[pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

Wed Oct 9 09:43:18 PDT 2013

----- Forwarded message from Jim Thompson <jim at netgate.com> -----

Date: Wed, 9 Oct 2013 18:38:50 +0200
From: Jim Thompson <jim at netgate.com>
To: pfSense support and discussion <list at lists.pfsense.org>
Subject: Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?
Message-Id: <CA528C57-0280-4175-B2D0-C5A92C79976D at netgate.com>
X-Mailer: Apple Mail (2.1812)
Reply-To: pfSense support and discussion <list at lists.pfsense.org>

Exactly, although this rule doesn’t just apply to “small companies”.   Big companies have shown to just roll over and give up the customer’s data.

So asking the question is stupid(*), because a lie is indistinguishable from the truth.

No, the NSA hasn’t approached us about pfSense, or adding a “back door”, or anything similar.  Nor has anyone else.

The next step is yours.

I am told that the NSA did review a version of pfSense that was made for a customer which would filter SCADA protocols.  I can’t verify that or not.

Note also that someone DID once accuse OpenBSD of having a problem with it’s IPSEC processing, which Theo *vehemently* denied.  
http://www.informationweek.com/security/vulnerabilities/openbsd-founder-believes-fbi-built-ipsec/228900037
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

Sam Leffler, about four years earlier, found a bug in the AH processing, which he fixed (in FreeBSD) and handed back to the OpenBSD.  They patched same, but never gave any acknowledgement to Sam.

So, maybe you should run OpenBSD.

Jim
* as it turns our, yes, Samantha, there is a Santa Clause^W^W^W^Ware stupid questions.

On Oct 9, 2013, at 6:22 PM, Walter Parker <walterp at gmail.com> wrote:

> The big problem with asking the question "Has the NSA required you to add a back door?" is that no small company that wants to say in business can or will say yes (If they do, no one will trust/use the product unless forced themselves). The company will agree/be forced to say no. How does one tell that no from an authentic no? 
> 
> Therefore, once trust is question, the only way to be sure is to do the self review suggested earlier...
> 
> However, from my perspective, the code in pfSense is more like to be secure than any commercial, closed source solution. See prior threads about FreeBSD security.
> 
> 
> Walter
> 
> 
> On Wed, Oct 9, 2013 at 9:10 AM, Thinker Rix <thinkerix at rocketmail.com> wrote:
> On 2013-10-09 19:03, Jim Thompson wrote:
> (TIC mode: on)
> Sorry, but I guess the whole matter - not only concerning pfSense, but the current threat to our civilization by our criminal governments as a whole - is much too serious for any "TIC-modes"..
> 
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
> 
> 
> 
> -- 
> The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list

_______________________________________________
List mailing list
List at lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5