Vulnerability fixed: Tuesday, 14 December 2010
Severity level: Medium/High
Credits
Jan Fry of ProCheckUp Ltd (www.procheckup.com).
Description
A remote URI redirection vulnerability affects the PGP Universal Web
Messenger. This issue is due to a failure of the application to properly
sanitize URI-supplied data assigned to the 'retryURL' parameter.

An attacker may leverage this issue to carry out convincing phishing
attacks against unsuspecting users by causing an arbitrary page to be
loaded once a PGP Universal Web Messenger specially-crafted URL is visited.

Vulnerable server-side script: '/b/lnj.e?'

Unfiltered parameter: 'retryURL'
Proof of concept
Example of specially-crafted URL:

https://target-domain.foo/b/lnj.e?retryURL=//www.procheckup.com

Consequences:

Victim users can be redirected to third-party sites for the purpose of
exploiting browser vulnerabilities or performing phishing attacks.
How to fix
The vendor has stated that this issue was addressed in the PGP Universal
Web Messenger.
References


Legal
Copyright 2010 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community
for the purpose of alerting them to problems, if and only if, the
Bulletin is not edited
or changed in any way, is attributed to Procheckup, and provided such
reproduction and/or
distribution is performed for non-commercial purposes.


Any other use of this information is prohibited. Procheckup is not
liable for any misuse of this information by any third party.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] An idea of leaking alternative to wikileaks

[Georgi Guninski]

On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote:
 
 Just because someone got busted and found a number of lunatics in providing
 mirrors doesn't mean there's a whole industry. If anything, there must be
 some

when we reach billions of lunatics YOU will be called a lunatic :)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ZDI-10-292: Hewlett-Packard Power Manager Administration Web Server Remote Code Execution Vulnerability

[ZDI Disclosures]

ZDI-10-292: Hewlett-Packard Power Manager Administration Web Server Remote Code 
Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-10-292

December 16, 2010

-- CVE ID:
CVE-2010-4113

-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

-- Affected Vendors:
Hewlett-Packard

-- Affected Products:
Hewlett-Packard Power Manager

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8314.
For further product information on the TippingPoint IPS, visit:

http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Hewlett-Packard Power Manager.
Authentication is not required to exploit this vulnerability.

The specific flaw exists in the handling of URL parameters when posting
to the login form of the web based management web server. Proper bounds
checking is not applied when parsing the Login variable which can result
in an exploitable stack overflow. Successful exploitation can lead to
complete system compromise under the SYSTEM credentials.

-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:

http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02239581

-- Disclosure Timeline:
2010-06-03 - Vulnerability reported to vendor
2010-12-16 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
* Tenable Network Security
* Andrea Micalizzi aka rgod
* SilentSignal
* Anonymous
* Anonymous
* Anonymous
* Anonymous

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

Follow the ZDI on Twitter:

http://twitter.com/thezdi


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] www.eVuln.com : error Non-persistent XSS in slickMsg

[Aliaksandr Hartsuyeu]

www.eVuln.com advisory:
error - Non-persistent XSS in slickMsg
Summary: http://evuln.com/vulns/163/summary.html 
Details: http://evuln.com/vulns/163/description.html 

---Summary---
eVuln ID: EV0163
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

Description
It is possible to inject xss code into error parameter in
views/Site/error.php script.
Parameter error is not properly sanitized before being used in HTML
code.
Condition: register_globals: on

PoC/Exploit
PoC code is available at:
http://evuln.com/vulns/163/exploit.html 

-Solution--
Not available

--Credit---
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/code-analysis.html - source code review service


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[Dave Nett]

I can tell you that it is not only possible, but done.
OpenBSD is not the only affected OS. Linux also does contain vulnerabilities, 
as well as virtually all OS we know - as this is why there are allowed and why 
we can actually use them.

--- On Thu, 12/16/10, Abuse007 abuse...@gmail.com wrote:

From: Abuse007 abuse...@gmail.com
Subject: Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
To: mark seiden m...@seiden.com
Cc: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk
Date: Thursday, December 16, 2010, 12:26 PM

Binaries can be (and are) analysed just like source code can. That's how a lot 
of bugs have been found in Windows for example.

A lot of open source software has bugs that have gone unnoticed for years. A 
backdoor can be in the form of an innocent looking programming error (which 
gives a plausible excuse and therefore deniability).

In my opinion it is possible to hide a back door in open source software. 
Whether it's probable is a different question.

Changing the s-boxes in DES (and therefore Triple DES as well) would break 
comparability with other implementations as it would no longer decrypt the same 
as a standard implementation.

Why purposely program a backdoor when there are already probably already a 
latent vulnerability in it already? Then there is no deniability concerns and 
no audit trail of the source code.

My 2 cents

On 16/12/2010, at 1:04 PM, mark seiden m...@seiden.com wrote:

 
 On Dec 15, 2010, at 5:23 PM, Graham Gower wrote:
 
 On 16 December 2010 09:50, Larry Seltzer la...@larryseltzer.com wrote:
 Has anyone read this yet?
 
 http://www.downspout.org/?q=node/3
 
 Seems IPSEC might have a back door written into it by the FBI?
 
 Surely the thing to do now is not to audit *your own* OpenBSD code, but to
 audit the OpenBSD code from about 8 years ago. If there's nothing there,
 then the claim is BS.
 
 LJS
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 
 
 Or get hold of the old version of OpenBSD used at EOUSA and compare it
 to the OpenBSD code from the same time.
 
 __
 
 why should anyone other than a us attorney or perhaps an asst us attorney 
 give a rat's ass
 what may have been going on in their govt issue vpn some years ago?
 
 but, as they prosecute federal crimes, if anyone committed a federal crime 
 within
 their office due to this they are certainly equipped to go after them.
 
 these guys have nothing to do with the fbi (they are familially one of the 
 fbi's little
 first cousins within justice dept) and also have nothing to do with the 
 openbsd 
 distribution.
 
 justice and fbi and darpa barely talk with each other about technology is my 
 very
 strong impression.
 
 this whole story makes very little sense to anyone who was at all acquainted 
 with this
 scene at the time.
 
 unless you control the compiler (see ken thompson's turing award lecture) 
 it's a 
 fanciful idea that you could successfully plant a backdoor in an open source 
 OS and 
 expect it to survive.  why even bother?
 
