[Tfug] OpenBSD possibly vulnerable in IPSEC?

Richard B Clark rbclark47 at cox.net
Thu Dec 16 12:32:31 MST 2010 

Hello there!
Yes, I remember reading the original article, way back before my moustache
turned white!
I also remember visiting Stanford for a DEC conference about 1977-78, when
the Stanford CompSci guys were re-writing the TOPS-10 O/S for themselves.
According to the CompSci guys I talked to, Stanford killed the DEC
maintenance contract because the Stanford O/S tweaks started showing up on
later rev's of the official TOPS-10, and funky report daemons started
running on their machines.
Wonder what happened to the DEC wonderboys?
-rbclark

-----Original Message-----
From: tfug-bounces at tfug.org [mailto:tfug-bounces at tfug.org] On Behalf Of
Angus Scott-Fleming
Sent: Thursday, December 16, 2010 1:00 AM
To: Tucson Free Unix Group
Subject: Re: [Tfug] OpenBSD possibly vulnerable in IPSEC?

On 15 Dec 2010 at 2:42, Jude Nelson  wrote:

> Hey everyone,
> 
> Recently came across this on the OpenBSD mailing list. I wonder how 
> accurate it is: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

I'm going to watch this with interest.

Anyone else here old enough to remember this classic from 1990 (which was 20

years after I got my first computer login)?  This was back when all Unix was

open source and yet there was apparently a backdoor in the 'login' command 
almost from Day 1 ...

    ACM Classic: Reflections on Trusting Trust 
    http://cm.bell-labs.com/who/ken/trust.html  

    ... The moral is obvious. You can't trust code that you did not 
    totally create yourself. (Especially code from companies that employ 
    people like me.) No amount of source-level verification or scrutiny 
    will protect you from using untrusted code. In demonstrating the 
    possibility of this kind of attack, I picked on the C compiler. I 
    could have picked on any program-handling program such as an 
    assembler, a loader, or even hardware microcode. As the level of 
    program gets lower, these bugs will be harder and harder to detect. A 
    well installed microcode bug will be almost impossible to detect.  

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org

More information about the tfug mailing list