From eugen@leitl.org Wed Oct 9 12:43:22 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others? Date: Wed, 09 Oct 2013 18:43:18 +0200 Message-ID: <20131009164318.GN10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9221770956212506684==" --===============9221770956212506684== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from Jim Thompson ----- Date: Wed, 9 Oct 2013 18:38:50 +0200 From: Jim Thompson To: pfSense support and discussion Subject: Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or ot= hers? Message-Id: X-Mailer: Apple Mail (2.1812) Reply-To: pfSense support and discussion Exactly, although this rule doesn=E2=80=99t just apply to =E2=80=9Csmall comp= anies=E2=80=9D. Big companies have shown to just roll over and give up the = customer=E2=80=99s data. So asking the question is stupid(*), because a lie is indistinguishable from = the truth. No, the NSA hasn=E2=80=99t approached us about pfSense, or adding a =E2=80=9C= back door=E2=80=9D, or anything similar. Nor has anyone else. The next step is yours. I am told that the NSA did review a version of pfSense that was made for a cu= stomer which would filter SCADA protocols. I can=E2=80=99t verify that or no= t. Note also that someone DID once accuse OpenBSD of having a problem with it=E2= =80=99s IPSEC processing, which Theo *vehemently* denied. =20 http://www.informationweek.com/security/vulnerabilities/openbsd-founder-belie= ves-fbi-built-ipsec/228900037 http://marc.info/?l=3Dopenbsd-tech&m=3D129236621626462&w=3D2 Sam Leffler, about four years earlier, found a bug in the AH processing, whic= h he fixed (in FreeBSD) and handed back to the OpenBSD. They patched same, b= ut never gave any acknowledgement to Sam. So, maybe you should run OpenBSD. Jim * as it turns our, yes, Samantha, there is a Santa Clause^W^W^W^Ware stupid q= uestions. On Oct 9, 2013, at 6:22 PM, Walter Parker wrote: > The big problem with asking the question "Has the NSA required you to add a= back door?" is that no small company that wants to say in business can or wi= ll say yes (If they do, no one will trust/use the product unless forced thems= elves). The company will agree/be forced to say no. How does one tell that no= from an authentic no?=20 >=20 > Therefore, once trust is question, the only way to be sure is to do the sel= f review suggested earlier... >=20 > However, from my perspective, the code in pfSense is more like to be secure= than any commercial, closed source solution. See prior threads about FreeBSD= security. >=20 >=20 > Walter >=20 >=20 > On Wed, Oct 9, 2013 at 9:10 AM, Thinker Rix wr= ote: > On 2013-10-09 19:03, Jim Thompson wrote: > (TIC mode: on) > Sorry, but I guess the whole matter - not only concerning pfSense, but the = current threat to our civilization by our criminal governments as a whole - i= s much too serious for any "TIC-modes".. >=20 > _______________________________________________ > List mailing list > List(a)lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list >=20 >=20 >=20 > --=20 > The greatest dangers to liberty lurk in insidious encroachment by men of ze= al, well-meaning but without understanding. -- Justice Louis D. Brandeis > _______________________________________________ > List mailing list > List(a)lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list List(a)lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============9221770956212506684==--