 (now, watering down the s boxes in single des, that might be feasible...)
 
 
 
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



  ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[malfy]

On Thu, Dec 16, 2010 at 08:45:13AM -0500, valdis.kletni...@vt.edu wrote:
 On Thu, 16 Dec 2010 23:26:25 +1100, Abuse007 said:
 
  Changing the s-boxes in DES (and therefore Triple DES as well) would break
  comparability with other implementations as it would no longer decrypt the 
  same
  as a standard implementation.
 
 Not if you managed to tweak the s-boxes while DES was still being designed.
 
 It's been known for years that while IBM was designing DES, they had some 
 talks
 with the NSA, and the rumor was that NSA convinced them to tweak the s-boxes 
 to
 allow a backdoor.  Recently, it was revealed that the NSA *did* give advice
 about the S-boxes, but it was because the IBM guys had independently come up
 with the concept of differential cryptanalysis, which the NSA knew about but
 nobody else did at that time.  So NSA gave IBM some hints how to design the
 s-boxes to harden it against differential cryptanalysis.
 
 Or so they said. :)

There are no cryptographic S-Box backdoors in AES, I haven't verified
this myself, it's on the agenda, but there have been many comb searches
through the DES algorithm.

~malfy

-- 
Wisdom begins in wonder
-Socrates
I don't read unencrypted mail
PGP Key: C9E86E81

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[Paul Schmehl]

There are several problems with this story that seem to have been 
overlooked.

First, if someone was able to alter the crypto source code 10 years ago, 
you have to assume that in the following 10 years not one person reviewing 
or editing that code would have noticed a thing.  So, the person who did 
the altering has to be smarter than every other crypto guy who worked on 
the code.  Smart enough that nobody would even notice what he did and smart 
enough that nothing would be noticed operationally.  Not one entity, with 
all the security personnel those entities employed, would have ever noticed 
or even inadvertently stumbled across any traffic going to an unexpected 
place.

Second, no one editing the crypto code after the alteration would have ever 
made a single change to the code that would affect the alteration in an 
adverse way, either rendering it inoperable or causing it to generate 
traffic that would be unexpected and noticed by watchful eyes.

Now we're talking a genius on the level of Einstein, at least.  Of all the 
code in use, crypto is probably the most scrutinized and is scrutinized by 
the smartest guys.  All of whom were apparently too dumb to notice 
*anything* unusual in the code at all, if this story is to be believed. 
And he was able to alter it in a way that made it completely resistant to 
any future changes in the code.

Finally, the guy who sent Theo the email obviously lied, or else there's a 
third Scott Lowe that hasn't yet been unearthed.

It's impossible to prove a negative.  So, if you want to hurt or get back 
at Theo for some reason, the easiest way to do it is claim there's a 
supersekrit backdoor in the code that no one has noticed for ten years. 
Now Theo gets to go on a wild goose chase that has no resolution, because 
you cannot prove there is no backdoor.  The best you can do is claim to 
have thoroughly audited the code and not found one.

Conspiracy theorists thrive on claims that can never be disproven.  A 
hundred years from now, people will still be whispering that there's a 
backdoor in the crypto supplied by OpenBSD.  Just like they claim that 
Oswald didn't act alone and the government blew up the twin towers.  Common 
sense and the preponderance of the evidence tell you otherwise, but all 
that is ignored in favor of the grand theory that big brother is watching.

Rational people don't fall for this stuff.

Should the code be audited?  Of course!  Auditing is always useful and 
often productive.  Should we assume the worst?  Not without better evidence 
than what we have before us now.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor

[musnt live]

OpenBSD is Backdoor facts

1) Is we look to monkey.org posting, we is see Theo make is change to
CVS for this portion of code is work on by Jason (name is mentioned by
Perry)

2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6,
musn't live theorize 2.6

* 2.6: December 1, 1999 -
* Based on the original SSH suite and developed further by the OpenBSD
team, 2.6 saw the first release of OpenSSH, which is now available
standard on most Unix-like operating systems and is the most widely
used SSH suite.

http://en.wikipedia.org/wiki/Timeline_of_OpenBSD

3) Is Theo not deny there is no backdoor, only say he is unaware
(musn't live is unaware of exact time right now, is know time exist!)
   a) Theo and OpenBSD not audit anything (trusting trust)
   b) pre-emptive is wasn't me from Theo in event truth comes later
Hey I is Theo I do right thing and strike err.. Disclose first! I not
know!
   c) all of is the above

4) While is everyone claim Perry прил, is no one else outside of Jason
on OpenBSD is say: Perry is lying even former developers is stay
quiet to protect the DARPA/FBI innocent

5) Is possible at people by mentioned in named by Perry, go to Canada
to hack code and plant is backdoor

6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is
controlled by those is accused, quick move and we is have: See is no
backdoor in this backdoor!

7) OpenBSD is the most secure backdoored on the planet

8) Is need slogan change: Only two remote holes in the default
install, in a heck of a long time! (Is besides backdoor!!!)

9) We is all peons to Theo and we is cannot figure out truth as we is
brains are so too small

10) Claims surpass is Microsoft NSA theory

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-1033-1] Eucalyptus vulnerability

[Kees Cook]

===
Ubuntu Security Notice USN-1033-1 December 16, 2010
eucalyptus vulnerability
CVE-2010-3905
===

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  eucalyptus-java-common  2.0+bzr1241-0ubuntu4.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Eucalyptus did not verify password resets from
the Admin UI correctly. An unauthenticated remote attacker could issue
password reset requests to gain admin privileges in the Eucalyptus
environment.


