Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?
----- Forwarded message from Jim Thompson <jim@netgate.com> ----- Date: Wed, 9 Oct 2013 18:38:50 +0200 From: Jim Thompson <jim@netgate.com> To: pfSense support and discussion <list@lists.pfsense.org> Subject: Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others? Message-Id: <CA528C57-0280-4175-B2D0-C5A92C79976D@netgate.com> X-Mailer: Apple Mail (2.1812) Reply-To: pfSense support and discussion <list@lists.pfsense.org> Exactly, although this rule doesn’t just apply to “small companies”. Big companies have shown to just roll over and give up the customer’s data. So asking the question is stupid(*), because a lie is indistinguishable from the truth. No, the NSA hasn’t approached us about pfSense, or adding a “back door”, or anything similar. Nor has anyone else. The next step is yours. I am told that the NSA did review a version of pfSense that was made for a customer which would filter SCADA protocols. I can’t verify that or not. Note also that someone DID once accuse OpenBSD of having a problem with it’s IPSEC processing, which Theo *vehemently* denied. http://www.informationweek.com/security/vulnerabilities/openbsd-founder-beli... http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 Sam Leffler, about four years earlier, found a bug in the AH processing, which he fixed (in FreeBSD) and handed back to the OpenBSD. They patched same, but never gave any acknowledgement to Sam. So, maybe you should run OpenBSD. Jim * as it turns our, yes, Samantha, there is a Santa Clause^W^W^W^Ware stupid questions. On Oct 9, 2013, at 6:22 PM, Walter Parker <walterp@gmail.com> wrote:
The big problem with asking the question "Has the NSA required you to add a back door?" is that no small company that wants to say in business can or will say yes (If they do, no one will trust/use the product unless forced themselves). The company will agree/be forced to say no. How does one tell that no from an authentic no?
Therefore, once trust is question, the only way to be sure is to do the self review suggested earlier...
However, from my perspective, the code in pfSense is more like to be secure than any commercial, closed source solution. See prior threads about FreeBSD security.
Walter
On Wed, Oct 9, 2013 at 9:10 AM, Thinker Rix <thinkerix@rocketmail.com> wrote: On 2013-10-09 19:03, Jim Thompson wrote: (TIC mode: on) Sorry, but I guess the whole matter - not only concerning pfSense, but the current threat to our civilization by our criminal governments as a whole - is much too serious for any "TIC-modes"..
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
-- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
participants (1)
-
Eugen Leitl