[cryptography] OpenBSD (fwd)
//Alif -- "Never belong to any party, always oppose privileged classes and public plunderers, never lack sympathy with the poor, always remain devoted to the public welfare, never be satisfied with merely printing news, always be drastically independent, never be afraid to attack wrong, whether by predatory plutocracy or predatory poverty." Joseph Pulitzer, 1907 Speech ---------- Forwarded message ---------- Date: Wed, 22 Dec 2010 13:39:03 -0500 From: Randall Webmail <rvh40@insightbb.com> Reply-To: Crypto discussion list <cryptography@randombit.net> To: Crypto discussion list <cryptography@randombit.net> Cc: dave@farber.net, dewayne@warpspeed.com Subject: [cryptography] OpenBSD OpenBSD Founder Believes FBI Built IPsec Backdoor But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system. By Mathew J. Schwartz , InformationWeek The bugs are of interest given the recent allegation made by Gregory Perry, former CTO of now-defunct Federal Bureau of Investigation contractor Network Security Technology (NetSec), that the FBI created a backdoor in the OpenBSD code base, specifically in how it implements IPsec. He also alleged that multiple developers involved in contributing code to OpenBSD were on the payroll of NetSec, and that the FBI had hired it to create the backdoors. [SNIP] Technical explanation aside, is this vulnerability exploitable? "This is a neat attack, but also a total pain in the a-- to use, and certainly not an FBI backdoor in OpenBSD IPsec," said Ptacek. [SNIP] http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=228900037&cid=RSSfeed_IWK_News http://snipurl.com/1p4dlf
There's more to this story by Gregory Perry and several others, one of which asserts Theo de Raadt is hiding donations from the tax authorities and provides bank account numbers. Another explains in detail how the backdoors were inserted. There is a good bit of obfuscation going on to exculpate those who cooperated with the FBI then and now. Not news to these group. http://cryptome.org/0003/fbi-backdoors.htm A crypto skeptic would have predicted this outcome of the "crypto wars." Crypto deception is now commonplace. Strong crypto, unbreakable crypto, open source crypto, are now marketing brands not to be trusted. If this is said in public the guilty starting screaming about "spreading FUD," as if crypto-FUD is not a premiere product. User-implementation is the problem, weak passwords, lack of protection of the boxes, poor sec of the networks, it is said by the snake oilers, not the algorithm, not the program. Hire more sec experts, pay them well, hire more watchers of the sec experts, swear them to secrecy, hire more counterspys to watch the watchers, foster paranoia by orchestrated breaches. Plot with G8 to induce G20 to do the same. Name the rogues behind the threats, repeat the names often. Run cracks to blame the rogues. Attack the rogues to induce counterattacks with hired security experts ready to peddle sec FUD worldwide. Bribe insiders, expose insiders, jail a few. Even NSA us spouting that there can be no security on networks, the answer if more 24x7 staff, bigger budgets, more informants, more undercover insiders, more A and B teams, more vigilance, more by god of everything NSA can conceive of. Hurrah, yell their security contractors and scholarly researchers and investors and garage-innovators. Backdoors are obligatory to keep this churning. Imaginary as good if not better than the real thing. Generate suspicion among cryptoids. Leak names and foul deeds. Earn a buck. Not news here. Ho hum, pretend to be bored with it all. Go find another way to get in on it the sec racket, pray for another 9/11, a thermonuclear Wikileaks insurance release. There was a time when the answer was read the fucking archives. Then the archives got contaminated, cherry-picked, lost, rejiggered, forged, garbled by Google and Archive.org iterated in multiple unmatching forms, redacted, compiled as original research and sent to press, exposed as if hidden, refuted, disowned. Listen, this is the truth. Did anybody see Jaron's attack on Cypherpunks crypto-rebels and EFF in The Atlantic as the fountainhead of anti-government irresponsibility like Wikileaks? Jaron said he was at the dinner where cpunks was conceived and he is so happy he did not take part.
participants (2)
-
J.A. Terranson
-
John Young