Updated packages for Ubuntu 10.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus_2.0+bzr1241-0ubuntu4.1.debian.tar.gz
  Size/MD5:  1089703 f069164d6b2ca21b88576a3ca0b9c2c4

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus_2.0+bzr1241-0ubuntu4.1.dsc
  Size/MD5: 3130 cc4ffed69d917b9b79a1e55ce4e4cce5

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus_2.0+bzr1241.orig.tar.gz
  Size/MD5:  1125937 53aa41e05e82eb21b9c22986b908bb90

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-cc_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5:   521416 38de80370f3ee94f76830c29595d2fde

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-cloud_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5:   297032 859b7a1d592ef6bfb0d0e336ac4df096

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-common_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5:   442732 ecf1716a8c5550632769e93faf6c653d

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-gl_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5:58358 924adeb96eae67118ea48ce66ccdd1de

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-java-common_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5:  5823190 9e2d42104ae6d4e99b73b9af3767b3ed

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-nc_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5:   295222 b2a2b8e919da3190fd7fc6b62eee3fd0

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-sc_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5:83592 24f5a556f6efe3370c65fdbc9fcfad9b

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-udeb_2.0+bzr1241-0ubuntu4.1_amd64.udeb
  Size/MD5:11386 ad7098126c99e9cf6b01be308fd15558

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-walrus_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5:95918 554c4d2a8a54c96ffb2f6df06150a771

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/uec-component-listener_2.0+bzr1241-0ubuntu4.1_amd64.deb
  Size/MD5: 9840 12f99f596ecb7663227fa252d6f98ed8

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-cc_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5:   456010 d3d65bdc406ffc849229db07fc932ed8

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-cloud_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5:   296976 c897fe371e8cf30ce2ebfaa370a4ee2f

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-common_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5:   380950 9ffa8290b6a8c0170a8469cdbfb9e4aa

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-gl_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5:51464 95f8361795cd1a1f7371ed32b6c85bb9

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-java-common_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5:  5824096 3dac8ecf2fd4e1d1a3c4334678f8e827

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-nc_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5:   257456 fce08ca26921c9fdac1cb0191b2c03b8

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-sc_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5:83366 7cdad21c04f47a85fbba9549b4c5af91

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-udeb_2.0+bzr1241-0ubuntu4.1_i386.udeb
  Size/MD5:10788 717ac6e2fa4cb9cff22a2e9438cfe304

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/eucalyptus-walrus_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5:95682 7af42d18b09a7d9793d916588919b0ce

http://security.ubuntu.com/ubuntu/pool/main/e/eucalyptus/uec-component-listener_2.0+bzr1241-0ubuntu4.1_i386.deb
  Size/MD5: 9068 74a75f5e3609cf0d99b749e464c0fcd3

  powerpc architecture (Apple Macintosh G3/G4/G5):

[Full-disclosure] New penetration testing tool for free

[runlvl]

We are happy to announce the release of Insect Pro 1.0 a free tool for doing
penetration test.

Insect Pro examines potentially vulnerable services, exposes points where an
attacker could breach the network, and exploits the vulnerability to prove
its existence without a doubt.

Get it while its hot from:
http://www.insecurityresearch.com

Weekly exploit updates will be distributed by email, stay tunned!

This is the first release thus we would be glad to have  your feedback!

Regards from Argentina!

Juan Sacco
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] An idea of leaking alternative to wikileaks

[Christian Sciberras]

Ahh, where was my head?!!


Replace lunatic with sheep.

:)





On Thu, Dec 16, 2010 at 6:56 PM, Georgi Guninski gunin...@guninski.comwrote:

 On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote:
 
  Just because someone got busted and found a number of lunatics in
 providing
  mirrors doesn't mean there's a whole industry. If anything, there must be
  some

 when we reach billions of lunatics YOU will be called a lunatic :)


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Why OpenBSD is can be backdoored and no one is see comeing

[musnt live]

 Schmel is say
 There are several problems with this story that seem to have been
 overlooked.

 First, if someone was able to alter the crypto source code 10 years ago,
 you have to assume that in the following 10 years not one person reviewing
 or editing that code would have noticed a thing.  So, the person who did
 the altering has to be smarter than every other crypto guy who worked on
 the code.  Smart enough that nobody would even notice what he did and smart
 enough that nothing would be noticed operationally.  Not one entity, with
 all the security personnel those entities employed, would have ever noticed
 or even inadvertently stumbled across any traffic going to an unexpected
 place.


Schmehl is cuckoo. Is truth be is that, is someone in US government is
make crypto beforehand and is give to the accused, backdoor is
pre-programmed and is could be created by is same people who is create
Magic Lantern, DCS1000, etc., is could include NSA.


 Second, no one editing the crypto code after the alteration would have ever
 made a single change to the code that would affect the alteration in an
 adverse way, either rendering it inoperable or causing it to generate
 traffic that would be unexpected and noticed by watchful eyes.


Schmehl is smelly. Is not know about covert ICMP fragments that is can
be reassembled. Is data parsed out of encryption, data too can be
inserted into ICMP covert tunnel in fragment to say Google and is
sniffer can see traffic. Person watching see ICMP to Google and say
all is goodski


 Now we're talking a genius on the level of Einstein, at least.  Of all the
 code in use, crypto is probably the most scrutinized and is scrutinized by
 the smartest guys.  All of whom were apparently too dumb to notice
 *anything* unusual in the code at all, if this story is to be believed.
 And he was able to alter it in a way that made it completely resistant to
 any future changes in the code.


Is you overlook is fact, coders at NSA could give someone pre-programmed code


 Finally, the guy who sent Theo the email obviously lied, or else there's a
 third Scott Lowe that hasn't yet been unearthed.


Is how you know he lie? You is speculate


 It's impossible to prove a negative.  So, if you want to hurt or get back
 at Theo for some reason, the easiest way to do it is claim there's a
 supersekrit backdoor in the code that no one has noticed for ten years.
 Now Theo gets to go on a wild goose chase that has no resolution, because
 you cannot prove there is no backdoor.  The best you can do is claim to
 have thoroughly audited the code and not found one.


Terrorist demand US soldiers go home
Liberals demand US soldiers go home

Is Liberal terrorist?

Men still have to be governed by deception. Georg C. Lichtenberg

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor

[Christian Sciberras]

HAHAHAHAHAH!!

GOD so are funny you!11




2010/12/16 musnt live musntl...@gmail.com

 OpenBSD is Backdoor facts

 1) Is we look to monkey.org posting, we is see Theo make is change to
 CVS for this portion of code is work on by Jason (name is mentioned by
 Perry)

 2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6,
 musn't live theorize 2.6

 * 2.6: December 1, 1999 -
 * Based on the original SSH suite and developed further by the OpenBSD
 team, 2.6 saw the first release of OpenSSH, which is now available
 standard on most Unix-like operating systems and is the most widely
 used SSH suite.

 http://en.wikipedia.org/wiki/Timeline_of_OpenBSD

 3) Is Theo not deny there is no backdoor, only say he is unaware
 (musn't live is unaware of exact time right now, is know time exist!)
   a) Theo and OpenBSD not audit anything (trusting trust)
   b) pre-emptive is wasn't me from Theo in event truth comes later
 Hey I is Theo I do right thing and strike err.. Disclose first! I not
 know!
   c) all of is the above

 4) While is everyone claim Perry прил, is no one else outside of Jason
 on OpenBSD is say: Perry is lying even former developers is stay
 quiet to protect the DARPA/FBI innocent

 5) Is possible at people by mentioned in named by Perry, go to Canada
 to hack code and plant is backdoor

 6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is
 controlled by those is accused, quick move and we is have: See is no
 backdoor in this backdoor!

 7) OpenBSD is the most secure backdoored on the planet

 8) Is need slogan change: Only two remote holes in the default
 install, in a heck of a long time! (Is besides backdoor!!!)

 9) We is all peons to Theo and we is cannot figure out truth as we is
 brains are so too small

 10) Claims surpass is Microsoft NSA theory

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Why OpenBSD is can be backdoored and no one is see comeing

[Paul Schmehl]

--On December 16, 2010 4:04:27 PM -0500 musnt live musntl...@gmail.com 
wrote:

 Schmehl is cuckoo. Is truth be is that, is someone in US government is
 make crypto beforehand and is give to the accused, backdoor is
 pre-programmed and is could be created by is same people who is create
 Magic Lantern, DCS1000, etc., is could include NSA.


Is pigs could fly, is musnt live is intelligent.


 Schmehl is smelly. Is not know about covert ICMP fragments that is can
 be reassembled. Is data parsed out of encryption, data too can be
 inserted into ICMP covert tunnel in fragment to say Google and is
 sniffer can see traffic. Person watching see ICMP to Google and say
 all is goodski


Ooohhh, who in their right mind would look for things like covert channels 
in ICMP?  I is never was thought is that.  Thanks is so much for is you 
educate me.

Is it time for your pills now?


 Terrorist demand US soldiers go home
 Liberals demand US soldiers go home

 Is Liberal terrorist?


Is this rhetorical?

 Men still have to be governed by deception. Georg C. Lichtenberg


Ah, well, if Lichtenberg said it, is must be truth.  Who is was we to 
question Lickingberg

Is your mind gone?  Or merely on the road?

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[John Horn]

Don't forget that the Apollo program was filmed on a sound stage... 

On a more serious note, every point you've made is valid. 
Anyone who's ever met Theo would be hard put to believe such a claim anyway. 




--
John Horn
City of Tucson, IT Department
Network Services (Network security)
Phone: (520) 837-6036
--
CONFIDENTIALITY NOTICE: If you have received this email in error, please 
immediately notify
the sender by e-mail at the address shown.  This email transmission may contain 
confidential information. 
This information is intended only for the use of the individual(s) or entity to 
whom it is intended even if addressed incorrectly.  
Please delete it from your files if you are not the intended recipient.  Thank 
you for your compliance, time and attention to this matter.






 On Thu, Dec 16, 2010 at  1:50 PM, in message 
 426e9c71c99e6db13e125...@utd71538.local, Paul Schmehl 
 pschmehl_li...@tx.rr.com wrote:

There are several problems with this story that seem to have been
overlooked.

First, if someone was able to alter the crypto source code 10 years ago,
you have to assume that in the following 10 years not one person reviewing
or editing that code would have noticed a thing.  So, the person who did
the altering has to be smarter than every other crypto guy who worked on
the code.  Smart enough that nobody would even notice what he did and smart
enough that nothing would be noticed operationally.  Not one entity, with
all the security personnel those entities employed, would have ever noticed
or even inadvertently stumbled across any traffic going to an unexpected
place.

Second, no one editing the crypto code after the alteration would have ever
made a single change to the code that would affect the alteration in an
adverse way, either rendering it inoperable or causing it to generate
traffic that would be unexpected and noticed by watchful eyes.

Now we're talking a genius on the level of Einstein, at least.  Of all the
code in use, crypto is probably the most scrutinized and is scrutinized by
the smartest guys.  All of whom were apparently too dumb to notice
*anything* unusual in the code at all, if this story is to be believed.
And he was able to alter it in a way that made it completely resistant to
any future changes in the code.

Finally, the guy who sent Theo the email obviously lied, or else there's a
third Scott Lowe that hasn't yet been unearthed.

It's impossible to prove a negative.  So, if you want to hurt or get back
at Theo for some reason, the easiest way to do it is claim there's a
supersekrit backdoor in the code that no one has noticed for ten years.
Now Theo gets to go on a wild goose chase that has no resolution, because
you cannot prove there is no backdoor.  The best you can do is claim to
have thoroughly audited the code and not found one.

Conspiracy theorists thrive on claims that can never be disproven.  A
hundred years from now, people will still be whispering that there's a
backdoor in the crypto supplied by OpenBSD.  Just like they claim that
Oswald didn't act alone and the government blew up the twin towers.  Common
sense and the preponderance of the evidence tell you otherwise, but all
that is ignored in favor of the grand theory that big brother is watching.

Rational people don't fall for this stuff.

Should the code be audited?  Of course!  Auditing is always useful and
often productive.  Should we assume the worst?  Not without better evidence
than what we have before us now.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Notice of Confidentiality: This communication may contain confidential and/or 
proprietary information and may not be disclosed to anyone other than the 
intended addressee.  Any other disclosure is strictly prohibited by law.  If 
you are not the intended addressee, you have received this communication in 
error.  Please notify the sender immediately and destroy the communication, 
including all content and any attachments.  Thank you.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying

[musnt live]

Is we has packet we is do this:

1) Program is write to take copy of messages before encryption and is
write to tmp file
2) Program is write to split tmp file and insert into fragments on
wire at 2bytes
3) Program is write to send to random source and is someone watch, who
care. Is never tell 2 bytes is sifted for reassemble elsewhere. Is you
send packets to gOOgle, no one stop think about this.


Packets =- Google
|
|
2bytes sniffed { reassemble bytes later }

Is anyone see packets who can tell what is go through the wire? No
one. Is ICMP used for covert backdoor or is this message can be sent
when someone browse in HTTP header later, or, e.g.:

Network Stack Program -- is someone ping with special ICMP code --
come to papa --  you send response to knocker with 2bytes in
unreachable. Knocker reassemble full message. Sidechannel backdoor!

Network stack program possible to blame as is Theo change ICMP in 2007
and he also was spoofing time, do not is believe me, is see for
yourself: http://seclists.org/bugtraq/2005/Jul/93

From: Theo de Raadt deraadt () cvs openbsd org
Date: Wed, 06 Jul 2005 20:17:36 -0600

Is yet, he send in 2007. For why is he underhanded the world?

's/Demi/Theo/g http://www.moviequotes.com/fullquote.cgi?qnum=167829
'

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor

[Gichuki John Chuksjonia]

God, i cant even understand half the shit he is saying? English so upside down!





On 12/17/10, Christian Sciberras uuf6...@gmail.com wrote:
 HAHAHAHAHAH!!

 GOD so are funny you!11




 2010/12/16 musnt live musntl...@gmail.com

 OpenBSD is Backdoor facts

 1) Is we look to monkey.org posting, we is see Theo make is change to
 CVS for this portion of code is work on by Jason (name is mentioned by
 Perry)

 2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6,
 musn't live theorize 2.6

 * 2.6: December 1, 1999 -
 * Based on the original SSH suite and developed further by the OpenBSD
 team, 2.6 saw the first release of OpenSSH, which is now available
 standard on most Unix-like operating systems and is the most widely
 used SSH suite.

 http://en.wikipedia.org/wiki/Timeline_of_OpenBSD

 3) Is Theo not deny there is no backdoor, only say he is unaware
 (musn't live is unaware of exact time right now, is know time exist!)
   a) Theo and OpenBSD not audit anything (trusting trust)
   b) pre-emptive is wasn't me from Theo in event truth comes later
 Hey I is Theo I do right thing and strike err.. Disclose first! I not
 know!
   c) all of is the above

 4) While is everyone claim Perry прил, is no one else outside of Jason
 on OpenBSD is say: Perry is lying even former developers is stay
 quiet to protect the DARPA/FBI innocent

 5) Is possible at people by mentioned in named by Perry, go to Canada
 to hack code and plant is backdoor

 6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is
 controlled by those is accused, quick move and we is have: See is no
 backdoor in this backdoor!

 7) OpenBSD is the most secure backdoored on the planet

 8) Is need slogan change: Only two remote holes in the default
 install, in a heck of a long time! (Is besides backdoor!!!)

 9) We is all peons to Theo and we is cannot figure out truth as we is
 brains are so too small

 10) Claims surpass is Microsoft NSA theory

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/



-- 
-- 
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] An idea of leaking alternative to wikileaks

[Georgi Guninski]

On Thu, Dec 16, 2010 at 10:03:56PM +0100, Christian Sciberras wrote:
 Ahh, where was my head?!!
 
 
 Replace lunatic with sheep.
 
 :)
 
 

itz all the same, only the namez will change:

when we reach multi billions of sheepz YOU will be called an ``овца'' :)

 
 
 
 On Thu, Dec 16, 2010 at 6:56 PM, Georgi Guninski gunin...@guninski.comwrote:
 
  On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote:
  
   Just because someone got busted and found a number of lunatics in
  providing
   mirrors doesn't mean there's a whole industry. If anything, there must be
   some
 
  when we reach billions of lunatics YOU will be called a lunatic :)
 
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying

[Paul Schmehl]

--On December 16, 2010 4:25:27 PM -0500 musnt live musntl...@gmail.com 
wrote:

 Is we has packet we is do this:

 1) Program is write to take copy of messages before encryption and is
 write to tmp file

Is no one is noticed this program or its temp file because everyone dumb 
except us govt.  Is program have cloaking feature that hide from everyone 
except Klingons.

 2) Program is write to split tmp file and insert into fragments on
 wire at 2bytes

Is program is in memory but no one is noticed because everyone dumb except 
us govt.  Is ls can't find, is sockstat no good, is filestat dumb too. 
Everything hide from everyone.

 3) Program is write to send to random source and is someone watch, who
 care. Is never tell 2 bytes is sifted for reassemble elsewhere. Is you
 send packets to gOOgle, no one stop think about this.


Is you did, but you is obviously smarter than the average bear.


 Packets =- Google
 |
 |
 2bytes sniffed { reassemble bytes later }

 Is anyone see packets who can tell what is go through the wire? No
 one. Is ICMP used for covert backdoor or is this message can be sent
 when someone browse in HTTP header later, or, e.g.:


Is ICMP not blocked at edge of network, because everyone dumber than rocks 
and no one have IDS because is way to sofisticatable than the average bear.

 Network Stack Program -- is someone ping with special ICMP code --
 come to papa --  you send response to knocker with 2bytes in
 unreachable. Knocker reassemble full message. Sidechannel backdoor!


If Papa have sniffer on your network, you is have bigger problem than papa.

 Network stack program possible to blame as is Theo change ICMP in 2007
 and he also was spoofing time, do not is believe me, is see for
 yourself: http://seclists.org/bugtraq/2005/Jul/93


Now we get to the bottom line.  Theo is evvviiilll because, well Theo 
is Theo.

 From: Theo de Raadt deraadt () cvs openbsd org
 Date: Wed, 06 Jul 2005 20:17:36 -0600

 Is yet, he send in 2007. For why is he underhanded the world?


Is he want to dominate world, because he is .  Just like 
Bill Gates.

Is you need me send you to some meds?

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying

[musnt live]

Hello Full Disclosure!!!

I'd like to warn you about Paul Schmehl. Is obvious. Paul Schmehl is
like to smell Theo's crotch.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying

[John Bond]

On 16 December 2010 22:26, musnt live musntl...@gmail.com wrote:
 Hello Full Disclosure!!!

 I'd like to warn you about Paul Schmehl. Is obvious. Paul Schmehl is
 like to smell Theo's crotch.
Sorry Paul, your response was witty but i think musnt live has bested
you here.  you should probably admit defeat and call it a day.  there
is no chance you would be able to counter wit like this

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying

[Paul Schmehl]

--On December 16, 2010 11:23:10 PM + John Bond john.r.b...@gmail.com 
wrote:

 On 16 December 2010 22:26, musnt live musntl...@gmail.com wrote:
 Hello Full Disclosure!!!

 I'd like to warn you about Paul Schmehl. Is obvious. Paul Schmehl is
 like to smell Theo's crotch.
 Sorry Paul, your response was witty but i think musnt live has bested
 you here.  you should probably admit defeat and call it a day.  there
 is no chance you would be able to counter wit like this


I am unable to respond because I am laughing so hard.  Perhaps tomorrow

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson
There are some ideas so wrong that only a very
intelligent person could believe in them. George Orwell

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Perry explains OpenBSD backdoor more

[musnt live]

http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd

Hello Robert,

I did not really intend for Theo to cross post that message to the
rest of the Internet, but I stand by my original email message to him
in those regards.

The OCF was a target for side channel key leaking mechanisms, as well
as pf (the stateful inspection packet filter), in addition to the
gigabit Ethernet driver stack for the OpenBSD operating system; all of
those projects NETSEC donated engineers and equipment for, including
the first revision of the OCF hardware acceleration framework based on
the HiFN line of crypto accelerators.

The project involved was the GSA Technical Support Center, a circa
1999 joint research and development project between the FBI and the
NSA; the technologies we developed were Multi Level Security controls
for case collaboration between the NSA and the FBI due to the Posse
Commitatus Act, although in reality those controls were only there for
show as the intended facility did in fact host both FBI and NSA in the
same building.

We were tasked with proposing various methods used to reverse engineer
smart card technologies, including Piranha techniques for stripping
organic materials from smart cards and other embedded systems used for
key material storage, so that the gates could be analyzed with
Scanning Electron and Scanning Tunneling Microscopy.  We also
developed proposals for distributed brute force key cracking systems
used for DES/3DES cryptanalysis, in addition to other methods for side
channel leaking and covert backdoors in firmware-based systems.  Some
of these projects were spun off into other sub projects, JTAG analysis
components etc.  I left NETSEC in 2000 to start another venture, I had
some fairly significant concerns with many aspects of these projects,
and I was the lead architect for the site-to-site VPN project
developed for Executive Office for United States Attorneys, which was
a statically keyed VPN system used at 235+ US Attorney locations and
which later proved to have been backdoored by the FBI so that they
could recover (potentially) grand jury information from various US
Attorney sites across the United States and abroad.  The person I
reported to at EOSUA was Zal Azmi, who was later appointed to Chief
Information Officer of the FBI by George W. Bush, and who was chosen
to lead portions of the EOUSA VPN project based upon his previous
experience with the Marines (prior to that, Zal was a mujadeen for
Usama bin Laden in their fight against the Soviets, he speaks fluent
Farsi and worked on various incursions with the CIA as a linguist both
pre and post 911, prior to his tenure at the FBI as CIO and head of
the FBI’s Sentinel case management system with Lockheed).  After I
left NETSEC, I ended up becoming the recipient of a FISA-sanctioned
investigation, presumably so that I would not talk about those various
projects; my NDA recently expired so I am free to talk about whatever
I wish.

Here is one of the articles I was quoted in from the NY Times that
touches on the encryption export issue:

In reality, the Clinton administration was very quietly working behind
the scenes to embed backdoors in many areas of technology as a counter
to their supposed relaxation of the Department of Commerce encryption
export regulations – and this was all pre-911 stuff as well, where the
walls between the FBI and DoD were very well established, at least in
theory.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] OpenBSD joins Checkpoint, NSA, Verint and ATT

[musnt live]

As musntlive theorized a cooperative collaberation between NSA and FBI
musnt been used to backdoor and deliver predefined payloads: The
project involved was the GSA Technical Support Center, a circa
1999 joint research and development project between the FBI and the
NSA; the technologies we developed were Multi Level Security controls
for case collaboration between the NSA and the FBI due to the Posse
Commitatus Act

Is we see ATT + Narus + NSA and is we turn stupid eye: ATT is would
never tap the United States!
http://www.wired.com/science/discoveries/news/2006/04/70619

Is we see collusion from OpenBSD + FBI + NSA and we hear Theo: Is not me

Is Americans really stupid to believe is not happen?

We hear that US attorneys is was also backdoored. Is Americans too
high on Theo to believe is this not true: a statically keyed VPN
system used at 235+ US Attorney locations and which later proved to
have been backdoored by the FBI so that they could recover
(potentially) grand jury information from various US
Attorney sites across the United States and abroad.

Is Perry say: The person I reported to at EOSUA was Zal Azmi, who was
later appointed to Chief Information Officer of the FBI by George W.
Bush

Is Azmi say: As former FBI CIO Zal Azmi says, “There have been a
number of government cybersecurity plans put forward over the last
several years… When it comes to cybersecurity, the time for talk is
over and the time for action is way overdue…policies and procedures
have been talked to death.”68
(http://www.afcea.org/signal/articles/templates/SIGNAL_Article_Template.asp?articleid=2167zoneid=280)

Is we to remember, Checkpoint was backdoored, and is US (FBI, DOJ,
DEA, etc) have all phone taps before
(http://www.coffinman.co.uk/an_israeli_trojan_horse.htm)
http://archives.neohapsis.com/archives/firewalls/2000-q4/2514.html

So we is think:

US DOJ - pwneruski
US DEA - pwneruski
US FBI - pwneruski
Internet in US - Narus + ATT - pwneruski
US District Attorneys - pwneruski
OpenBSD - advocates and Theo nuthuggers (Schmehl, etc.) say NO PWNERUSKI

And this is because? OpenBSD is would never sell out? musntlive laugh at marvel

Donot is worry those in America. Is not like your President isn't
looking to backdoor everything
http://boingboing.net/2010/09/27/obama-administration.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[Larry Seltzer]

Instead of an overt back-door, is it possible that Theo's old friend (;))
is referring to exploitable vulnerabilities. These vulnerabilities may or
may not have been found in the interim and fixed, but not recognized as
backdoors.

As you said, it's impossible to prove a negative (prove to me that you
haven't read Moby Dick), but the scenario above sounds kind of reasonable
to me.

-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Paul
Schmehl
Sent: Thursday, December 16, 2010 3:50 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

There are several problems with this story that seem to have been
overlooked.

First, if someone was able to alter the crypto source code 10 years ago,
you have to assume that in the following 10 years not one person reviewing
or editing that code would have noticed a thing.  So, the person who did
the altering has to be smarter than every other crypto guy who worked on
the code.  Smart enough that nobody would even notice what he did and
smart enough that nothing would be noticed operationally.  Not one entity,
with all the security personnel those entities employed, would have ever
noticed or even inadvertently stumbled across any traffic going to an
unexpected place.

Second, no one editing the crypto code after the alteration would have
ever made a single change to the code that would affect the alteration in
an adverse way, either rendering it inoperable or causing it to generate
traffic that would be unexpected and noticed by watchful eyes.

Now we're talking a genius on the level of Einstein, at least.  Of all the
code in use, crypto is probably the most scrutinized and is scrutinized by
the smartest guys.  All of whom were apparently too dumb to notice
*anything* unusual in the code at all, if this story is to be believed.
And he was able to alter it in a way that made it completely resistant to
any future changes in the code.

Finally, the guy who sent Theo the email obviously lied, or else there's a
third Scott Lowe that hasn't yet been unearthed.

It's impossible to prove a negative.  So, if you want to hurt or get back
at Theo for some reason, the easiest way to do it is claim there's a
supersekrit backdoor in the code that no one has noticed for ten years.
Now Theo gets to go on a wild goose chase that has no resolution, because
you cannot prove there is no backdoor.  The best you can do is claim to
have thoroughly audited the code and not found one.

Conspiracy theorists thrive on claims that can never be disproven.  A
hundred years from now, people will still be whispering that there's a
backdoor in the crypto supplied by OpenBSD.  Just like they claim that
Oswald didn't act alone and the government blew up the twin towers.
Common sense and the preponderance of the evidence tell you otherwise, but
all that is ignored in favor of the grand theory that big brother is
watching.

Rational people don't fall for this stuff.

Should the code be audited?  Of course!  Auditing is always useful and
often productive.  Should we assume the worst?  Not without better
evidence than what we have before us now.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions are my own and not those of
my employer.
***
It is as useless to argue with those who have renounced the use of reason
as to administer medication to the dead. Thomas Jefferson There are some
ideas so wrong that only a very intelligent person could believe in them.
George Orwell

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[J. Oquendo]

I can only speculate the following with regards to Perry coming out
of the blue with this news and it obviously means nothing as I'm not
a profiler, psychologist, etc. and even if I were, who cares at the
end of the day.

There is probably some form of credibility to perhaps the government
wanting to backdoor OpenBSD or any other operating system but that
obviously does not mean this occurred.

What I think about his disclosure is, Perry sought to make something
known to Theo which took Theo by surpise and Theo being who he is
disclosed it to the public. The following strike me as odd though:

I have never seen Theo come out of the blue publicly for something
non-BSD related. I never struck him as the type to put his business
out there especially in a case like this.

My thoughts are: If he DID know something, why would he PUBLICLY out
himself like that. It would have made more sense for him to keep
that conversation private and lie enough to dissuade this Perry go
to hush/think about things differently, etc.

I'm think if it were me, I would have done the same had I no
knowledge. Had I knowledge, my first thought would be: By publicly
disclosing anything, the people I report(ed) to will be pissed and
it'll kick up a firestorm (this is for those who speculate Theo
had something to do with this).

So I think, what does this Perry guy have against the others. Are
there any documented exchanges or disagreements between Perry,
Wright or Lowe? For someone to come out of the blue, name names 10
years later makes little sense. It must have been a hell of a bone
to grind to wait 10 years once an NDA has expired to out someone.
For that, an anonymous email to a mailing list would have sufficed
as opposed to waiting 10 years.

I then think, wait a minute, something like this (backdooring
anything) must go beyond a 10 year NDA. Even if it didn't, the
potential blowback Perry could face would be so enormous, it would
not only be insane to come out of the woodworks, but likely career
suicide as well. The 'bone to pick' doesn't sound realistic. After
all, he could have submitted an anonymous email years ago to
air his dirt.

What I believe happened is an iteration of rumors. Perhaps there
came a time when an agency in government wanted to place backdoors,
maybe even approached BSD developers [1]. Did it fly? Only three
people would completely know at the end of the day: Perry, Scott
Lowe (whomever he is) Jason Wright.

Would you like to help the government... We need you to ... which
after time became the government placed a backdoor. Ten years is
an awful long time to sit around with whiffs of news like this. I
doubt a secret like that could have been kept secret for 10 long
years. At the same time though, I doubt there is reason for Perry
to outright make this up. I think maybe he heard a rumor and
rolled with it.

I've re-read Perry's email to Theo and another response. His
initial e-mail didn't impose a sense of payback is a bitch
but more of a I think you should know so for those claiming he
wanted to get back at Theo you may be oblivious to the fact that
he sent the email to Theo in private, not to a mailing list. That
debunks any notion to me that he was trying to hurt Theo. He
would have had to have known 100% that Theo would disclose the
email. So the point of him coming out of the closet to hurt Theo
is weak and moot if you ask me.

As for the credibility of a former agent saying we tried it
didn't work sounds fishy as well. I don't know about anyone else
but I can't imagine him admitting to anything sure we backdoored
it That wouldn't make any sense and would likely make him a few
enemies both on and off that agency.

At the end of the day though, I could honestly care less if
they backdoored my VPN. They'd be might bored wondering why
terminals are always tail -f'ing, and how the hell I manage to
type so much without shutting up ;)


[1] https://twitter.com/ejhilbert/status/14891845825863680


-- 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT

It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently. - Warren Buffett

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x5CCD6B5E

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Allegations regarding OpenBSD IPSEC

[paul . szabo]

Talking about hidden backdoors and how long until people notice in the
source. Maybe the backdoor is not in the source anymore, but has been
cleverly removed: please read

  Ken Thompson's 1984 Trusting Trust lecture
  http://cm.bell-labs.com/who/ken/trust.html

(I am not suggesting that any such thing has ever been done.)

Cheers, Paul

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of SydneyAustralia

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC

[Jeffrey Walton]

On Thu, Dec 16, 2010 at 8:47 PM,  paul.sz...@sydney.edu.au wrote:
 Talking about hidden backdoors and how long until people notice in the
 source. Maybe the backdoor is not in the source anymore, but has been
 cleverly removed: please read

  Ken Thompson's 1984 Trusting Trust lecture
  http://cm.bell-labs.com/who/ken/trust.html
Good find. I tried looking it up, but I lacked the magic keywords and
got gamed by the google ad-word folks.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying

[Samuel Martín Moro]

fuck that
is stop with your is theories. is bring facts. is.
and learn actual english ffs.
is!


On Thu, Dec 16, 2010 at 11:26 PM, musnt live musntl...@gmail.com wrote:

 like to warn you about Paul Sch




-- 
faust.

Nobody wants to say how this works.
  Maybe nobody knows ...
  Xorg.conf(5)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Backdoor in OpenBSD Explained proof of Theo's lieying

[Larry Seltzer]

is a fucking laugh riot

this thread!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Just FYI, APPLE-SA-2010-12-16-1 Released for Airport Firmware

[Sabahattin Gucukoglu]

Honourable mention for a strong and swift [PS] response to security 
announcements.  Apple has released fixes for various problems with Airport 
firmware, whose vulnerabilities date back to 2008.  You can read the full 
announcement at:
http://support.apple.com/kb/HT4298

My unsanitised FTP PORT command problem (thanks for credit Apple, but which I 
have long since dealt with by not running an FTP server behind a Time Capsule) 
was nine months old.  I couldn't find the reference for the latest CVE, but it 
seems to be for a month ago.

A happy day. :-)

Cheers,
Sabahattin

PS: If anybody at Apple, or anybody with a humour impairment, should read this, 
it's a joke, dammit.  Of course I'm happy they've honoured the problems.  I'm 
almost sure they feel the same way I do about the whole thing, though.  I mean, 
the CVE comes out, they put an autoresponder in front of the security contact 
(which takes the form of a person using copy and paste) and nothing happens - 
either they just genuinely don't care for the severity of the problems (can you 
imagine Cisco doing that?!!), or they're too busy releasing shiny new iGadgets 
to put most of these little problems aside as minor inconveniences.  But until 
they remedy that, they won't get these things into business.  Which, FTR, I 
think would be a big shame.  No, seriously - there's something badly, badly 
wrong when you have to time your security announcements so that their 
availability heralds a new product release. :-(

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] An idea of leaking alternative to wikileaks

[gold flake]

 I did understand the differences. The main issue is that dangerous
 material may be published anonymously without verification or indeed, any
 peer review.

 Keep in mind that you can easily set off people by telling them a UFO
 crashed in the centre of New York, and there are actually those that would
 believe it.

 Just consider the kind of laymen running blogs and how they react over
 anything that stirs the slightest news.


I am with you on this one.  Take a look at the shitstorm in Pakistan
over faked wikileaks cables (0), (1)  (2).

(0)  
http://www.google.com/hostednews/afp/article/ALeqM5jP2p0uuRX56yc0w9vXP8PRH5t5YA?docId=CNG.ff5b1dec5d31e4c8a507f2ccde331d41.881

(1)  http://www.dawn.com/2010/12/17/massaging-public-opinion.html

(2)  http://www.thehindu.com/news/international/article948427.ece

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] 10 OpenBSD facts and is timeline of Backdoor

[Christian Sciberras]

Extreme Yodaism is my guess...





2010/12/16 Gichuki John Chuksjonia chuksjo...@gmail.com

 God, i cant even understand half the shit he is saying? English so upside
 down!





 On 12/17/10, Christian Sciberras uuf6...@gmail.com wrote:
  HAHAHAHAHAH!!
 
  GOD so are funny you!11
 
 
 
 
  2010/12/16 musnt live musntl...@gmail.com
 
  OpenBSD is Backdoor facts
 
  1) Is we look to monkey.org posting, we is see Theo make is change to
  CVS for this portion of code is work on by Jason (name is mentioned by
  Perry)
 
  2) Is we look at timeframe for Backdoor, is code be in 2.5 or 2.6,
  musn't live theorize 2.6
 
  * 2.6: December 1, 1999 -
  * Based on the original SSH suite and developed further by the OpenBSD
  team, 2.6 saw the first release of OpenSSH, which is now available
  standard on most Unix-like operating systems and is the most widely
  used SSH suite.
 
  http://en.wikipedia.org/wiki/Timeline_of_OpenBSD
 
  3) Is Theo not deny there is no backdoor, only say he is unaware
  (musn't live is unaware of exact time right now, is know time exist!)
a) Theo and OpenBSD not audit anything (trusting trust)
b) pre-emptive is wasn't me from Theo in event truth comes later
  Hey I is Theo I do right thing and strike err.. Disclose first! I not
  know!
c) all of is the above
 
  4) While is everyone claim Perry прил, is no one else outside of Jason
  on OpenBSD is say: Perry is lying even former developers is stay
  quiet to protect the DARPA/FBI innocent
 
  5) Is possible at people by mentioned in named by Perry, go to Canada
  to hack code and plant is backdoor
 
  6) Old code (2.6) is sayanoruski. Is good luck find mirror. CVS is
  controlled by those is accused, quick move and we is have: See is no
  backdoor in this backdoor!
 
  7) OpenBSD is the most secure backdoored on the planet
 
  8) Is need slogan change: Only two remote holes in the default
  install, in a heck of a long time! (Is besides backdoor!!!)
 
  9) We is all peons to Theo and we is cannot figure out truth as we is
  brains are so too small
 
  10) Claims surpass is Microsoft NSA theory
 
  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/
 


 --
 --
 Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
 I.T Security Analyst and Penetration Tester
 infosig...@inbox.com

 {FORUM}http://lists.my.co.ke/pipermail/security/
 http://nspkenya.blogspot.com/
 http://chuksjonia.blogspot.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/